Documentation ¶
Index ¶
- Constants
- Variables
- func ExtractIssuerURL(input string) string
- func WithDocumentTTL(ttl time.Duration) func(insertOptions *InsertOptions)
- type AuthorizationCodeGrant
- type AuthorizationDetails
- type AuthorizeState
- type ClaimData
- type ClaimDataStore
- type Config
- type CredentialOffer
- type CredentialOfferGrant
- type CredentialOfferResponse
- type InitiateIssuanceRequest
- type InitiateIssuanceResponse
- type InitiateIssuanceResponseContentType
- type InsertOptions
- type JWTCredentialOfferClaims
- type OIDCConfiguration
- type PreAuthorizationGrant
- type PrepareClaimDataAuthorizationRequest
- type PrepareClaimDataAuthorizationResponse
- type PrepareCredential
- type PrepareCredentialResult
- type Service
- func (s *Service) DecryptClaims(ctx context.Context, data *ClaimData) (map[string]interface{}, error)
- func (s *Service) EncryptClaims(ctx context.Context, data map[string]interface{}) (*ClaimData, error)
- func (s *Service) ExchangeAuthorizationCode(ctx context.Context, opState string) (TxID, error)
- func (s *Service) GetCredentialsExpirationTime(req *InitiateIssuanceRequest, template *profileapi.CredentialTemplate) time.Time
- func (s *Service) InitiateIssuance(ctx context.Context, req *InitiateIssuanceRequest, profile *profileapi.Issuer) (*InitiateIssuanceResponse, error)
- func (s *Service) PrepareClaimDataAuthorizationRequest(ctx context.Context, req *PrepareClaimDataAuthorizationRequest) (*PrepareClaimDataAuthorizationResponse, error)
- func (s *Service) PrepareCredential(ctx context.Context, req *PrepareCredential) (*PrepareCredentialResult, error)
- func (s *Service) PushAuthorizationDetails(ctx context.Context, opState string, ad *AuthorizationDetails) error
- func (s *Service) SelectProperOIDCFormat(format verifiable.Format, template *profileapi.CredentialTemplate) verifiable.OIDCFormat
- func (s *Service) StoreAuthorizationCode(ctx context.Context, opState string, code string, ...) (TxID, error)
- func (s *Service) ValidatePreAuthorizedCodeRequest(ctx context.Context, preAuthorizedCode string, pin string, clientID string) (*Transaction, error)
- type ServiceInterface
- type Transaction
- type TransactionData
- type TransactionState
- type TransactionStore
- type TxID
Constants ¶
const ( TransactionStateUnknown = TransactionState(0) TransactionStateIssuanceInitiated = TransactionState(1) TransactionStatePreAuthCodeValidated = TransactionState(2) // pre-auth only TransactionStateAwaitingIssuerOIDCAuthorization = TransactionState(3) // auth only TransactionStateIssuerOIDCAuthorizationDone = TransactionState(4) TransactionStateCredentialsIssued = TransactionState(5) )
const (
WalletInitFlowClaimExpectedMatchCount = 2
)
Variables ¶
var ( ErrDataNotFound = errors.New("data not found") ErrOpStateKeyDuplication = errors.New("op state key duplication") ErrProfileNotActive = errors.New("profile not active") ErrCredentialTemplateNotFound = errors.New("credential template not found") ErrCredentialTemplateNotConfigured = errors.New("credential template not configured") ErrCredentialTemplateIDRequired = errors.New("credential template ID is required") ErrAuthorizedCodeFlowNotSupported = errors.New("authorized code flow not supported") ErrResponseTypeMismatch = errors.New("response type mismatch") ErrInvalidScope = errors.New("invalid scope") ErrCredentialTypeNotSupported = errors.New("credential type not supported") ErrCredentialFormatNotSupported = errors.New("credential format not supported") ErrVCOptionsNotConfigured = errors.New("vc options not configured") ErrInvalidIssuerURL = errors.New("invalid issuer url") )
Functions ¶
func ExtractIssuerURL ¶ added in v1.2.0
func WithDocumentTTL ¶
func WithDocumentTTL(ttl time.Duration) func(insertOptions *InsertOptions)
Types ¶
type AuthorizationCodeGrant ¶
type AuthorizationCodeGrant struct {
IssuerState string `json:"issuer_state"`
}
type AuthorizationDetails ¶
type AuthorizationDetails struct { Type string Types []string Format vcsverifiable.Format Locations []string }
AuthorizationDetails are the VC-related details for VC issuance.
type AuthorizeState ¶
type ClaimData ¶
type ClaimData struct {
EncryptedData *dataprotect.EncryptedData `json:"encrypted_data"`
}
ClaimData represents user claims in pre-auth code flow.
type ClaimDataStore ¶
type ClaimDataStore claimDataStore
type Config ¶
type Config struct { TransactionStore transactionStore ClaimDataStore claimDataStore WellKnownService wellKnownService ProfileService profileService IssuerVCSPublicHost string HTTPClient *http.Client EventService eventService PinGenerator pinGenerator EventTopic string PreAuthCodeTTL int32 CredentialOfferReferenceStore credentialOfferReferenceStore // optional DataProtector dataProtector KMSRegistry kmsRegistry CryptoJWTSigner cryptoJWTSigner }
Config holds configuration options and dependencies for Service.
type CredentialOffer ¶
type CredentialOffer struct { Format vcsverifiable.OIDCFormat `json:"format"` Types []string `json:"types"` }
type CredentialOfferGrant ¶
type CredentialOfferGrant struct { AuthorizationCode *AuthorizationCodeGrant `json:"authorization_code,omitempty"` PreAuthorizationGrant *PreAuthorizationGrant `json:"urn:ietf:params:oauth:grant-type:pre-authorized_code,omitempty"` // nolint:lll }
type CredentialOfferResponse ¶
type CredentialOfferResponse struct { CredentialIssuer string `json:"credential_issuer"` Credentials []CredentialOffer `json:"credentials"` Grants CredentialOfferGrant `json:"grants"` }
type InitiateIssuanceRequest ¶
type InitiateIssuanceRequest struct { CredentialTemplateID string ClientInitiateIssuanceURL string ClientWellKnownURL string ClaimEndpoint string GrantType string ResponseType string Scope []string OpState string ClaimData map[string]interface{} UserPinRequired bool CredentialExpiresAt *time.Time CredentialName string CredentialDescription string WalletInitiatedIssuance bool }
InitiateIssuanceRequest is the request used by the Issuer to initiate the OIDC VC issuance interaction.
type InitiateIssuanceResponse ¶
type InitiateIssuanceResponse struct { InitiateIssuanceURL string TxID TxID UserPin string Tx *Transaction `json:"-"` ContentType InitiateIssuanceResponseContentType `json:"-"` }
InitiateIssuanceResponse is the response from the Issuer to the Wallet with initiate issuance URL.
type InitiateIssuanceResponseContentType ¶ added in v1.3.0
type InitiateIssuanceResponseContentType = string
const ( ContentTypeApplicationJSON InitiateIssuanceResponseContentType = echo.MIMEApplicationJSONCharsetUTF8 ContentTypeApplicationJWT InitiateIssuanceResponseContentType = "application/jwt" )
type InsertOptions ¶
type JWTCredentialOfferClaims ¶ added in v1.3.0
type JWTCredentialOfferClaims struct { *jwt.Claims CredentialOffer *CredentialOfferResponse `json:"credential_offer,omitempty"` }
JWTCredentialOfferClaims is JWT Claims extension by CredentialOfferResponse (with custom "credential_offer" claim).
type OIDCConfiguration ¶
type OIDCConfiguration struct { AuthorizationEndpoint string `json:"authorization_endpoint"` PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"` TokenEndpoint string `json:"token_endpoint"` ResponseTypesSupported []string `json:"response_types_supported"` ScopesSupported []string `json:"scopes_supported"` GrantTypesSupported []string `json:"grant_types_supported"` InitiateIssuanceEndpoint string `json:"initiate_issuance_endpoint"` }
OIDCConfiguration represents an OIDC configuration from well-know endpoint (/.well-known/openid-configuration).
type PreAuthorizationGrant ¶
type PrepareClaimDataAuthorizationRequest ¶
type PrepareClaimDataAuthorizationRequest struct { ResponseType string Scope []string OpState string AuthorizationDetails *AuthorizationDetails }
PrepareClaimDataAuthorizationRequest is the request to prepare the claim data authorization request.
