oidc4vp

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0 Imports: 45 Imported by: 2

Documentation

Index

Constants

View Source
const (
	AttachmentTypeRemote       = "RemoteAttachment"
	AttachmentTypeEmbedded     = "EmbeddedAttachment"
	AttachmentEvidence         = "AttachmentEvidence"
	AttachmentDataField        = "uri"
	AttachmentIDField          = "id"
	AttachmentHashField        = "hash"
	AttachmentHashAlgoField    = "hash-alg"
	AttachmentErrorField       = "error"
	AttachmentDescriptionField = "description"
)

Variables

View Source
var ErrDataNotFound = errors.New("data not found")

Functions

func CreateEvent added in v1.5.0

func CreateEvent(
	eventType spi.EventType,
	transactionID TxID,
	ep *EventPayload,
) (*spi.Event, error)

func GetSupportedVPFormats added in v1.1.0

func GetSupportedVPFormats(
	kmsSupportedKeyTypes []kmsapi.KeyType,
	supportedVPFormats,
	supportedVCFormats []vcsverifiable.Format,
) *presexch.Format

Types

type Attachment added in v1.10.0

type Attachment struct {
	ID          string `json:"id"`
	DataURI     string `json:"data_uri"`
	Description string `json:"description"`
	Error       string `json:"error,omitempty"`
}

type AttachmentService added in v1.10.0

type AttachmentService struct {
	// contains filtered or unexported fields
}

func NewAttachmentService added in v1.10.0

func NewAttachmentService(
	httpClient httpClient,
) *AttachmentService

func (*AttachmentService) GetAttachments added in v1.10.0

func (s *AttachmentService) GetAttachments(
	ctx context.Context,
	subjects []verifiable.Subject,
	idTokenAttachments map[string]string,
) ([]*Attachment, error)

type AuthorizationResponseParsed added in v1.6.0

type AuthorizationResponseParsed struct {
	// CustomScopeClaims stores additional claims provided by Holder
	// caused by custom scope as a part of Initiate Credential Presentation request.
	CustomScopeClaims  map[string]Claims
	VPTokens           []*ProcessedVPToken
	AttestationVP      string
	Attachments        map[string]string // Attachments from IDToken for AttachmentEvidence type
	InteractionDetails map[string]interface{}
}

type ClaimData

type ClaimData struct {
	EncryptedData *dataprotect.EncryptedData `json:"encrypted_data"`
}

type Claims added in v1.6.0

type Claims = map[string]interface{}

type ClientMetadata added in v1.10.0

type ClientMetadata struct {
	ClientName                  string           `json:"client_name"`
	SubjectSyntaxTypesSupported []string         `json:"subject_syntax_types_supported"`
	VPFormats                   *presexch.Format `json:"vp_formats"`
	ClientPurpose               string           `json:"client_purpose"`
	LogoURI                     string           `json:"logo_uri"`
}

type Config

type Config struct {
	TransactionManager   transactionManager
	RequestObjectStore   requestObjectStore
	KMSRegistry          kmsRegistry
	DocumentLoader       ld.DocumentLoader
	ProfileService       profileService
	EventSvc             eventService
	EventTopic           string
	PresentationVerifier presentationVerifier
	VDR                  vdrapi.Registry
	TrustRegistry        trustRegistry
	ResponseURI          string
	TokenLifetime        time.Duration
	Metrics              metricsProvider
	AttachmentService    attachmentService
}

type CredentialEventPayload added in v1.8.0

type CredentialEventPayload struct {
	ID        string   `json:"id,omitempty"`
	Types     []string `json:"types,omitempty"`
	SubjectID string   `json:"subjectID,omitempty"`
	IssuerID  string   `json:"issuerID,omitempty"`
}

type CredentialMetadata

type CredentialMetadata struct {
	Format         vcsverifiable.Format `json:"format,omitempty"`
	Type           []string             `json:"type,omitempty"`
	SubjectData    interface{}          `json:"subjectData,omitempty"`
	Issuer         interface{}          `json:"issuer,omitempty"`
	IssuanceDate   *util.TimeWrapper    `json:"issuanceDate,omitempty"`
	ExpirationDate *util.TimeWrapper    `json:"expirationDate,omitempty"`
	ValidFrom      *util.TimeWrapper    `json:"validFrom,omitempty"`
	ValidUntil     *util.TimeWrapper    `json:"validUntil,omitempty"`
	CustomClaims   map[string]Claims    `json:"customClaims,omitempty"`

	Name        interface{}   `json:"name,omitempty"`
	AwardedDate interface{}   `json:"awardedDate,omitempty"`
	Description interface{}   `json:"description,omitempty"`
	Attachments []*Attachment `json:"attachments"`
}

type EventPayload added in v1.5.0

type EventPayload struct {
	WebHook                  string                    `json:"webHook,omitempty"`
	ProfileID                string                    `json:"profileID,omitempty"`
	ProfileVersion           string                    `json:"profileVersion,omitempty"`
	OrgID                    string                    `json:"orgID,omitempty"`
	PresentationDefinitionID string                    `json:"presentationDefinitionID,omitempty"`
	Filter                   *Filter                   `json:"filter,omitempty"`
	AuthorizationRequest     string                    `json:"authorizationRequest,omitempty"`
	Error                    string                    `json:"error,omitempty"`
	ErrorCode                string                    `json:"errorCode,omitempty"`
	ErrorComponent           string                    `json:"errorComponent,omitempty"`
	Credentials              []*CredentialEventPayload `json:"credentials,omitempty"`
	InteractionDetails       map[string]interface{}    `json:"interaction_details,omitempty"`
}

type Filter added in v1.5.0

type Filter struct {
	Fields []string `json:"fields"`
}

type InteractionInfo

type InteractionInfo struct {
	AuthorizationRequest string
	TxID                 TxID
}

type JWSSigner

type JWSSigner struct {
	// contains filtered or unexported fields
}

func NewJWSSigner

func NewJWSSigner(keyID string, signer vc.SignerAlgorithm) *JWSSigner

func (*JWSSigner) Headers

func (s *JWSSigner) Headers() jose.Headers

Headers provides JWS headers. "alg" header must be provided (see https://tools.ietf.org/html/rfc7515#section-4.1)

func (*JWSSigner) Sign

func (s *JWSSigner) Sign(data []byte) ([]byte, error)

Sign signs.

type ProcessedVPToken

type ProcessedVPToken struct {
	Nonce         string
	ClientID      string
	SignerDIDID   string
	VpTokenFormat vcsverifiable.Format
	Presentation  *verifiable.Presentation
}

type ReceivedClaims

type ReceivedClaims struct {
	Attachments       map[string]string
	CustomScopeClaims map[string]Claims
	Credentials       []*verifiable.Credential
}

type ReceivedClaimsRaw

type ReceivedClaimsRaw struct {
	Credentials       [][]byte          `json:"credentials"`
	CustomScopeClaims map[string][]byte `json:"customScopeClaims,omitempty"`
	Attachment        map[string]string `json:"attachments,omitempty"`
}

ReceivedClaimsRaw is temporary struct for parsing to ReceivedClaims, as we need to unmarshal credentials separately.

type RequestObject

type RequestObject struct {
	JTI            string `json:"jti"`
	IAT            int64  `json:"iat"`
	ISS            string `json:"iss"`
	ResponseType   string `json:"response_type"`
	ResponseMode   string `json:"response_mode"`
	ResponseURI    string `json:"response_uri"`
	Scope          string `json:"scope"`
	Nonce          string `json:"nonce"`
	ClientID       string `json:"client_id"`
	ClientIDScheme string `json:"client_id_scheme"`
	RedirectURI    string `json:"redirect_uri"`
	State          string `json:"state"`
	Exp            int64  `json:"exp"`
	// Deprecated: Use client_metadata instead.
	Registration RequestObjectRegistration `json:"registration"`
	// Deprecated: Use top-level "presentation_definition" instead.
	Claims                 RequestObjectClaims              `json:"claims"`
	ClientMetadata         *ClientMetadata                  `json:"client_metadata"`
	PresentationDefinition *presexch.PresentationDefinition `json:"presentation_definition"`
}

RequestObject represents the request object sent to the wallet. It contains the presentation definition that specifies what verifiable credentials should be sent back by the wallet.

type RequestObjectClaims

type RequestObjectClaims struct {
	VPToken VPToken `json:"vp_token"`
}

type RequestObjectRegistration

type RequestObjectRegistration struct {
	ClientName                  string           `json:"client_name"`
	SubjectSyntaxTypesSupported []string         `json:"subject_syntax_types_supported"`
	VPFormats                   *presexch.Format `json:"vp_formats"`
	ClientPurpose               string           `json:"client_purpose"`
	LogoURI                     string           `json:"logo_uri"`
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

func NewService

func NewService(cfg *Config) *Service

func (*Service) DeleteClaims

func (s *Service) DeleteClaims(_ context.Context, claimsID string) error

func (*Service) GetTx

func (s *Service) GetTx(_ context.Context, id TxID) (*Transaction, error)

func (*Service) HandleWalletNotification added in v1.11.0

func (s *Service) HandleWalletNotification(ctx context.Context, req *WalletNotification) error

