Skip to content

Missing information of http status code for VP token validation response. #740

Description

@cre8

In the spec we have only described the happy flow:

If the Response URI has successfully processed the Authorization Response or Authorization Error Response, it MUST respond with an HTTP status code of 200 with Content-Type of application/json and a JSON object in the response body.

However the OIDF test suite assumes that when the validation fails, the status code has to be a 4xx one. Which seems logic, but this behaviour is not in the spec.

My recommendation

Add a paragraph that defines that a 400 error has to be returned when the validation failed. This can be added after the text mentioned above of in 8-6 VP Token Validation

This seems to be a quick fix in which I ran because my verifier always returns a 200 (which is compliant to the spec right now).

Another addition would be to add an extension point for the response of the verifier. This would be relevant for the wallet for a transaction log and to document why the presentation failed (e.g. presentation got rejected because expired credential got presented, required claims were not disclosed, ...).

We could treat it as one change to the response or just focus on the first one, the smaller task.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions