oidc4ci

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2024 License: Apache-2.0 Imports: 27 Imported by: 3

Documentation

Index

Constants

View Source
const (
	TransactionStateUnknown                         = TransactionState(0)
	TransactionStateIssuanceInitiated               = TransactionState(1)
	TransactionStatePreAuthCodeValidated            = TransactionState(2) // pre-auth only
	TransactionStateAwaitingIssuerOIDCAuthorization = TransactionState(3) // auth only
	TransactionStateIssuerOIDCAuthorizationDone     = TransactionState(4)
	TransactionStateCredentialsIssued               = TransactionState(5)
)
View Source
const (
	WalletInitFlowClaimExpectedMatchCount = 2
)

Variables

View Source
var ErrAckExpired = errors.New("expired_ack_id")
View Source
var ErrDataNotFound = errors.New("data not found")

Functions

func ExtractIssuerURL added in v1.2.0

func ExtractIssuerURL(input string) string

func WithDocumentTTL

func WithDocumentTTL(ttl time.Duration) func(insertOptions *InsertOptions)

Types

type Ack added in v1.6.0

type Ack struct {
	HashedToken    string `json:"hashed_token"`
	ProfileID      string `json:"profile_id"`
	ProfileVersion string `json:"profile_version"`
	TxID           TxID   `json:"tx_id"`
	WebHookURL     string `json:"webhook_url"`
	OrgID          string `json:"org_id"`
}

type AckRemote added in v1.6.0

type AckRemote struct {
	HashedToken      string `json:"hashed_token"`
	ID               string `json:"id"`
	Status           string `json:"status"`
	ErrorText        string `json:"error_text"`
	IssuerIdentifier string `json:"issuer_identifier"`
}

type AckService added in v1.6.0

type AckService struct {
	// contains filtered or unexported fields
}

func NewAckService added in v1.6.0

func NewAckService(
	cfg *AckServiceConfig,
) *AckService

func (*AckService) Ack added in v1.6.0

func (s *AckService) Ack(
	ctx context.Context,
	req AckRemote,
) error

Ack acknowledges the interaction.

func (*AckService) AckEventMap added in v1.6.0

func (s *AckService) AckEventMap(status string) (spi.EventType, error)

func (*AckService) CreateAck added in v1.6.0

func (s *AckService) CreateAck(
	ctx context.Context,
	ack *Ack,
) (*string, error)

CreateAck creates an acknowledgement.

func (*AckService) HandleAckNotFound added in v1.6.0

func (s *AckService) HandleAckNotFound(
	ctx context.Context,
	req AckRemote,
) error

type AckServiceConfig added in v1.6.0

type AckServiceConfig struct {
	AckStore   ackStore
	EventSvc   eventService
	EventTopic string
	ProfileSvc profileService
}

type AuthorizationCodeGrant

type AuthorizationCodeGrant struct {
	IssuerState string `json:"issuer_state"`
}

type AuthorizationDetails

type AuthorizationDetails struct {
	Type      string
	Types     []string
	Format    vcsverifiable.Format
	Locations []string
}

AuthorizationDetails are the VC-related details for VC issuance.

type AuthorizeState

type AuthorizeState struct {
	RedirectURI         *url.URL                        `json:"redirect_uri"`
	RespondMode         string                          `json:"respond_mode"`
	Header              map[string][]string             `json:"header"`
	Parameters          map[string][]string             `json:"parameters"`
	WalletInitiatedFlow *common.WalletInitiatedFlowData `json:"wallet_initiated_flow"`
}

type ClaimData

type ClaimData struct {
	EncryptedData *dataprotect.EncryptedData `json:"encrypted_data"`
}

ClaimData represents user claims in pre-auth code flow.

type ClaimDataStore

type ClaimDataStore claimDataStore

type Config

type Config struct {
	TransactionStore              transactionStore
	ClaimDataStore                claimDataStore
	WellKnownService              wellKnownService
	ProfileService                profileService
	IssuerVCSPublicHost           string
	HTTPClient                    *http.Client
	EventService                  eventService
	PinGenerator                  pinGenerator
	EventTopic                    string
	PreAuthCodeTTL                int32
	CredentialOfferReferenceStore credentialOfferReferenceStore // optional
	DataProtector                 dataProtector
	KMSRegistry                   kmsRegistry
	CryptoJWTSigner               cryptoJWTSigner
	JSONSchemaValidator           jsonSchemaValidator
	ClientAttestationService      clientAttestationService
	AckService                    ackService
}

Config holds configuration options and dependencies for Service.

type CredentialOffer

type CredentialOffer struct {
	Format vcsverifiable.OIDCFormat `json:"format"`
	Types  []string                 `json:"types"`
}

type CredentialOfferGrant

type CredentialOfferGrant struct {
	AuthorizationCode     *AuthorizationCodeGrant `json:"authorization_code,omitempty"`
	PreAuthorizationGrant *PreAuthorizationGrant  `json:"urn:ietf:params:oauth:grant-type:pre-authorized_code,omitempty"` // nolint:lll
}

type CredentialOfferResponse

type CredentialOfferResponse struct {
	CredentialIssuer string               `json:"credential_issuer"`
	Credentials      []CredentialOffer    `json:"credentials"`
	Grants           CredentialOfferGrant `json:"grants"`
}

type EventPayload added in v1.5.0

type EventPayload struct {
	WebHook               string `json:"webHook,omitempty"`
	ProfileID             string `json:"profileID,omitempty"`
	ProfileVersion        string `json:"profileVersion,omitempty"`
	CredentialTemplateID  string `json:"credentialTemplateID,omitempty"`
	OrgID                 string `json:"orgID,omitempty"`
	WalletInitiatedFlow   bool   `json:"walletInitiatedFlow"`
	PinRequired           bool   `json:"pinRequired"`
	PreAuthFlow           bool   `json:"preAuthFlow"`
	Format                string `json:"format,omitempty"`
	InitiateIssuanceURL   string `json:"initiateIssuanceURL,omitempty"`
	AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
	Error                 string `json:"error,omitempty"`
	ErrorCode             string `json:"errorCode,omitempty"`
	ErrorComponent        string `json:"errorComponent,omitempty"`
}

type InitiateIssuanceRequest

type InitiateIssuanceRequest struct {
	CredentialTemplateID      string
	ClientInitiateIssuanceURL string
	ClientWellKnownURL        string
	ClaimEndpoint             string
	GrantType                 string
	ResponseType              string
	Scope                     []string
	OpState                   string
	ClaimData                 map[string]interface{}
	UserPinRequired           bool
	CredentialExpiresAt       *time.Time
	CredentialName            string
	CredentialDescription     string
	WalletInitiatedIssuance   bool
}

InitiateIssuanceRequest is the request used by the Issuer to initiate the OIDC VC issuance interaction.

type InitiateIssuanceResponse

type InitiateIssuanceResponse struct {
	InitiateIssuanceURL string
	TxID                TxID
	UserPin             string
	Tx                  *Transaction                        `json:"-"`
	ContentType         InitiateIssuanceResponseContentType `json:"-"`
}

InitiateIssuanceResponse is the response from the Issuer to the Wallet with initiate issuance URL.

type InitiateIssuanceResponseContentType added in v1.3.0

type InitiateIssuanceResponseContentType = string
const (
	ContentTypeApplicationJSON InitiateIssuanceResponseContentType = echo.MIMEApplicationJSONCharsetUTF8
	ContentTypeApplicationJWT  InitiateIssuanceResponseContentType = "application/jwt"
)

type InsertOptions

type InsertOptions struct {
	TTL time.Duration
}

type IssuerIDPOIDCConfiguration added in v1.5.0

type IssuerIDPOIDCConfiguration struct {
	AuthorizationEndpoint              string   `json:"authorization_endpoint"`
	PushedAuthorizationRequestEndpoint string   `json:"pushed_authorization_request_endpoint"`
	TokenEndpoint                      string   `json:"token_endpoint"`
	ResponseTypesSupported             []string `json:"response_types_supported"`
	ScopesSupported                    []string `json:"scopes_supported"`
	GrantTypesSupported                []string `json:"grant_types_supported"`
	InitiateIssuanceEndpoint           string   `json:"initiate_issuance_endpoint"`
}

IssuerIDPOIDCConfiguration represents an Issuer's IDP OIDC configuration from well-know endpoint (usually: /.well-known/openid-configuration).

type JWTCredentialOfferClaims added in v1.3.0

type JWTCredentialOfferClaims struct {
	*jwt.Claims

	CredentialOffer *CredentialOfferResponse `json:"credential_offer,omitempty"`
}

JWTCredentialOfferClaims is JWT Claims extension by CredentialOfferResponse (with custom "credential_offer" claim).

type PreAuthorizationGrant

type PreAuthorizationGrant struct {
	PreAuthorizedCode string `json:"pre-authorized_code"`
	UserPinRequired   bool   `json:"user_pin_required"`
}

type PrepareClaimDataAuthorizationRequest

type PrepareClaimDataAuthorizationRequest struct {
	ResponseType         string
	Scope                []string
	OpState              string
	AuthorizationDetails *AuthorizationDetails
}

PrepareClaimDataAuthorizationRequest is the request to prepare the claim data authorization request.

type PrepareClaimDataAuthorizationResponse

type PrepareClaimDataAuthorizationResponse struct {
	WalletInitiatedFlow                *common.WalletInitiatedFlowData
	ProfileID                          profileapi.ID
	ProfileVersion                     profileapi.Version
	TxID                               TxID
	ResponseType                       string
	Scope                              []string
	AuthorizationEndpoint              string
	PushedAuthorizationRequestEndpoint string
}

type PrepareCredential

type PrepareCredential struct {
	TxID             TxID
	CredentialTypes  []string
	CredentialFormat vcsverifiable.Format
	DID              string
	AudienceClaim    string
	HashedToken      string
}

type PrepareCredentialResult

type PrepareCredentialResult struct {
	ProfileID               profileapi.ID
	ProfileVersion          profileapi.Version
	Credential              *verifiable.Credential
	Format                  vcsverifiable.Format
	Retry                   bool
	EnforceStrictValidation bool
	OidcFormat              vcsverifiable.OIDCFormat
	CredentialTemplate      *profileapi.CredentialTemplate
	AckID                   *string
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service implements VCS credential interaction API for OIDC credential issuance.

func NewService

func NewService(config *Config) (*Service, error)

NewService returns a new Service instance.

func (*Service) AuthenticateClient added in v1.6.0

func (s *Service) AuthenticateClient(
	ctx context.Context,
	profile *profile.Issuer,
	clientAssertionType,
	clientAssertion string) error

func (*Service) DecryptClaims

func (s *Service) DecryptClaims(ctx context.Context, data *ClaimData) (map[string]interface{}, error)

func (*Service) EncryptClaims

func (s *Service) EncryptClaims(ctx context.Context, data map[string]interface{}) (*ClaimData, error)

func (*Service) ExchangeAuthorizationCode

func (s *Service) ExchangeAuthorizationCode(
	ctx context.Context,
	opState,
	clientID,
	clientAssertionType,
	clientAssertion string,
) (TxID, error)

func (*Service) GetCredentialsExpirationTime

func (s *Service) GetCredentialsExpirationTime(
	req *InitiateIssuanceRequest,
	template *profileapi.CredentialTemplate,
) time.Time

func (*Service) InitiateIssuance

func (s *Service) InitiateIssuance(
	ctx context.Context,
	req *InitiateIssuanceRequest,
	profile *profileapi.Issuer,
) (*InitiateIssuanceResponse, error)

InitiateIssuance creates credential issuance transaction and builds initiate issuance URL.

func (*Service) PrepareCredential

func (s *Service) PrepareCredential(
	ctx context.Context,
	req *PrepareCredential,
) (*PrepareCredentialResult, error)

func (*Service) PushAuthorizationDetails

func (s *Service) PushAuthorizationDetails(
	ctx context.Context,
	opState string,
	ad *AuthorizationDetails,
) error

func (*Service) SelectProperOIDCFormat

func (s *Service) SelectProperOIDCFormat(
	format verifiable.Format,
	template *profileapi.CredentialTemplate,
) verifiable.OIDCFormat

func (*Service) StoreAuthorizationCode

func (s *Service) StoreAuthorizationCode(
	ctx context.Context,
	opState string,
	code string,
	flowData *common.WalletInitiatedFlowData,
) (TxID, error)

StoreAuthorizationCode stores authorization code from issuer provider.

func (*Service) ValidatePreAuthorizedCodeRequest

func (s *Service) ValidatePreAuthorizedCodeRequest(
	ctx context.Context,
	preAuthorizedCode,
	pin,
	clientID,
	clientAssertionType,
	clientAssertion string,
) (*Transaction, error)

type ServiceInterface

type ServiceInterface interface {
	InitiateIssuance(
		ctx context.Context,
		req *InitiateIssuanceRequest,
		profile *profileapi.Issuer,
	) (*InitiateIssuanceResponse, error)
	PushAuthorizationDetails(ctx context.Context, opState string, ad *AuthorizationDetails) error
	PrepareClaimDataAuthorizationRequest(
		ctx context.Context,
		req *PrepareClaimDataAuthorizationRequest,
	) (*PrepareClaimDataAuthorizationResponse, error)
	StoreAuthorizationCode(
		ctx context.Context,
		opState string,
		code string,
		flowData *common.WalletInitiatedFlowData,
	) (TxID, error)
	ExchangeAuthorizationCode(
		ctx context.Context,
		opState,
		clientID,
		clientAssertionType,
		clientAssertion string,
	) (TxID, error)
	ValidatePreAuthorizedCodeRequest(
		ctx context.Context,
		preAuthorizedCode,
		pin,
		clientID,
		clientAssertionType,
		clientAssertion string,
	) (*Transaction, error)
	PrepareCredential(ctx context.Context, req *PrepareCredential) (*PrepareCredentialResult, error)
}

type Transaction

type Transaction struct {
	ID TxID
	TransactionData
}

Transaction is the credential issuance transaction. Issuer creates a transaction to convey the intention of issuing a credential with the given parameters. The transaction is stored in the transaction store and its status is updated as the credential issuance progresses.

type TransactionData

type TransactionData struct {
	ProfileID                          profileapi.ID
	ProfileVersion                     profileapi.Version
	OrgID                              string
	CredentialTemplate                 *profileapi.CredentialTemplate
	CredentialFormat                   vcsverifiable.Format
	OIDCCredentialFormat               vcsverifiable.OIDCFormat
	AuthorizationEndpoint              string
	PushedAuthorizationRequestEndpoint string
	TokenEndpoint                      string
	ClaimEndpoint                      string
	RedirectURI                        string
	GrantType                          string
	ResponseType                       string
	Scope                              []string
	AuthorizationDetails               *AuthorizationDetails
	IssuerAuthCode                     string
	IssuerToken                        string
	OpState                            string
	IsPreAuthFlow                      bool
	PreAuthCode                        string
	PreAuthCodeExpiresAt               *time.Time
	ClaimDataID                        string
	State                              TransactionState
	WebHookURL                         string
	UserPin                            string
	DID                                string
	CredentialExpiresAt                *time.Time
	CredentialName                     string
	CredentialDescription              string
	WalletInitiatedIssuance            bool
}

TransactionData is the transaction data stored in the underlying storage.

type TransactionState

type TransactionState int16

type TransactionStore

type TransactionStore transactionStore

type TxID

type TxID string

TxID defines type for transaction ID.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL