useDPoP Ignored in OpenID4VCI Library #224
Description
When defining the configuration for a wallet, there is an option to set the useDPoP, granted when not provided the default is false. However regardless of this value, it's not passed down into the OpenID4VCI library.
A dpopConstructor is assigned in the OpenId4VCIService.getIssuer function using the data from offer.authorizationServerMetadata.dpopSigningAlgValuesSupported with no ability to set the dpopConstructor to nil avoiding the DPoP JWT in AuthorizationServerClient.submitPushedAuthorizationRequest - in particular in the OpenID4VCI:
AuthorizationServerClient.swift line 332
let tokenHeaders = try await tokenEndPointHeaders(
url: parEndpoint,
dpopNonce: dpopNonce
)
Needs to be a way to avoid using DPoP where if the server is not configured for it despite supplying metadata in the .well-known/oauth-authorization-server dpop_signing_alg_values_supported element.
Also, honouring useDPoP it would also leave the token type to Bearer