Skip to content

OpenIDVP kid and x5c not together #1153

Description

@peppelinux

Since it is up to the RP decide which client id scheme to use, the use of kid or x5c must be selected according to the trust evaluation method used

therefore kid and x5c should be conditional required and not absolutely required
https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/remote-flow.html#request-object

however, the RP knows the trust evaluation method supported by a wallet instance if it obtain the wallet metadata (optional during the request flow) or configuring different authnetication button configured with different trust evaluation method, considering login with eudiw using client id scheme x509_hash as mandatory and the x5c jwt header required as well.

see: #1118

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
No status

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions