italia/eudi-wallet-it-docs

[Relying Party Solution] [Remote Flow] Unclear definition of authorize request

Closed this issue · 1 comments

Zicchio commented

In the non-normative example of RP auhorization request, to the best of my knowledge there are up to 3 issues.

eudi-wallet-it-docs/docs/en/remote-flow.rst

Line 163 in 6d06ccf

https://wallet-solution.digital-strategy.europa.eu/authorization?client_id=...&request_uri=...&client_id_scheme=entity_id&request_uri_method=post

(1) the scheme invocation is https://, but accordin to HAIP haip:// should be preferred when the Wallet Instance is a mobile app.
(2) It is not clear what the host of the request should be. In the example, it is wallet-solution.digital-strategy.europa.eu. I'll refrain from making a sugegstion as this is beyond my area of expertise.
(3) the authorization endpoint of the example request is /authorization but the default authorization endpoint in OAuth is /authorize. Unless there is a particular reason to change the authorization endpoint, I would stick the example with the default.

peppelinux commented

  1. unfortuantely HAIP will not be ready for the end of the year and for the eudi-wallet-it-docs we will go for openid4vp://. this will be further consolidated with the team and this message represent the first official evidence about this change proposal

  2. it was an univeral link previously registered within the user env

  3. endpoints are configured using metadata, it is relative to the deploy