Summary
During the review of PR #3206, it was noted that the OpenID4VP flow currently lacks a dedicated authentication service, unlike other authentication methods (e.g., GitHub OAuth, Google OIDC, magic link, OTP, passkey).
There is also a potential opportunity to move the openid4vp package inside the authn package to align with the structure of other authenticators.
Background
This was raised in a discussion on PR #3206 (comment: #3206 (comment)). @ThumulaPerera and @thiva-k had an offline discussion on this and agreed it is worth doing but out of scope for PR #3206.
Proposed Work
- Introduce an
authn/openid4vp service (analogous to authn/github, authn/google, authn/oidc, etc.) that implements the FederatedAuthenticator interface or an appropriate OpenID4VP-specific interface.
- Consider moving the
openid4vp package inside the authn package.
- Ensure the new service is wired into the authentication provider initialization.
References
Summary
During the review of PR #3206, it was noted that the OpenID4VP flow currently lacks a dedicated authentication service, unlike other authentication methods (e.g., GitHub OAuth, Google OIDC, magic link, OTP, passkey).
There is also a potential opportunity to move the
openid4vppackage inside theauthnpackage to align with the structure of other authenticators.Background
This was raised in a discussion on PR #3206 (comment: #3206 (comment)). @ThumulaPerera and @thiva-k had an offline discussion on this and agreed it is worth doing but out of scope for PR #3206.
Proposed Work
authn/openid4vpservice (analogous toauthn/github,authn/google,authn/oidc, etc.) that implements theFederatedAuthenticatorinterface or an appropriate OpenID4VP-specific interface.openid4vppackage inside theauthnpackage.References