OIDC4VC draft 22 : remove client_id_scheme and turn it into a prefix of the client_id; this addresses a security issue with the previous solution

[ThierryThevenet]

With Draft 22 and above the client_id_scheme is removed from the authorization request but the value is added to the client_id to be the new client_id value

in the client_id Authorization Request parameter and other places where the Client Identifier is used, the Client Identifier Schemes are prefixed to the usual Client Identifier, separated by a : (colon) character:

<client_id_scheme>:<orig_client_id>

We dont need to change the logic if the wallet recalculates the previous value of the client_id_scheme based on the above rules.

Examples:

client_id=redirect_uri:https://client.example.org/ -> previous client_id_scheme = redirect_uri and client_id = https://client.example.com

client_id = did:web:talao.co -> previous client_id scheme = did and client_id = did:web:talao.co be careful to this one as did must be replicated

client_id = verifier_attestation:example.com -> client_id_scheme = verifier_attestation and client_id = example.com

client_id = x509_san_dns:client.example.org -> client_id_scheme = x509_san_dns

[ThierryThevenet]

Test OIDC4VP Test 3 with PID
Attention : the client id scheme is X509, so wallet must decode the x509 certificate and ask user consent with the dns_name of the X509 certificate. it was fine a few months ago.
so in this test client_id = x509_san_dns:talao.co which is the previous equivalent to;

• client_id_scheme = `x509_san_dns
• client_id = talao.co