change authorization_details to use credential_description from metadata

examples/authorization_details.json

@@ -1,12 +1,6 @@
 [
    {
       "type": "openid_credential",
-      "format": "jwt_vc_json",
-      "credential_definition": {
-         "type": [
-            "VerifiableCredential",
-            "UniversityDegreeCredential"
-         ]
-      }
+      "credentials_supported_id": "UniversityDegreeCredential"
    }
 ]

examples/authorization_details_jwt_vc_json.json

@@ -1,12 +1,8 @@
 [
     {
         "type": "openid_credential",
-        "format": "jwt_vc_json",
+        "credentials_supported_id": "UniversityDegreeCredential",
         "credential_definition": {
-            "type": [
-                "VerifiableCredential",
-                "UniversityDegreeCredential"
-            ],
             "credentialSubject": {
                 "given_name": {},
                 "family_name": {},

examples/authorization_details_ldp_vc.json

@@ -1,16 +1,8 @@
 [
     {
         "type": "openid_credential",
-        "format": "ldp_vc",
+        "credentials_supported_id": "UniversityDegree_LDP_VC",
         "credential_definition": {
-            "@context": [
-                "https://www.w3.org/2018/credentials/v1",
-                "https://www.w3.org/2018/credentials/examples/v1"
-            ],
-            "type": [
-                "VerifiableCredential",
-                "UniversityDegreeCredential"
-            ],
             "credentialSubject": {
                 "given_name": {},
                 "family_name": {},

examples/authorization_details_mso_doc.json

@@ -1,8 +1,7 @@
 [
     {
-        "type": "openid_credential",
-        "format": "mso_doc",
-        "doctype": "org.iso.18013.5.1.mDL",
+        "type":"openid_credential",
+        "credentials_supported_id": "org.iso.18013.5.1.mDL",
         "claims": {
             "org.iso.18013.5.1": {
                 "given_name": {},

examples/authorization_details_multiple_credentials.json

@@ -1,21 +1,10 @@
 [
    {
       "type":"openid_credential",
-      "format": "ldp_vc",
-      "credential_definition": {
-         "@context": [
-            "https://www.w3.org/2018/credentials/v1",
-            "https://www.w3.org/2018/credentials/examples/v1"
-         ],
-         "type": [
-            "VerifiableCredential",
-            "UniversityDegreeCredential"
-         ]
-      }
+      "credentials_supported_id": "UniversityDegreeCredential"
    },
    {
       "type":"openid_credential",
-      "format": "mso_mdoc",
-      "doctype":"org.iso.18013.5.1.mDL"
+      "credentials_supported_id": "org.iso.18013.5.1.mDL"
    }
 ]

examples/authorization_details_with_as.json

@@ -4,12 +4,6 @@
       "locations": [
          "https://credential-issuer.example.com"
       ],
-      "format": "jwt_vc_json",
-      "credential_definition": {
-         "type": [
-            "VerifiableCredential",
-            "UniversityDegreeCredential"
-         ]
-      }
+      "credentials_supported_id": "UniversityDegreeCredential"
    }
 ]

openid-4-verifiable-credential-issuance-1_0.md

@@ -412,8 +412,8 @@ There are two possible ways to request issuance of a specific Credential type in
 
 The request parameter `authorization_details` defined in Section 2 of [@!RFC9396] MUST be used to convey the details about the Credentials the Wallet wants to obtain. This specification introduces a new authorization details type `openid_credential` and defines the following parameters to be used with this authorization details type:
 
-* `type` REQUIRED. String that determines the authorization details type. MUST be set to `openid_credential` for the purpose of this specification.
-* `format`: REQUIRED. String representing the format in which the Credential is requested to be issued. This Credential format identifier determines further claims in the authorization details object specifically used to identify the Credential type to be issued. This specification defines Credential Format Profiles in (#format_profiles).
+* `type`: REQUIRED. String that determines the authorization details type. MUST be set to `openid_credential` for the purpose of this specification.
+* `credentials_supported_id`: REQUIRED. String specifying a unique identifier of the Credential being described in the `credentials_supported` map in the Credential Issuer Metadata as defined in (#credential-issuer-parameters). The referenced object in the `credentials_supported` map conveys the details, e.g. format, for the requested Credential issuance. This specification defines Credential Format specific Issuer Metadata in (#format_profiles).
 
 The following is a non-normative example of an `authorization_details` object:
 
@@ -431,10 +431,8 @@ GET /authorize?
   &client_id=s6BhdRkqt3
   &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
   &code_challenge_method=S256
-  &authorization_details=%5B%7B%22type%22%3A+%22openid_credential%22
-    %2C+%22format%22%3A+%22jwt_vc_json%22%2C+%22credential_definition
-    %22%3A+%7B%22type%22%3A+%5B%22VerifiableCredential%22%2C+%22Unive
-    rsityDegreeCredential%22%5D%7D%7D%5D
+  &authorization_details=%5B%7B%22type%22%3A%20%22openid_credential%22%2C%20%22
+    credentials_supported_id%22%3A%20%22UniversityDegreeCredential%22%7D%5D
   &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
 
 Host: https://server.example.com
@@ -610,7 +608,7 @@ In addition to the response parameters defined in [@!RFC6749], the AS MAY return
 
