openid4ci

package
v0.0.0-...-ad7f959 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 17 Imported by: 1

Documentation

Overview

Package openid4ci provides APIs for wallets to receive verifiable credentials via OIDC for Credential Issuance.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IssuerMetadataToGoImpl 

func IssuerMetadataToGoImpl(wrapped *IssuerMetadata) *issuer.Metadata

IssuerMetadataToGoImpl unwrap original issuer.Metadata from IssuerMetadata wrapper.

Types

type Acknowledgment 

type Acknowledgment struct {
	// contains filtered or unexported fields
}

Acknowledgment represents an object that allows to acknowledge the issuer the user's accepted or rejected credential.

func NewAcknowledgment 

func NewAcknowledgment(serialized string) (*Acknowledgment, error)

NewAcknowledgment recreates acknowledgment object from serialized state.

func (*Acknowledgment) Reject 

func (a *Acknowledgment) Reject() error

Reject acknowledges the client's rejection of credentials. Each call to this function acknowledges the client's rejection of the next credential in the list of issued credentials.

The first call acknowledges the first credential, the second call acknowledges the second credential, the third call acknowledges the third, and so on. If the number of function calls exceeds the number of credentials issued in the current session, the function returns an error "ack list is empty".

Between the calls caller might set different interaction details using SetInteractionDetails.

func (*Acknowledgment) RejectWithCode 

func (a *Acknowledgment) RejectWithCode(code string) error

RejectWithCode acknowledges the client's rejection of credentials with specific code. See Reject for details.

func (*Acknowledgment) Serialize 

func (a *Acknowledgment) Serialize() (string, error)

Serialize the acknowledgment object so it can be restored later.

func (*Acknowledgment) SetInteractionDetails 

func (a *Acknowledgment) SetInteractionDetails(serializedInteractionDetails string) error

SetInteractionDetails extends next acknowledgment request with serializedInteractionDetails.

func (*Acknowledgment) Success 

func (a *Acknowledgment) Success() error

Success acknowledges the client's acceptance of credentials. Each call to this function acknowledges the client's acceptance of the next credential in the list of issued credentials.

The first call acknowledges the first credential, the second call acknowledges the second credential, the third call acknowledges the third, and so on. If the number of function calls exceeds the number of credentials issued in the current session, the function returns an error "ack list is empty".

Between the calls caller might set different interaction details using SetInteractionDetails.

type AuthorizationCodeGrantParams 

type AuthorizationCodeGrantParams struct {
	// contains filtered or unexported fields
}

AuthorizationCodeGrantParams represents an issuer's authorization code grant parameters.

func (*AuthorizationCodeGrantParams) HasIssuerState 

func (a *AuthorizationCodeGrantParams) HasIssuerState() bool

HasIssuerState indicates whether this AuthorizationCodeGrantParams has an issuer state string.

func (*AuthorizationCodeGrantParams) IssuerState 

func (a *AuthorizationCodeGrantParams) IssuerState() (string, error)

IssuerState returns the issuer state string. The HasIssuerState method should be called first to ensure this AuthorizationCodeGrantParams object has an issuer state string first before calling this method. This method returns an error if (and only if) HasIssuerState returns false.

type CreateAuthorizationURLOpts 

type CreateAuthorizationURLOpts struct {
	// contains filtered or unexported fields
}

CreateAuthorizationURLOpts contains all optional arguments that can be passed into the createAuthorizationURL method.

func NewCreateAuthorizationURLOpts 

func NewCreateAuthorizationURLOpts() *CreateAuthorizationURLOpts

NewCreateAuthorizationURLOpts returns a new CreateAuthorizationURLOpts object.

func (*CreateAuthorizationURLOpts) SetIssuerState 

func (c *CreateAuthorizationURLOpts) SetIssuerState(issuerState string) *CreateAuthorizationURLOpts

SetIssuerState is an option for the createAuthorizationURL method that specifies an issuer state to be included in the authorization URL.

For an issuer-instantiated flow, this option should not be required in most cases. Typically, if an issuer requires this parameter, it will be included in the original credential offer, and in such cases the createAuthorizationURL method will automatically include it in the authorization URL without requiring this option to be used. Since the spec leaves open the possibility that the issuer_state parameter can come from some other place, this option exists to allow for compatibility with such scenarios. However, the spec also states that if the credential offer specifies an issuer state, then it MUST be used in the authorization URL. Thus, in order to prevent potential confusion, if the credential offer already has an issuer state value, but a caller still uses this option, then an error will be returned by the CreateAuthorizationURL method. If needed, a caller can check the IssuerState field in the AuthorizationCodeGrantParams object.

