Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What is effective client_id in unsigned browser requests? #213

Open
jogu opened this issue Jul 11, 2024 · 2 comments
Open

What is effective client_id in unsigned browser requests? #213

jogu opened this issue Jul 11, 2024 · 2 comments
Labels
browser-api

Comments

@jogu
Copy link
Collaborator

jogu commented Jul 11, 2024
edited
Loading

The browser API appendix says:

The client_id and client_id_scheme MUST be omitted in unsigned requests defined in (#unsigned_request). The Wallet determines the Client Identifier from the origin as asserted by the Web Platform and/or app platform.

I'm not clear if "determines" here means "client_id is the origin". If it's not we need to say what we do mean as the the verifier needs to know what value it needs to check for in aud in the response.
@jogu
Copy link
Collaborator Author

jogu commented Jul 11, 2024

In the unsigned request section it says:

In this case, the Wallet will use the Verifier's origin as asserted by the Browser as the Verifer's Client Identifier

So I think we just need to update the language in the "determines" clause to make it more direct.

@bc-pi bc-pi mentioned this issue Sep 24, 2024
Open
@bc-pi
Copy link
Member

bc-pi commented Sep 25, 2024

#263 (comment) if accepted and then the PR merged, I think, might address this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
browser-api
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jogu @bc-pi