OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard
verified publisher icon openid

Improve definition of VP Token

Open danielfett opened this issue 1 year ago • 3 comments

The current definition of the VP Token has two problems:

(1) The current definition of the vp_token parameter is hard to read and the use of JSON is somewhat confusing:

REQUIRED. JSON String or JSON object that MUST contain a single Verifiable Presentation or an array of JSON Strings and JSON objects each of them containing a Verifiable Presentations. Each Verifiable Presentation MUST be represented as a JSON string (that is a Base64url encoded value) or a JSON object depending on a format as defined in Appendix A of [OpenID.VCI].

(2) There is no proper definition of a VP Token, just the definition of the parameter.

These problems are related, as the definition of the parameter attempts to define both the encoding and the concept at the same time.

I suggest to dedicate a separate subsection to the VP Token as one of the primary artifacts of this specification, like the definition of the ID Token in OpenID Connect Core: Define the concept, describe its use, list its contents, define the encoding (which at that point would just say "take that datastructure and JSON-encode it") and then show examples.

danielfett avatar Apr 06 '24 09:04 danielfett

I think a section dedicated to VP Token, but just wanted to note that there is a definition of VP Token: An artifact defined in this specification that contains a single Verifiable Presentation or an array of Verifiable Presentations as defined in Section 6.1. here: https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-2-3.30 I think we added it in response to your previous issue.

(1) The current definition of the vp_token parameter is hard to read and the use of JSON is somewhat confusing:

re JSON, a separate issue to clean up the usage of JSON in oid4vp like we did in oid4vci is probably needed.

Sakurann avatar Apr 09 '24 11:04 Sakurann

I think a section dedicated to VP Token, but just wanted to note that there is a definition of VP Token: An artifact defined in this specification that contains a single Verifiable Presentation or an array of Verifiable Presentations as defined in Section 6.1. here: https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-2-3.30 I think we added it in response to your previous issue.

This promises a definition but it's not delivered ;-)

danielfett avatar Apr 22 '24 15:04 danielfett

If possible I would like some examples to be included in cases where the vp_token is a base64url encoded string. Not sure if this still makes sense given the move to new query language and structures, but if it does I would appreciate some clarification and examples as the section is a bit confusing.

Specifically I am looking at the statement

REQUIRED. JSON String or...

and from my experience when the vp_token is a base64url encoded string it is always sent as a regular string value and not a JSON string

vp_token=abc vs vp_token="abc"

Additionally, a JWT is technically not a base64url encoded value due to the . characters, so this section could also say that the encoding is specified by the credential profiles (I think this is where the spec is heading with vp_tokens and presentation_submissions if I am not mistaken)

nemqe avatar May 23 '24 09:05 nemqe