Clarify the Resolution of Client Metadata in Authorization Request

[georgepadayatti]

The current specification (RFC 002) does not include the client_metadata field in the Authorization Request. As a result, a holder wallet processing the request cannot resolve verifier metadata to obtain crucial information such as client_name and logo_uri, which are necessary for displaying to the end user.

The additional fields supported in client metadata are defined according to RFC 7591 OAuth2.0 Dynamic Client Registration Protocol (RFC 7591 Section 2).

Moreover, it is important to note that both client_name and logo_uri are optional fields. If client_name is not specified, the client_id should be used as the name when displayed to the end user.

Additionally, client metadata can also be specified as client_metadata_uri in the Authorization Request.

[peppelinux]

I agree, however providing URL instead of organization name to the end user may represent an UX nightmare.

regarding client_metadata_uri ... you know that using openid federation all these kind of problems doesn't exist .-)

[lalc]

@georgepadayatti Could you pls check this and take suitable actions?