HandleWalletNotification handles wallet notifications.

func (*Service) InitiateOidcInteraction

func (s *Service) InitiateOidcInteraction(
	ctx context.Context,
	presentationDefinition *presexch.PresentationDefinition,
	purpose string,
	customScopes []string,
	customURLScheme string,
	profile *profileapi.Verifier,
) (*InteractionInfo, error)

func (*Service) RetrieveClaims

func (s *Service) RetrieveClaims(
	ctx context.Context,
	tx *Transaction,
	profile *profileapi.Verifier,
) map[string]CredentialMetadata

func (*Service) VerifyOIDCVerifiablePresentation

func (s *Service) VerifyOIDCVerifiablePresentation(
	ctx context.Context,
	txID TxID,
	authResponse *AuthorizationResponseParsed,
) error

type ServiceInterface

type ServiceInterface interface {
	InitiateOidcInteraction(
		ctx context.Context,
		presentationDefinition *presexch.PresentationDefinition,
		purpose string,
		customScopes []string,
		customURLScheme string,
		profile *profileapi.Verifier,
	) (*InteractionInfo, error)
	VerifyOIDCVerifiablePresentation(ctx context.Context, txID TxID, authResponse *AuthorizationResponseParsed) error
	GetTx(ctx context.Context, id TxID) (*Transaction, error)
	RetrieveClaims(ctx context.Context, tx *Transaction, profile *profileapi.Verifier) map[string]CredentialMetadata
	DeleteClaims(ctx context.Context, receivedClaimsID string) error
	HandleWalletNotification(ctx context.Context, req *WalletNotification) error
}

type Transaction

type Transaction struct {
	ID                     TxID
	ProfileID              string
	ProfileVersion         string
	PresentationDefinition *presexch.PresentationDefinition
	ReceivedClaims         *ReceivedClaims
	ReceivedClaimsID       string
	CustomScopes           []string
}

type TransactionUpdate

type TransactionUpdate struct {
	ID               TxID
	ReceivedClaimsID string
}

type TxClaimsStore

type TxClaimsStore txClaimsStore

type TxID

type TxID string

type TxManager

type TxManager struct {
	// contains filtered or unexported fields
}

TxManager used to manage oidc transactions.

func NewTxManager

func NewTxManager(
	store txNonceStore,
	txStore txStore,
	txClaimsStore txClaimsStore,
	dataProtector dataProtector,
	docLoader ld.DocumentLoader,
) *TxManager

NewTxManager creates TxManager.

func (*TxManager) ClaimsToClaimsRaw

func (tm *TxManager) ClaimsToClaimsRaw(data *ReceivedClaims) (*ReceivedClaimsRaw, error)

func (*TxManager) CreateTx

func (tm *TxManager) CreateTx(
	pd *presexch.PresentationDefinition,
	profileID, profileVersion string,
	profileTransactionDataTTL int32,
	profileNonceStoreDataTTL int32,
	customScopes []string,
) (*Transaction, string, error)

CreateTx creates transaction and generate one time access token.

func (*TxManager) DecryptClaims

func (tm *TxManager) DecryptClaims(ctx context.Context, data *ClaimData) (*ReceivedClaims, error)

func (*TxManager) Delete added in v1.11.0

func (tm *TxManager) Delete(txID TxID) error

Delete transaction by TxID. Note, that given func does not remove associated claims from store.

func (*TxManager) DeleteReceivedClaims

func (tm *TxManager) DeleteReceivedClaims(claimsID string) error

func (*TxManager) EncryptClaims

func (tm *TxManager) EncryptClaims(ctx context.Context, data *ReceivedClaims) (*ClaimData, error)

func (*TxManager) Get

func (tm *TxManager) Get(txID TxID) (*Transaction, error)

Get transaction by TxID.

func (*TxManager) GetByOneTimeToken

func (tm *TxManager) GetByOneTimeToken(nonce string) (*Transaction, bool, error)

GetByOneTimeToken get transaction by nonce and then delete nonce.

func (*TxManager) StoreReceivedClaims

func (tm *TxManager) StoreReceivedClaims(
	txID TxID,
	claims *ReceivedClaims,
	profileTransactionDataTTL, profileReceivedClaimsDataTTL int32) error

type TxNonceStore

type TxNonceStore txNonceStore

type TxStore added in v1.6.0

type TxStore txStore

type VPToken

type VPToken struct {
	PresentationDefinition *presexch.PresentationDefinition `json:"presentation_definition"`
}

type WalletNotification added in v1.11.0

type WalletNotification struct {
	TxID               TxID
	Error              string
	ErrorDescription   string
	InteractionDetails map[string]interface{}
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL