diff --git a/Sources/Entities/CredentialIssuer/CredentialIssuerId.swift b/Sources/Entities/CredentialIssuer/CredentialIssuerId.swift
index 3104708..b48f263 100644
--- a/Sources/Entities/CredentialIssuer/CredentialIssuerId.swift
+++ b/Sources/Entities/CredentialIssuer/CredentialIssuerId.swift
@@ -26,6 +26,7 @@ public struct CredentialIssuerId: Codable, Equatable {
     
     guard
       let validURL = URL(string: string),
+      validURL.scheme == "https",
       validURL.fragment == nil
     else {
       throw CredentialError.genericError
diff --git a/Sources/Entities/IssuanceFlows/GetAuthorizationCodeURL.swift b/Sources/Entities/IssuanceFlows/GetAuthorizationCodeURL.swift
index 834f4d5..4e858bd 100644
--- a/Sources/Entities/IssuanceFlows/GetAuthorizationCodeURL.swift
+++ b/Sources/Entities/IssuanceFlows/GetAuthorizationCodeURL.swift
@@ -27,6 +27,10 @@ public struct GetAuthorizationCodeURL {
       throw ValidationError.invalidUrl(urlString)
     }
       
+    guard url.scheme == "https" else {
+      throw ValidationError.nonHttpsUrl(urlString)
+    }
+      
     let parameters = url.queryParameters
     guard
       parameters["\(Self.PARAM_CLIENT_ID)"] != nil
diff --git a/Tests/Issue/GetAuthorizationCodeURLTest.swift b/Tests/Issue/GetAuthorizationCodeURLTest.swift
index 12dd037..f3dd495 100644
--- a/Tests/Issue/GetAuthorizationCodeURLTest.swift
+++ b/Tests/Issue/GetAuthorizationCodeURLTest.swift
@@ -29,14 +29,12 @@ class GetAuthorizationCodeURLTests: XCTestCase {
   }
   
   func testInvalidURL() {
-    XCTExpectFailure()
     XCTAssertThrowsError(try GetAuthorizationCodeURL(urlString: "invalid_url")) { error in
       XCTAssertTrue(error is ValidationError)
     }
   }
   
   func testNonHTTPSURL() {
-    XCTExpectFailure()
     XCTAssertThrowsError(try GetAuthorizationCodeURL(urlString: "http://example.com?client_id=123")) { error in
       XCTAssertTrue(error is ValidationError)
     }