Skip to content

Unclear whether wallet should follow HTTP redirects #680

Description

@mickrau

Feedback from Interop. @jogu

There is uncertainty among developers as to whether wallets should follow HTTP redirects (301, 302, 307), and when yes in which cases.
Same for VCI.

Most HTTP clients follow redirects by default. Current OpenID Conformance Test does not follow redirects.

example
a verifier implementation redirects a call to the request-uri

HTTP GET https://verifier.example.com/request-uri?static
<- HTTP 307 Temporary Redirect https://verifier.example.com/request-uri?id=234234
HTTP GET https://verifier.example.com/request-uri?id=234234
<- HTTP 200 OK <Authorization Request>

Should this be allowed?

In my opinion HTTP redirects are a standard HTTP pattern that should be allowed by default and explicitly disallowed when necessary.

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions