oidc4ci

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2023 License: Apache-2.0 Imports: 27 Imported by: 3

Documentation

Index

Constants

View Source
const (
	TransactionStateUnknown                         = TransactionState(0)
	TransactionStateIssuanceInitiated               = TransactionState(1)
	TransactionStatePreAuthCodeValidated            = TransactionState(2) // pre-auth only
	TransactionStateAwaitingIssuerOIDCAuthorization = TransactionState(3) // auth only
	TransactionStateIssuerOIDCAuthorizationDone     = TransactionState(4)
	TransactionStateCredentialsIssued               = TransactionState(5)
)
View Source
const (
	WalletInitFlowClaimExpectedMatchCount = 2
)

Variables

View Source
var (
	ErrDataNotFound                    = errors.New("data not found")
	ErrOpStateKeyDuplication           = errors.New("op state key duplication")
	ErrProfileNotActive                = errors.New("profile not active")
	ErrCredentialTemplateNotFound      = errors.New("credential template not found")
	ErrCredentialTemplateNotConfigured = errors.New("credential template not configured")
	ErrCredentialTemplateIDRequired    = errors.New("credential template ID is required")
	ErrAuthorizedCodeFlowNotSupported  = errors.New("authorized code flow not supported")
	ErrResponseTypeMismatch            = errors.New("response type mismatch")
	ErrInvalidScope                    = errors.New("invalid scope")
	ErrCredentialTypeNotSupported      = errors.New("credential type not supported")
	ErrCredentialFormatNotSupported    = errors.New("credential format not supported")
	ErrVCOptionsNotConfigured          = errors.New("vc options not configured")
	ErrInvalidIssuerURL                = errors.New("invalid issuer url")
)

Functions

func ExtractIssuerURL added in v1.2.0

func ExtractIssuerURL(input string) string

func WithDocumentTTL

func WithDocumentTTL(ttl time.Duration) func(insertOptions *InsertOptions)

Types

type AuthorizationCodeGrant

type AuthorizationCodeGrant struct {
	IssuerState string `json:"issuer_state"`
}

type AuthorizationDetails

type AuthorizationDetails struct {
	Type      string
	Types     []string
	Format    vcsverifiable.Format
	Locations []string
}

AuthorizationDetails are the VC-related details for VC issuance.

type AuthorizeState

type AuthorizeState struct {
	RedirectURI         *url.URL                        `json:"redirect_uri"`
	RespondMode         string                          `json:"respond_mode"`
	Header              map[string][]string             `json:"header"`
	Parameters          map[string][]string             `json:"parameters"`
	WalletInitiatedFlow *common.WalletInitiatedFlowData `json:"wallet_initiated_flow"`
}

type ClaimData

type ClaimData struct {
	EncryptedData *dataprotect.EncryptedData `json:"encrypted_data"`
}

ClaimData represents user claims in pre-auth code flow.

type ClaimDataStore

type ClaimDataStore claimDataStore

type Config

type Config struct {
	TransactionStore              transactionStore
	ClaimDataStore                claimDataStore
	WellKnownService              wellKnownService
	ProfileService                profileService
	IssuerVCSPublicHost           string
	HTTPClient                    *http.Client
	EventService                  eventService
	PinGenerator                  pinGenerator
	EventTopic                    string
	PreAuthCodeTTL                int32
	CredentialOfferReferenceStore credentialOfferReferenceStore // optional
	DataProtector                 dataProtector
	KMSRegistry                   kmsRegistry
	CryptoJWTSigner               cryptoJWTSigner
}

Config holds configuration options and dependencies for Service.

type CredentialOffer

type CredentialOffer struct {
	Format vcsverifiable.OIDCFormat `json:"format"`
	Types  []string                 `json:"types"`
}

type CredentialOfferGrant

type CredentialOfferGrant struct {
	AuthorizationCode     *AuthorizationCodeGrant `json:"authorization_code,omitempty"`
	PreAuthorizationGrant *PreAuthorizationGrant  `json:"urn:ietf:params:oauth:grant-type:pre-authorized_code,omitempty"` // nolint:lll
}

type CredentialOfferResponse

type CredentialOfferResponse struct {
	CredentialIssuer string               `json:"credential_issuer"`
	Credentials      []CredentialOffer    `json:"credentials"`
	Grants           CredentialOfferGrant `json:"grants"`
}

type InitiateIssuanceRequest

type InitiateIssuanceRequest struct {
	CredentialTemplateID      string
	ClientInitiateIssuanceURL string
	ClientWellKnownURL        string
	ClaimEndpoint             string
	GrantType                 string
	ResponseType              string
	Scope                     []string
	OpState                   string
	ClaimData                 map[string]interface{}
	UserPinRequired           bool
	CredentialExpiresAt       *time.Time
	CredentialName            string
	CredentialDescription     string
	WalletInitiatedIssuance   bool
}

