In the spec we have only described the happy flow:
If the Response URI has successfully processed the Authorization Response or Authorization Error Response, it MUST respond with an HTTP status code of 200 with Content-Type of application/json and a JSON object in the response body.
However the OIDF test suite assumes that when the validation fails, the status code has to be a 4xx one. Which seems logic, but this behaviour is not in the spec.
My recommendation
Add a paragraph that defines that a 400 error has to be returned when the validation failed. This can be added after the text mentioned above of in 8-6 VP Token Validation
This seems to be a quick fix in which I ran because my verifier always returns a 200 (which is compliant to the spec right now).
Another addition would be to add an extension point for the response of the verifier. This would be relevant for the wallet for a transaction log and to document why the presentation failed (e.g. presentation got rejected because expired credential got presented, required claims were not disclosed, ...).
We could treat it as one change to the response or just focus on the first one, the smaller task.
In the spec we have only described the happy flow:
However the OIDF test suite assumes that when the validation fails, the status code has to be a
4xxone. Which seems logic, but this behaviour is not in the spec.My recommendation
Add a paragraph that defines that a 400 error has to be returned when the validation failed. This can be added after the text mentioned above of in 8-6 VP Token Validation
This seems to be a quick fix in which I ran because my verifier always returns a 200 (which is compliant to the spec right now).
Another addition would be to add an extension point for the response of the verifier. This would be relevant for the wallet for a transaction log and to document why the presentation failed (e.g. presentation got rejected because expired credential got presented, required claims were not disclosed, ...).
We could treat it as one change to the response or just focus on the first one, the smaller task.