Retrieve issuer metadata #160
Description
In draft 16 defines the location of /.well-known/openid-credential-issuer in Credential Issuer Identifier URL as follows:
Credential Issuers publishing metadata MUST make a JSON document available at the path formed inserting the string /.well-known/openid-credential-issuer into the Credential Issuer Identifier between the host component and the path component, if any.
For example, the metadata for the Credential Issuer Identifier https://issuer.example.com/tenant would be retrieved from https://issuer.example.com/.well-known/openid-credential-issuer/tenant. The metadata for the Credential Issuer Identifier https://tenant.issuer.example.com would be retrieved from https://tenant.issuer.example.com/.well-known/openid-credential-issuer
- Update parsing of Credential Issuer Identifier URL to fetch issuer metadata
Regarding the GET request to fetch issuer metadata
The Wallet is RECOMMENDED to send an Accept header in the HTTP GET request to indicate the Content Type(s) it supports, and by doing so, signaling whether it supports signed metadata.
The Credential Issuer MUST respond with HTTP Status Code 200 and return the Credential Issuer Metadata containing the parameters defined in Section 11.2.4 as either
- an unsigned JSON document using the media type application/json, or
- a signed JSON Web Token (JWT) containing the Credential Issuer Metadata in its payload using the media type application/jwt.
- Depending on the configured
IssuerMetadataPolicysend the respective ACCEPT header to the issuer - Parse issuer's signed metadata JWT as specified here (this is a link to draft 17 the structure is better defined there)