InitiateIssuanceRequest is the request used by the Issuer to initiate the OIDC VC issuance interaction.

type InitiateIssuanceResponse

type InitiateIssuanceResponse struct {
	InitiateIssuanceURL string
	TxID                TxID
	UserPin             string
	Tx                  *Transaction                        `json:"-"`
	ContentType         InitiateIssuanceResponseContentType `json:"-"`
}

InitiateIssuanceResponse is the response from the Issuer to the Wallet with initiate issuance URL.

type InitiateIssuanceResponseContentType added in v1.3.0

type InitiateIssuanceResponseContentType = string
const (
	ContentTypeApplicationJSON InitiateIssuanceResponseContentType = echo.MIMEApplicationJSONCharsetUTF8
	ContentTypeApplicationJWT  InitiateIssuanceResponseContentType = "application/jwt"
)

type InsertOptions

type InsertOptions struct {
	TTL time.Duration
}

type JWTCredentialOfferClaims added in v1.3.0

type JWTCredentialOfferClaims struct {
	*jwt.Claims

	CredentialOffer *CredentialOfferResponse `json:"credential_offer,omitempty"`
}

JWTCredentialOfferClaims is JWT Claims extension by CredentialOfferResponse (with custom "credential_offer" claim).

type OIDCConfiguration

type OIDCConfiguration struct {
	AuthorizationEndpoint              string   `json:"authorization_endpoint"`
	PushedAuthorizationRequestEndpoint string   `json:"pushed_authorization_request_endpoint"`
	TokenEndpoint                      string   `json:"token_endpoint"`
	ResponseTypesSupported             []string `json:"response_types_supported"`
	ScopesSupported                    []string `json:"scopes_supported"`
	GrantTypesSupported                []string `json:"grant_types_supported"`
	InitiateIssuanceEndpoint           string   `json:"initiate_issuance_endpoint"`
}

OIDCConfiguration represents an OIDC configuration from well-know endpoint (/.well-known/openid-configuration).

type PreAuthorizationGrant

type PreAuthorizationGrant struct {
	PreAuthorizedCode string `json:"pre-authorized_code"`
	UserPinRequired   bool   `json:"user_pin_required"`
}

type PrepareClaimDataAuthorizationRequest

type PrepareClaimDataAuthorizationRequest struct {
	ResponseType         string
	Scope                []string
	OpState              string
	AuthorizationDetails *AuthorizationDetails
}

PrepareClaimDataAuthorizationRequest is the request to prepare the claim data authorization request.

type PrepareClaimDataAuthorizationResponse

type PrepareClaimDataAuthorizationResponse struct {
	WalletInitiatedFlow                *common.WalletInitiatedFlowData
	ProfileID                          profileapi.ID
	ProfileVersion                     profileapi.Version
	TxID                               TxID
	ResponseType                       string
	Scope                              []string
	AuthorizationEndpoint              string
	PushedAuthorizationRequestEndpoint string
}

type PrepareCredential

type PrepareCredential struct {
	TxID             TxID
	CredentialTypes  []string
	CredentialFormat vcsverifiable.Format
	DID              string
	AudienceClaim    string
}

type PrepareCredentialResult

type PrepareCredentialResult struct {
	ProfileID               profileapi.ID
	ProfileVersion          profileapi.Version
	Credential              *verifiable.Credential
	Format                  vcsverifiable.Format
	Retry                   bool
	EnforceStrictValidation bool
	OidcFormat              vcsverifiable.OIDCFormat
	CredentialTemplate      *profileapi.CredentialTemplate
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service implements VCS credential interaction API for OIDC credential issuance.

func NewService

func NewService(config *Config) (*Service, error)

NewService returns a new Service instance.