type PrepareClaimDataAuthorizationResponse ¶
type PrepareClaimDataAuthorizationResponse struct { WalletInitiatedFlow *common.WalletInitiatedFlowData ProfileID profileapi.ID ProfileVersion profileapi.Version TxID TxID ResponseType string Scope []string AuthorizationEndpoint string PushedAuthorizationRequestEndpoint string }
type PrepareCredential ¶
type PrepareCredentialResult ¶
type PrepareCredentialResult struct { ProfileID profileapi.ID ProfileVersion profileapi.Version Credential *verifiable.Credential Format vcsverifiable.Format Retry bool EnforceStrictValidation bool OidcFormat vcsverifiable.OIDCFormat CredentialTemplate *profileapi.CredentialTemplate }
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service implements VCS credential interaction API for OIDC credential issuance.
func NewService ¶
NewService returns a new Service instance.
func (*Service) DecryptClaims ¶
func (*Service) EncryptClaims ¶
func (*Service) ExchangeAuthorizationCode ¶
func (*Service) GetCredentialsExpirationTime ¶
func (s *Service) GetCredentialsExpirationTime( req *InitiateIssuanceRequest, template *profileapi.CredentialTemplate, ) time.Time
func (*Service) InitiateIssuance ¶
func (s *Service) InitiateIssuance( ctx context.Context, req *InitiateIssuanceRequest, profile *profileapi.Issuer, ) (*InitiateIssuanceResponse, error)
InitiateIssuance creates credential issuance transaction and builds initiate issuance URL.
func (*Service) PrepareClaimDataAuthorizationRequest ¶
func (s *Service) PrepareClaimDataAuthorizationRequest( ctx context.Context, req *PrepareClaimDataAuthorizationRequest, ) (*PrepareClaimDataAuthorizationResponse, error)
func (*Service) PrepareCredential ¶
func (s *Service) PrepareCredential( ctx context.Context, req *PrepareCredential, ) (*PrepareCredentialResult, error)
func (*Service) PushAuthorizationDetails ¶
func (*Service) SelectProperOIDCFormat ¶
func (s *Service) SelectProperOIDCFormat( format verifiable.Format, template *profileapi.CredentialTemplate, ) verifiable.OIDCFormat
func (*Service) StoreAuthorizationCode ¶
func (s *Service) StoreAuthorizationCode( ctx context.Context, opState string, code string, flowData *common.WalletInitiatedFlowData, ) (TxID, error)
StoreAuthorizationCode stores authorization code from issuer provider.
func (*Service) ValidatePreAuthorizedCodeRequest ¶
type ServiceInterface ¶
type ServiceInterface interface { InitiateIssuance( ctx context.Context, req *InitiateIssuanceRequest, profile *profileapi.Issuer, ) (*InitiateIssuanceResponse, error) PushAuthorizationDetails(ctx context.Context, opState string, ad *AuthorizationDetails) error PrepareClaimDataAuthorizationRequest( ctx context.Context, req *PrepareClaimDataAuthorizationRequest, ) (*PrepareClaimDataAuthorizationResponse, error) StoreAuthorizationCode( ctx context.Context, opState string, code string, flowData *common.WalletInitiatedFlowData, ) (TxID, error) ExchangeAuthorizationCode(ctx context.Context, opState string) (TxID, error) ValidatePreAuthorizedCodeRequest( ctx context.Context, preAuthorizedCode string, pin string, clientID string, ) (*Transaction, error) PrepareCredential(ctx context.Context, req *PrepareCredential) (*PrepareCredentialResult, error) }
type Transaction ¶
type Transaction struct { ID TxID TransactionData }
Transaction is the credential issuance transaction. Issuer creates a transaction to convey the intention of issuing a credential with the given parameters. The transaction is stored in the transaction store and its status is updated as the credential issuance progresses.
type TransactionData ¶
type TransactionData struct { ProfileID profileapi.ID ProfileVersion profileapi.Version OrgID string CredentialTemplate *profileapi.CredentialTemplate CredentialFormat vcsverifiable.Format OIDCCredentialFormat vcsverifiable.OIDCFormat AuthorizationEndpoint string PushedAuthorizationRequestEndpoint string TokenEndpoint string ClaimEndpoint string ClientScope []string RedirectURI string GrantType string ResponseType string Scope []string AuthorizationDetails *AuthorizationDetails IssuerAuthCode string IssuerToken string OpState string IsPreAuthFlow bool PreAuthCode string PreAuthCodeExpiresAt *time.Time ClaimDataID string State TransactionState WebHookURL string UserPin string DID string CredentialExpiresAt *time.Time CredentialName string CredentialDescription string WalletInitiatedIssuance bool }
TransactionData is the transaction data stored in the underlying storage.
type TransactionState ¶
type TransactionState int16
type TransactionStore ¶
type TransactionStore transactionStore