Apply suggestions from code review

Co-authored-by: Oliver Terbu <o.terbu@gmail.com>

diagrams/request_uri_mode_post.md

@@ -12,9 +12,9 @@ participant "Verifier" as r
 u --> r : use
 activate r
 
-r --> u: authorization request\n(client_id, request_uri, request_uri_method=POST, [client_id_scheme])
+r --> u: authorization request\n(client_id, request_uri, request_uri_method=post, [client_id_scheme])
 deactivate r
-u --> w: authorization request\n(client_id, request_uri, request_uri_method=POST, [client_id_scheme])
+u --> w: authorization request\n(client_id, request_uri, request_uri_method=post, [client_id_scheme])
 activate w
 w --> r: POST **request_uri** (\n[OPTIONAL]wallet_metadata, \n[OPTIONAL]wallet_nonce)
 r -> r: create and sign (and optionally encrypt) request object 
@@ -23,14 +23,15 @@ w -> w: authenticate and\n authorize Verifier
 
 note over u, w: User authentication and Credential selection/confirmation
 
-w -> w: create verifiable\npresentation (credential)
-w --> r: POST response \n(vp_token(credential presentation(s) associated with nonce), presentation_submission, state)
-r -> r: check state, store vp_token\n & create redirect_url
-r --> w: redirect_url
-w --> u: redirect (response_code)
-u --> r: redirect (response_code)
+w -> w: create credential presentation(s) associated with nonce
+w --> r: POST response \n(vp_token(credential presentation(s)), presentation_submission, state)
+r -> r: check state, store vp_token\n & create redirect_uri with response_code
+r --> w: redirect_uri
+w --> u: redirect (redirect_uri)
+u --> r: redirect (redirect_uri)
 activate r
 r --> r: presentation response
+r -> r: validate response \n(incl. response_code)
 r -> r: validate presentation \n(incl. nonce binding)
 r -> r: use presented credential 
 @enduml

openid-4-verifiable-presentations-1_0.md

@@ -528,13 +528,14 @@ The following is a non-normative example of a request object:
    "response_mode": "direct_post",
    "presentation_definition": {...},
    "nonce": "n-0S6_WzA2Mj",
+   "wallet_nonce": "qPmxiNFCR3QTm19POc8u",
    "state" : "eyJhb...6-sVA"
 }
 ```
 
 The Wallet MUST process the request as defined in [@RFC9101]. Additionally, if the Wallet passed a `wallet_nonce` in the post request, the Wallet MUST validate whether the request object contains the respective nonce value in a `wallet_nonce` claim. If it does not, the Wallet MUST terminate request processing. 
 
-The Wallet MUST extract the set of authorization request parameters from the Request Object. The Wallet MUST only use the parameters in this Request Object, even if the same parameter was provided in an authorization request query parameter. The Client ID value in the `client_id` authorization request parameter in the Request Object 'client_id' claim MUST be identical. If the Authorization Request contains a `client_id_scheme` parameter, the `client_id_scheme` authorization request parameter in the Request Object `client_id_scheme` claim MUST be identical. If any of these conditions are not met, the Wallet MUST terminate request processing.
+The Wallet MUST extract the set of authorization request parameters from the Request Object. The Wallet MUST only use the parameters in this Request Object, even if the same parameter was provided in an Authorization Request query parameter. The Client Identifier value in the `client_id` Authorization Request parameter and the Request Object 'client_id' claim value MUST be identical. If the Authorization Request contains a `client_id_scheme` parameter, the `client_id_scheme` Authorization Request parameter and the Request Object `client_id_scheme` claim value MUST be identical. If any of these conditions are not met, the Wallet MUST terminate request processing.
 
 The Wallet then validates the request as specified in OAuth 2.0 [@RFC6749].
 
@@ -771,7 +772,7 @@ This document also defines the following additional error codes and error descri
 
 `invalid_request_uri_mode`:
 
-- The value of the `request_uri_mode` request parameter is neither `get` nor `post`.
+- The value of the `request_uri_method` request parameter is neither `get` nor `post`.
 
 
 ## VP Token Validation