Skip to content

IAE URL is not compatible with Origin/expected_origin #620

New issue
New issue
Open
Open
IAE URL is not compatible with Origin/expected_origin#620
Assignees
awoie
Labels
discussiaeItems related to Interactive Authorization Endpoint
Milestone
1.1
@awoie

Description

@awoie
awoie
opened on Aug 12, 2025

Two comments:

  1. since expected_origins is optional (or conditional), should we add "if present"?
  2. expected_origins can only contain origins, not URLs. While they can match, they don't always match. Is the idea that the expected_origins is converted by the wallet before matching?

Originally posted by @martijnharing in #602 (comment)

Also

#602 (comment)

Current definition of Origin and expected_origins in OID4VP clashes with this normative statement. expected_origins contains origin values and is conditional based on if the request was signed. If somebody wants to write a parser for requests, this would be prone to errors since with the current text both, URLs and origins, are allowed.

Metadata

Metadata

Assignees

Labels

discussiaeItems related to Interactive Authorization Endpoint

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions