nuts-node icon indicating copy to clipboard operation
nuts-node copied to clipboard
verified publisher icon nuts-foundation

Check oauth metadata if actions are supported

Open gerardsn opened this issue 1 year ago • 2 comments

The oauth client and server metadata indicate what combination of parameters/operations are supported by the client/server. We often don't confirm that the other party actually supports what we are presenting.

Below is a list of parameters for AuthorizationServerMetadata that are never read for options that we do use.

  • Issuer (should match the party we assume we fetched the metadata from)
  • ResponseModesSupported
  • ResponseTypesSupported
  • GrantTypesSupported
  • PresentationDefinitionUriSupported (not even set)
  • VPFormatsSupported
  • RequestObjectSigningAlgValuesSupported

Parameters that are read might not be used everywhere they should.

The same probably goes for the OAuthClientMetadata.

gerardsn avatar May 03 '24 15:05 gerardsn

Friday afternoon title...

gerardsn avatar May 03 '24 15:05 gerardsn

This is used for OpenID4VP flows. They are marked experimental. Will remove final label.

woutslakhorst avatar Sep 23 '24 07:09 woutslakhorst