Add text and diagram for siopv2 conditional cred req flow #175
Conversation
decentralgabe
requested review from
awoie,
tlodderstedt,
selfissued,
tplooker and
Sakurann
|
Co-authored-by: Kristina <[email protected]>
| 4. Upon successful authentication, the Wallet sends the Authentication Response back to the Verifier, including the `id_token`. | ||
| 5. The Verifier validates the `id_token` and extracts the necessary information to identify the user. | ||
| 6. Based on the user's identity and the Verifier's context, the Verifier determines whether additional credentials are required. | ||
| - If no additional credentials are needed, the Verifier proceeds with issuing the authentication token to the user. |
There was a problem hiding this comment.
what does issuing the authentication token to the user mean..?
There was a problem hiding this comment.
how would you rephrase this? perhaps If no additional credentials are needed, the Verifier proceeds
or what is the expected action after successful presentation?
| 5. The Verifier validates the `id_token` and extracts the necessary information to identify the user. | ||
| 6. Based on the user's identity and the Verifier's context, the Verifier determines whether additional credentials are required. | ||
| - If no additional credentials are needed, the Verifier proceeds with issuing the authentication token to the user. | ||
| - If additional credentials are required, the Verifier initiates the OpenID for Verifiable Presentations flow by sending a new Authorization Request with the `presentation_definition` or `presentation_definition_uri` parameter. |
There was a problem hiding this comment.
but sure if it is worth mentioning, but I guess the challenge is how to get this request into the same wallet
There was a problem hiding this comment.
yeah ... should add more detail here?
a second QR code - or something else?
There was a problem hiding this comment.
we might want to tackle it in this issue: #223
Co-authored-by: Kristina <[email protected]>
| @@ -823,6 +823,7 @@ This specification defines how the Verifier can determine Credential formats, pr | |||
| This specification defines new metadata parameters according to [@!RFC8414]. | |||
|
|
|||
| * `presentation_definition_uri_supported`: OPTIONAL. Boolean value specifying whether the Wallet supports the transfer of `presentation_definition` by reference, with true indicating support. If omitted, the default value is true. | |||
| * `conditional_credential_request_supported`: OPTIONAL. Boolean value specifying whether the Wallet supports the conditional credential request flow when combined with SIOPv2. If omitted, the default value is `false`. | |||
There was a problem hiding this comment.
why is this parameter needed? is it pretty much wallet indicating support for SIOPv2? if so, maybe make that clearer? tho not sure siopv2_supported makes sense..
There was a problem hiding this comment.
it indicates that the wallet may need extra capabilities to handle this optionality
I am open to removing it if you feel it is in unnecessary
Fix #86