response_code in the Presentation Flow

Question

response_code in the Presentation Flow

Closed this issue 2 months ago · 1 comments

In the last step of the Presentation flow the RP provides the Wallet Instance with a redirect_uri parameter within the HTTP response. The non-normative example is the following one.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "redirect_uri": "https://relying-party.example.org/cb#response_code=091535f699ea575c7937fa5f0f454aee"
}

The response_code MUST be given as a query parameter as follows.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "redirect_uri": "https://relying-party.example.org/cb?response_code=091535f699ea575c7937fa5f0f454aee"
}

Answer 1 · 2024-07-09T10:14:00.000Z

how this impacts on the possibility to provide the response_uris in a verifiable and signed metadata without removing the power to the RPs to randomize it?