 * `c_nonce`: OPTIONAL. String containing a nonce to be used when creating a proof of possession of the key proof (see (#credential_request)). When received, the Wallet MUST use this nonce value for its subsequent requests until the Credential Issuer provides a fresh nonce.
 * `c_nonce_expires_in`: OPTIONAL. Number denoting the lifetime in seconds of the `c_nonce`.
-* `authorization_details`: REQUIRED when `authorization_details` parameter is used to request issuance of a certain Credential type as defined in (#authorization-details). MUST NOT be used otherwise. An array of objects as defined in Section 7 of [@!RFC9396]. This specification defines the following parameter to be used with authorization details type `openid_credential` in the Token Response:
+* `authorization_details`: REQUIRED when `authorization_details` parameter is used to request issuance of a certain Credential type as defined in (#authorization-details). MUST NOT be used otherwise. An array of objects as defined in Section 7 of [@!RFC9396]. In addition to the parameters defined in (#authorization-details), this specification defines the following parameter to be used with authorization details type `openid_credential` in the Token Response:
   * `credential_identifiers`: OPTIONAL. Array of strings that each uniquely identify a Credential instance that can be issued using Access Token returned in this response. Each Credential instance is a unique Credential described using the same entry in the `credentials_supported` Credential Issuer metadata, but can contain different claim values or different subset of claims within the claimset identified by the Credential type. This parameter can also be used to simplify the Credential Request, since as defined in (#credential_request) `credential_identifier` parameter replaces `format` and any other Credential format specific parameters in the Credential Request. When received, the Wallet MUST use these values together with an Access Token in the subsequent Credential Request(s).
 
 Note: Credential Instance identifier(s) cannot be used when `scope` parameter is used in the Authorization Request to request issuance of a Credential.
@@ -631,13 +629,7 @@ Cache-Control: no-store
     "authorization_details": [
       {
         "type": "openid_credential",
-        "format": "jwt_vc_json",
-        "credential_definition": {
-          "type": [
-              "VerifiableCredential",
-              "UniversityDegreeCredential"
-          ]
-        },
+        "credentials_supported_id": "UniversityDegreeCredential",
         "credential_identifiers": [ "CivilEngineeringDegree-2023", "ElectricalEngineeringDegree-2023" ]
       }
     ]
@@ -1968,10 +1960,11 @@ The following is a non-normative example of an object comprising `credentials_su
 
 The following additional claims are defined for authorization details of type `openid_credential` and this Credential format.
 
-* `credential_definition`: REQUIRED. Object containing the detailed description of the Credential type. It consists at least of the following sub claims:
-  * `type`: REQUIRED. Array as defined in (#server_metadata_jwt_vc_json). This claim contains the type values the Wallet requests authorization for at the Credential Issuer.
+* `credential_definition`: OPTIONAL. Object containing a detailed description of the Credential consisting of the following sub claim:
   * `credentialSubject`: OPTIONAL. An object containing a list of name/value pairs, where each name identifies a claim offered in the Credential. The value can be another such object (nested data structures), or an array of such objects. The most deeply nested value MUST be an empty object. This object indicates the claims the Wallet would like to turn up in the Credential to be issued.
 
+Note that the `type` is referenced in the `credentials_supported` object in the Credential Issuer metadata.
+
 The following is a non-normative example of an authorization details object with Credential format `jwt_vc_json`:
 
 <{{examples/authorization_details_jwt_vc_json.json}}
@@ -2033,11 +2026,11 @@ The following is a non-normative example of an object comprising `credentials_su
 
 The following additional claims are defined for authorization details of type `openid_credential` and this Credential format.  
 
-* `credential_definition`: REQUIRED. Object containing the detailed description of the Credential type. It consists of the following sub claims:
-    * `@context`: REQUIRED. Array as defined in (#server_metadata_ldp_vc).
-    * `type`: REQUIRED. Array as defined in (#server_metadata_ldp_vc).  This claim contains the type values the Wallet requests authorization for at the Credential Issuer.
+* `credential_definition`: OPTIONAL. Object containing the detailed description of the Credential consisting of the following sub claim:
     * `credentialSubject`: OPTIONAL. An object as defined in (#authorization_jwt_vc_json).
 
+Note that the `@context` and `type` are referenced in the `credentials_supported` object in the Credential Issuer metadata.
+
 The following is a non-normative example of an authorization details object with Credential format `ldp_vc`:
 
 <{{examples/authorization_details_ldp_vc.json}}
@@ -2122,9 +2115,10 @@ The following is a non-normative example of an object comprising `credentials_su
 
 The following additional claims are defined for authorization details of type `openid_credential` and this Credential format.
 
-* `doctype`: REQUIRED. String as defined in (#server_metadata_mso_mdoc). This claim contains the type values the Wallet requests authorization for at the Credential Issuer.
 * `claims`: OPTIONAL. An object as defined in (#server_metadata_mso_mdoc).
 
+Note that the `doctype` is referenced in the `credentials_supported` object in the Credential Issuer metadata.
+
 The following is a non-normative example of an authorization details object with Credential format `mso_mdoc`:
 
 <{{examples/authorization_details_mso_doc.json}}
@@ -2150,6 +2144,7 @@ The value of the `credential` claim in the Credential Response MUST be a string
 
    -13
 
+   * changed `authorization_details` to use `credentials_supported_id` pointing to the name of a `credentials_supported` object in the Credential Issuer's Metadata
    * grouped `credential_encryption_jwk`, `credential_response_encryption_alg` and `credential_response_encryption_enc` from Credential Request into a single `credential_response_encryption` object
    * replaced `user_pin_required` in Credential Offer with a `tx_code` object that also now contains `description` and `length`
    * reworked flow description in Overview section