Bug Report
Describe the Bug
When a client requests more scopes than it is authorized for, the QueryResolver rejects the request. It basically requires a full match.
Expected Behavior
the QueryResolver is supposed to respond with a HTTP 200 with only those credentials the client is authorized for.
this is stated clearly in DCP:
If the array is empty, the Credential Service MUST return HTTP 4xx. If the array contains scopes that a client is not entitled to, the Credential Service MUST return HTTP 2xx with the PresentationResponseMessage's presentation array holding less entries than requested.
Observed Behavior
the QueryResolver rejects any request where the scopes are not a 100% match.
Detailed Description
this was introduced in DCP in a somewhat recent PR but the implementation was never aligned.
Possible Implementation
filter down the list of requested credentials to the list of allowed credentials
Bug Report
Describe the Bug
When a client requests more scopes than it is authorized for, the QueryResolver rejects the request. It basically requires a full match.
Expected Behavior
the QueryResolver is supposed to respond with a HTTP 200 with only those credentials the client is authorized for.
this is stated clearly in DCP:
Observed Behavior
the QueryResolver rejects any request where the scopes are not a 100% match.
Detailed Description
this was introduced in DCP in a somewhat recent PR but the implementation was never aligned.
Possible Implementation
filter down the list of requested credentials to the list of allowed credentials