From 16bc3a32cb728f362aaff8e3e3e9d278619aa974 Mon Sep 17 00:00:00 2001 From: Torsten Lodderstedt Date: Fri, 10 Jan 2025 16:51:07 +0100 Subject: [PATCH] removed pre-authz code --- openid4vc-high-assurance-interoperability-profile-1_0.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openid4vc-high-assurance-interoperability-profile-1_0.md b/openid4vc-high-assurance-interoperability-profile-1_0.md index 64b8ad1..c394de9 100644 --- a/openid4vc-high-assurance-interoperability-profile-1_0.md +++ b/openid4vc-high-assurance-interoperability-profile-1_0.md @@ -109,7 +109,7 @@ Implementations of this specification do not have to implement all of the flows Both the Wallet and the Credential Issuer: -* MUST support both pre-authorized code flow and authorization code flow. +* MUST support the authorization code flow. * MUST support protocol extensions for the SD-JWT VC credential format profile as defined in (#vc_sd_jwt_profile). * MUST support sender-constrained tokens using the mechanism defined in [@!RFC9449]. * MUST support [@!RFC7636] with `S256` as the code challenge method. @@ -118,11 +118,11 @@ Both Wallet initiated and Issuer initiated issuance is supported. ## Credential Offer -* The Grant Types `authorization_code` and `urn:ietf:params:oauth:grant-type:pre-authorized_code` MUST be supported as defined in Section 4.1.1 in [@!OIDF.OID4VCI] -* For Grant Type `authorization_code`, the Issuer MUST include a scope value in order to allow the Wallet to identify the desired credential type. The wallet MUST use that value in the `scope` Authorization parameter. For Grant Type `urn:ietf:params:oauth:grant-type:pre-authorized_code`, the pre-authorized code is used by the issuer to identify the credential type(s). +* The Grant Type `authorization_code` MUST be supported as defined in Section 4.1.1 in [@!OIDF.OID4VCI] +* For Grant Type `authorization_code`, the Issuer MUST include a scope value in order to allow the Wallet to identify the desired credential type. The wallet MUST use that value in the `scope` Authorization parameter. * As a way to invoke the Wallet, at least a custom URL scheme `haip://` MUST be supported. Implementations MAY support other ways to invoke the wallets as agreed by trust frameworks/ecosystems/jurisdictions, not limited to using other custom URL schemes. -Note: The Authorization Code flow does not require a Credential Offer from the Issuer to the Wallet. However, it is included in the feature set of the Credential Offer because it might be easier to implement with existing libraries and on top of existing implementations than the pre-authorized code Grant Type. +Note: The Authorization Code flow does not require a Credential Offer from the Issuer to the Wallet. However, it is included in the feature set to allow for issuer initiated credential issuance. Both sending Credential Offer same-device and cross-device is supported.