Two comments:
- since expected_origins is optional (or conditional), should we add "if present"?
- expected_origins can only contain origins, not URLs. While they can match, they don't always match. Is the idea that the expected_origins is converted by the wallet before matching?
Originally posted by @martijnharing in #602 (comment)
Also
#602 (comment)
Current definition of Origin and expected_origins in OID4VP clashes with this normative statement. expected_origins contains origin values and is conditional based on if the request was signed. If somebody wants to write a parser for requests, this would be prone to errors since with the current text both, URLs and origins, are allowed.
Two comments:
Originally posted by @martijnharing in #602 (comment)
Also
#602 (comment)
Current definition of
Originandexpected_originsin OID4VP clashes with this normative statement.expected_originscontains origin values and is conditional based on if the request was signed. If somebody wants to write a parser for requests, this would be prone to errors since with the current text both, URLs and origins, are allowed.