func (*Service) DecryptClaims

func (s *Service) DecryptClaims(ctx context.Context, data *ClaimData) (map[string]interface{}, error)

func (*Service) EncryptClaims

func (s *Service) EncryptClaims(ctx context.Context, data map[string]interface{}) (*ClaimData, error)

func (*Service) ExchangeAuthorizationCode

func (s *Service) ExchangeAuthorizationCode(ctx context.Context, opState string) (TxID, error)

func (*Service) GetCredentialsExpirationTime

func (s *Service) GetCredentialsExpirationTime(
	req *InitiateIssuanceRequest,
	template *profileapi.CredentialTemplate,
) time.Time

func (*Service) InitiateIssuance

func (s *Service) InitiateIssuance(
	ctx context.Context,
	req *InitiateIssuanceRequest,
	profile *profileapi.Issuer,
) (*InitiateIssuanceResponse, error)

InitiateIssuance creates credential issuance transaction and builds initiate issuance URL.

func (*Service) PrepareCredential

func (s *Service) PrepareCredential(
	ctx context.Context,
	req *PrepareCredential,
) (*PrepareCredentialResult, error)

func (*Service) PushAuthorizationDetails

func (s *Service) PushAuthorizationDetails(
	ctx context.Context,
	opState string,
	ad *AuthorizationDetails,
) error

func (*Service) SelectProperOIDCFormat

func (s *Service) SelectProperOIDCFormat(
	format verifiable.Format,
	template *profileapi.CredentialTemplate,
) verifiable.OIDCFormat

func (*Service) StoreAuthorizationCode

func (s *Service) StoreAuthorizationCode(
	ctx context.Context,
	opState string,
	code string,
	flowData *common.WalletInitiatedFlowData,
) (TxID, error)

StoreAuthorizationCode stores authorization code from issuer provider.

func (*Service) ValidatePreAuthorizedCodeRequest

func (s *Service) ValidatePreAuthorizedCodeRequest(
	ctx context.Context,
	preAuthorizedCode string,
	pin string,
	clientID string,
) (*Transaction, error)

type ServiceInterface

type ServiceInterface interface {
	InitiateIssuance(
		ctx context.Context,
		req *InitiateIssuanceRequest,
		profile *profileapi.Issuer,
	) (*InitiateIssuanceResponse, error)
	PushAuthorizationDetails(ctx context.Context, opState string, ad *AuthorizationDetails) error
	PrepareClaimDataAuthorizationRequest(
		ctx context.Context,
		req *PrepareClaimDataAuthorizationRequest,
	) (*PrepareClaimDataAuthorizationResponse, error)
	StoreAuthorizationCode(
		ctx context.Context,
		opState string,
		code string,
		flowData *common.WalletInitiatedFlowData,
	) (TxID, error)
	ExchangeAuthorizationCode(ctx context.Context, opState string) (TxID, error)
	ValidatePreAuthorizedCodeRequest(
		ctx context.Context,
		preAuthorizedCode string,
		pin string,
		clientID string,
	) (*Transaction, error)
	PrepareCredential(ctx context.Context, req *PrepareCredential) (*PrepareCredentialResult, error)
}

type Transaction

type Transaction struct {
	ID TxID
	TransactionData
}

Transaction is the credential issuance transaction. Issuer creates a transaction to convey the intention of issuing a credential with the given parameters. The transaction is stored in the transaction store and its status is updated as the credential issuance progresses.

type TransactionData

type TransactionData struct {
	ProfileID                          profileapi.ID
	ProfileVersion                     profileapi.Version
	OrgID                              string
	CredentialTemplate                 *profileapi.CredentialTemplate
	CredentialFormat                   vcsverifiable.Format
	OIDCCredentialFormat               vcsverifiable.OIDCFormat
	AuthorizationEndpoint              string
	PushedAuthorizationRequestEndpoint string
	TokenEndpoint                      string
	ClaimEndpoint                      string
	ClientScope                        []string
	RedirectURI                        string
	GrantType                          string
	ResponseType                       string
	Scope                              []string
	AuthorizationDetails               *AuthorizationDetails
	IssuerAuthCode                     string
	IssuerToken                        string
	OpState                            string
	IsPreAuthFlow                      bool
	PreAuthCode                        string
	PreAuthCodeExpiresAt               *time.Time
	ClaimDataID                        string
	State                              TransactionState
	WebHookURL                         string
	UserPin                            string
	DID                                string
	CredentialExpiresAt                *time.Time
	CredentialName                     string
	CredentialDescription              string
	WalletInitiatedIssuance            bool
}

TransactionData is the transaction data stored in the underlying storage.

type TransactionState

type TransactionState int16

type TransactionStore

type TransactionStore transactionStore

type TxID

type TxID string

TxID defines type for transaction ID.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL