oidc4ci

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2024 License: Apache-2.0 Imports: 30 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	TxCodeLength = 6

	GrantTypeAuthorizationCode = "authorization_code"
	GrantTypePreAuthorizedCode = "urn:ietf:params:oauth:grant-type:pre-authorized_code"
)
View Source 
const (
	WalletInitFlowClaimExpectedMatchCount = 2
)

Variables

View Source 
var ErrAckExpired = errors.New("expired_ack_id")
View Source 
var ErrDataNotFound = errors.New("data not found")

Functions

func ExtractIssuerURL added in v1.2.0 

func ExtractIssuerURL(input string) string

Types

type Ack added in v1.6.0 

type Ack struct {
	HashedToken       string               `json:"hashed_token"` // Hashed auth token
	ProfileID         string               `json:"profile_id"`
	ProfileVersion    string               `json:"profile_version"`
	TxID              issuecredential.TxID `json:"tx_id"`
	WebHookURL        string               `json:"webhook_url"`
	OrgID             string               `json:"org_id"`
	CredentialsIssued int                  `json:"credentials_issued"`
}

type AckRemote added in v1.6.0 

type AckRemote struct {
	HashedToken        string // Hashed auth token
	TxID               issuecredential.TxID
	Event              string
	EventDescription   string
	IssuerIdentifier   string
	InteractionDetails map[string]interface{}
}

type AckService added in v1.6.0 

type AckService struct {
	// contains filtered or unexported fields
}

func NewAckService added in v1.6.0 

func NewAckService(
	cfg *AckServiceConfig,
) *AckService

func (*AckService) Ack added in v1.6.0 

func (s *AckService) Ack(
	ctx context.Context,
	req AckRemote,
) error

Ack acknowledges the interaction.

func (*AckService) AckEventMap added in v1.6.0 

func (s *AckService) AckEventMap(status string) spi.EventType

func (*AckService) UpsertAck added in v1.12.0 

func (s *AckService) UpsertAck(
	ctx context.Context,
	ack *Ack,
) (string, error)

UpsertAck creates an acknowledgement if it does not exist in store, and updates in case it exists. Designed to be able to count amount of possible /ack request for given transaction.

type AckServiceConfig added in v1.6.0 

type AckServiceConfig struct {
	AckStore   ackStore
	EventSvc   eventService
	EventTopic string
	ProfileSvc profileService
}

type AuthorizationCodeGrant 

type AuthorizationCodeGrant struct {
	IssuerState string `json:"issuer_state"`
}

type AuthorizeState 

type AuthorizeState struct {
	RedirectURI         *url.URL                        `json:"redirect_uri"`
	RespondMode         string                          `json:"respond_mode"`
	Header              map[string][]string             `json:"header"`
	Parameters          map[string][]string             `json:"parameters"`
	WalletInitiatedFlow *common.WalletInitiatedFlowData `json:"wallet_initiated_flow"`
}

type ClaimDataStore 

type ClaimDataStore claimDataStore

type Config 

type Config struct {
	TransactionStore              transactionStore
	ClaimDataStore                claimDataStore
	WellKnownService              wellKnownService
	ProfileService                profileService
	IssuerVCSPublicHost           string
	HTTPClient                    *http.Client
	EventService                  eventService
	PinGenerator                  pinGenerator
	EventTopic                    string
	PreAuthCodeTTL                int32
	CredentialOfferReferenceStore credentialOfferReferenceStore // optional
	DataProtector                 dataProtector
	KMSRegistry                   kmsRegistry
	CryptoJWTSigner               cryptoJWTSigner
	JSONSchemaValidator           jsonSchemaValidator
	TrustRegistry                 trustRegistry
	AckService                    ackService
	DocumentLoader                documentLoader
	PrepareCredential             credentialIssuer
	WellKnownProvider             wellKnownProvider
}

Config holds configuration options and dependencies for Service.

type CredentialOffer 

type CredentialOffer struct {
	Format vcsverifiable.OIDCFormat `json:"format"`
	Types  []string                 `json:"types"`
}

type CredentialOfferGrant 

type CredentialOfferGrant struct {
	AuthorizationCode     *AuthorizationCodeGrant `json:"authorization_code,omitempty"`
	PreAuthorizationGrant *PreAuthorizationGrant  `json:"urn:ietf:params:oauth:grant-type:pre-authorized_code,omitempty"` // nolint:lll
}

type CredentialOfferResponse 

type CredentialOfferResponse struct {
	CredentialIssuer           string               `json:"credential_issuer"`
	CredentialConfigurationIDs []string             `json:"credential_configuration_ids"`
	Grants                     CredentialOfferGrant `json:"grants"`
}

type EventPayload added in v1.5.0 

type EventPayload struct {
	WebHook               string `json:"webHook,omitempty"`
	ProfileID             string `json:"profileID,omitempty"`
	ProfileVersion        string `json:"profileVersion,omitempty"`
	OrgID                 string `json:"orgID,omitempty"`
	WalletInitiatedFlow   bool   `json:"walletInitiatedFlow"`
	PinRequired           bool   `json:"pinRequired"`
	PreAuthFlow           bool   `json:"preAuthFlow"`
	InitiateIssuanceURL   string `json:"initiateIssuanceURL,omitempty"`
	AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
	Error                 string `json:"error,omitempty"`
	ErrorCode             string `json:"errorCode,omitempty"`
	ErrorComponent        string `json:"errorComponent,omitempty"`
	// Deprecated: use Credentials instead.
	CredentialTemplateID string `json:"credentialTemplateID,omitempty"`
	// Deprecated: use Credentials instead.
	Format             vcsverifiable.OIDCFormat            `json:"format,omitempty"`
	Credentials        map[string]vcsverifiable.OIDCFormat `json:"credentials"`
	CredentialIDs      []string                            `json:"credentialIDs"`
	InteractionDetails map[string]interface{}              `json:"interaction_details,omitempty"`
}

type ExchangeAuthorizationCodeResult added in v1.8.0 

type ExchangeAuthorizationCodeResult struct {
	TxID issuecredential.TxID
	// AuthorizationDetails REQUIRED when authorization_details parameter is used to request issuance
	// of a certain Credential type in Authorization Request. It MUST NOT be used otherwise.
	AuthorizationDetails []*issuecredential.AuthorizationDetails
}

type InitiateIssuanceComposeCredential added in v1.8.0 

type InitiateIssuanceComposeCredential struct {
	Credential              *map[string]interface{} `json:"credential,omitempty"`
	IDTemplate              string                  `json:"id_template"`
	OverrideIssuer          bool                    `json:"override_issuer"`
	OverrideSubjectDID      bool                    `json:"override_subject_did"`
	PerformStrictValidation bool                    `json:"perform_strict_validation,omitempty"`
}

type InitiateIssuanceCredentialConfiguration added in v1.8.0 

type InitiateIssuanceCredentialConfiguration struct {
	ClaimData             map[string]interface{}             `json:"claim_data,omitempty"`
	ComposeCredential     *InitiateIssuanceComposeCredential `json:"compose_credential,omitempty"`
	ClaimEndpoint         string                             `json:"claim_endpoint,omitempty"`
	CredentialTemplateID  string                             `json:"credential_template_id,omitempty"`
	CredentialExpiresAt   *time.Time                         `json:"credential_expires_at,omitempty"`
	CredentialName        string                             `json:"credential_name,omitempty"`
	CredentialDescription string                             `json:"credential_description,omitempty"`
}

type InitiateIssuanceRequest 

type InitiateIssuanceRequest struct {
	ClientInitiateIssuanceURL string
	ClientWellKnownURL        string
	GrantType                 string
	ResponseType              string
	Scope                     []string
	OpState                   string
	UserPinRequired           bool
	WalletInitiatedIssuance   bool
	// CredentialConfiguration aimed to initialise multi credential issuance.
	CredentialConfiguration []InitiateIssuanceCredentialConfiguration
}

InitiateIssuanceRequest is the request used by the Issuer to initiate the OIDC VC issuance interaction.

type InitiateIssuanceResponse 

type InitiateIssuanceResponse struct {
	InitiateIssuanceURL string
	TxID                issuecredential.TxID
	UserPin             string
	Tx                  *issuecredential.Transaction        `json:"-"`
	ContentType         InitiateIssuanceResponseContentType `json:"-"`
}

InitiateIssuanceResponse is the response from the Issuer to the Wallet with initiate issuance URL.

type InitiateIssuanceResponseContentType added in v1.3.0 

type InitiateIssuanceResponseContentType = string
const (
	ContentTypeApplicationJSON InitiateIssuanceResponseContentType = echo.MIMEApplicationJSON
	ContentTypeApplicationJWT  InitiateIssuanceResponseContentType = "application/jwt"
)

type IssuerIDPOIDCConfiguration added in v1.5.0 

type IssuerIDPOIDCConfiguration struct {
	AuthorizationEndpoint              string   `json:"authorization_endpoint"`
	PushedAuthorizationRequestEndpoint string   `json:"pushed_authorization_request_endpoint"`
	TokenEndpoint                      string   `json:"token_endpoint"`
	ResponseTypesSupported             []string `json:"response_types_supported"`
	ScopesSupported                    []string `json:"scopes_supported"`
	GrantTypesSupported                []string `json:"grant_types_supported"`
	InitiateIssuanceEndpoint           string   `json:"initiate_issuance_endpoint"`
}

IssuerIDPOIDCConfiguration represents an Issuer's IDP OIDC configuration from well-know endpoint (usually: /.well-known/openid-configuration).

type JWTCredentialOfferClaims added in v1.3.0 

type JWTCredentialOfferClaims struct {
	*jwt.Claims

	CredentialOffer *CredentialOfferResponse `json:"credential_offer,omitempty"`
}

JWTCredentialOfferClaims is JWT Claims extension by CredentialOfferResponse (with custom "credential_offer" claim).

type PreAuthorizationGrant 

type PreAuthorizationGrant struct {
	PreAuthorizedCode string  `json:"pre-authorized_code"`
	TxCode            *TxCode `json:"tx_code,omitempty"`
}

type PrepareClaimDataAuthorizationRequest 

type PrepareClaimDataAuthorizationRequest struct {
	ResponseType         string
	Scope                []string
	OpState              string
	AuthorizationDetails []*issuecredential.AuthorizationDetails
}

PrepareClaimDataAuthorizationRequest is the request to prepare the claim data authorization request.

type PrepareClaimDataAuthorizationResponse 

type PrepareClaimDataAuthorizationResponse struct {
	WalletInitiatedFlow                *common.WalletInitiatedFlowData
	ProfileID                          profileapi.ID
	ProfileVersion                     profileapi.Version
	TxID                               issuecredential.TxID
	ResponseType                       string
	Scope                              []string
	AuthorizationEndpoint              string
	PushedAuthorizationRequestEndpoint string
}

type PrepareCredential 

type PrepareCredential struct {
	TxID               issuecredential.TxID
	HashedToken        string
	CredentialRequests []*PrepareCredentialRequest
}

type PrepareCredentialRequest added in v1.8.0 

type PrepareCredentialRequest struct {
	CredentialTypes  []string
	CredentialFormat vcsverifiable.OIDCFormat
	DID              string
	AudienceClaim    string
}

type PrepareCredentialResult 

type PrepareCredentialResult struct {
	ProfileID      profileapi.ID
	ProfileVersion profileapi.Version
	Credentials    []*PrepareCredentialResultData
	NotificationID string
}

type PrepareCredentialResultData added in v1.8.0 

type PrepareCredentialResultData struct {
	Credential              *verifiable.Credential
	Format                  vcsverifiable.Format
	OidcFormat              vcsverifiable.OIDCFormat
	CredentialTemplate      *profileapi.CredentialTemplate
	Retry                   bool
	EnforceStrictValidation bool
}

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service implements VCS credential interaction API for OIDC credential issuance.

func NewService 

func NewService(config *Config) (*Service, error)

NewService returns a new Service instance.

func (*Service) DecryptClaims 

func (s *Service) DecryptClaims(ctx context.Context, data *issuecredential.ClaimData) (map[string]interface{}, error)

func (*Service) EncryptClaims 

func (s *Service) EncryptClaims(ctx context.Context, data map[string]interface{}) (*issuecredential.ClaimData, error)

func (*Service) ExchangeAuthorizationCode 

func (s *Service) ExchangeAuthorizationCode(
	ctx context.Context,
	opState,
	clientID,
	clientAssertionType,
	clientAssertion string,
) (*ExchangeAuthorizationCodeResult, error)

func (*Service) GetCredentialsExpirationTime 

func (s *Service) GetCredentialsExpirationTime(
	credentialExpiresAt *time.Time,
	template *profileapi.CredentialTemplate,
) time.Time

func (*Service) InitiateIssuance 

func (s *Service) InitiateIssuance(
	ctx context.Context,
	req *InitiateIssuanceRequest,
	profile *profileapi.Issuer,
) (*InitiateIssuanceResponse, error)

InitiateIssuance creates credential issuance transaction and builds initiate issuance URL.

func (*Service) PrepareClaimDataAuthorizationRequest 

func (s *Service) PrepareClaimDataAuthorizationRequest(
	ctx context.Context,
	req *PrepareClaimDataAuthorizationRequest,
) (*PrepareClaimDataAuthorizationResponse, error)

func (*Service) PrepareCredential 

func (s *Service) PrepareCredential(
	ctx context.Context,
	req *PrepareCredential,
) (*PrepareCredentialResult, error)

func (*Service) PushAuthorizationDetails 

func (s *Service) PushAuthorizationDetails(
	ctx context.Context,
	opState string,
	ad []*issuecredential.AuthorizationDetails,
) error

func (*Service) SelectProperOIDCFormat 

func (s *Service) SelectProperOIDCFormat(
	format verifiable.Format,
	template *profileapi.CredentialTemplate,
) verifiable.OIDCFormat

func (*Service) StoreAuthorizationCode 

func (s *Service) StoreAuthorizationCode(
	ctx context.Context,
	opState string,
	code string,
	flowData *common.WalletInitiatedFlowData,
) (issuecredential.TxID, error)

StoreAuthorizationCode stores authorization code from issuer provider.

func (*Service) ValidatePreAuthorizedCodeRequest 

func (s *Service) ValidatePreAuthorizedCodeRequest(
	ctx context.Context,
	preAuthorizedCode,
	pin,
	clientID,
	clientAssertionType,
	clientAssertion string,
) (*issuecredential.Transaction, error)

type ServiceInterface 

type ServiceInterface interface {
	InitiateIssuance(
		ctx context.Context,
		req *InitiateIssuanceRequest,
		profile *profileapi.Issuer,
	) (*InitiateIssuanceResponse, error)
	PushAuthorizationDetails(ctx context.Context, opState string, ad []*issuecredential.AuthorizationDetails) error
	PrepareClaimDataAuthorizationRequest(
		ctx context.Context,
		req *PrepareClaimDataAuthorizationRequest,
	) (*PrepareClaimDataAuthorizationResponse, error)
	StoreAuthorizationCode(
		ctx context.Context,
		opState string,
		code string,
		flowData *common.WalletInitiatedFlowData,
	) (issuecredential.TxID, error)
	ExchangeAuthorizationCode(
		ctx context.Context,
		opState,
		clientID,
		clientAssertionType,
		clientAssertion string,
	) (*ExchangeAuthorizationCodeResult, error)
	ValidatePreAuthorizedCodeRequest(
		ctx context.Context,
		preAuthorizedCode,
		pin,
		clientID,
		clientAssertionType,
		clientAssertion string,
	) (*issuecredential.Transaction, error)
	PrepareCredential(ctx context.Context, req *PrepareCredential) (*PrepareCredentialResult, error)
}

type TransactionStore 

type TransactionStore transactionStore

type TxCode added in v1.8.0 

type TxCode struct {
	InputMode   string `json:"input_mode"`
	Length      int    `json:"length"`
	Description string `json:"description"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.