For a wallet-instantiated flow, an issuer state may be required by some issuers. There is no credential offer in a wallet-instantiated flow, so if an issuer state is required then it must always be explicitly provided using this option.

func (*CreateAuthorizationURLOpts) SetScopes 

func (c *CreateAuthorizationURLOpts) SetScopes(scopes *api.StringArray) *CreateAuthorizationURLOpts

SetScopes sets scopes to use in the URL created by the createAuthorizationURL method. If the authorization URL requires scopes to be set, then this option must be used.

func (*CreateAuthorizationURLOpts) UseOAuthDiscoverableClientIDScheme 

func (c *CreateAuthorizationURLOpts) UseOAuthDiscoverableClientIDScheme() *CreateAuthorizationURLOpts

UseOAuthDiscoverableClientIDScheme is an option for the CreateAuthorizationURL method that will cause the OAuth Discoverable Client ID scheme to be specified in the authorization URL. See https://mattrglobal.github.io/draft-looker-oauth-client-id-scheme/draft-looker-oauth-client-id-scheme.html for more information on the requirements of this scheme. Note that successful usage of this scheme requires the issuer to support it and for the client to meet the scheme's pre-requisites. Be sure to also set your client ID appropriately as required by the scheme.

type CredentialOffer 

type CredentialOffer struct {
	CredentialType             string
	CredentialFormat           string
	ClientAttestationRequested bool
}

CredentialOffer contains data related to a credential type being offered in an issuance request.

type InteractionOpts 

type InteractionOpts struct {
	// contains filtered or unexported fields
}

InteractionOpts contains all optional arguments that can be passed into the NewIssuerInitiatedInteraction function.

func NewInteractionOpts 

func NewInteractionOpts() *InteractionOpts

NewInteractionOpts returns a new InteractionOpts object.

func (*InteractionOpts) AddHeader 

func (o *InteractionOpts) AddHeader(header *api.Header) *InteractionOpts

AddHeader adds the given HTTP header to all REST calls made to the issuer during the OpenID4CI flow.

func (*InteractionOpts) AddHeaders 

func (o *InteractionOpts) AddHeaders(headers *api.Headers) *InteractionOpts

AddHeaders adds the given HTTP headers to all REST calls made to the issuer during the OpenID4CI flow.

func (*InteractionOpts) DisableHTTPClientTLSVerify 

func (o *InteractionOpts) DisableHTTPClientTLSVerify() *InteractionOpts

DisableHTTPClientTLSVerify disables tls verification, should be used only for test purposes.

func (*InteractionOpts) DisableOpenTelemetry 

func (o *InteractionOpts) DisableOpenTelemetry() *InteractionOpts

DisableOpenTelemetry disables sending of open telemetry header.

func (*InteractionOpts) DisableVCProofChecks 

func (o *InteractionOpts) DisableVCProofChecks() *InteractionOpts

DisableVCProofChecks disables VC proof checks during the OpenID4CI interaction flow.

func (*InteractionOpts) EnableDIProofChecks 

func (o *InteractionOpts) EnableDIProofChecks(kms *localkms.KMS) *InteractionOpts

EnableDIProofChecks enables data integrity proof checks for received VCs. It requires a KMS to be passed in.

func (*InteractionOpts) SetActivityLogger 

func (o *InteractionOpts) SetActivityLogger(activityLogger api.ActivityLogger) *InteractionOpts

SetActivityLogger sets an activity logger to be used for logging activities. If this option isn't used, then no activities will be logged.

func (*InteractionOpts) SetDocumentLoader 

func (o *InteractionOpts) SetDocumentLoader(documentLoader api.LDDocumentLoader) *InteractionOpts

SetDocumentLoader sets the document loader to use when parsing VCs received from the issuer. If no document loader is explicitly set, then a network-based loader will be used.

func (*InteractionOpts) SetHTTPTimeoutNanoseconds 

func (o *InteractionOpts) SetHTTPTimeoutNanoseconds(timeout int64) *InteractionOpts

SetHTTPTimeoutNanoseconds sets the timeout (in nanoseconds) for HTTP calls. Passing in 0 will disable timeouts.

func (*InteractionOpts) SetMetricsLogger 

func (o *InteractionOpts) SetMetricsLogger(metricsLogger api.MetricsLogger) *InteractionOpts

SetMetricsLogger sets a metrics logger to use.

type IssuerInitiatedInteraction 

type IssuerInitiatedInteraction struct {
	// contains filtered or unexported fields
}

IssuerInitiatedInteraction represents a single issuer-instantiated OpenID4CI interaction between a wallet and an issuer. This type can be used if you have received a credential offer from an issuer in some form. The methods defined on this object are used to help guide the calling code through the OpenID4CI flow. An IssuerInitiatedInteraction is a stateful object, and is intended for going through the full flow only once after which it should be discarded. Any new interactions should use a fresh IssuerInitiatedInteraction instance.

func NewIssuerInitiatedInteraction 

func NewIssuerInitiatedInteraction(
	args *IssuerInitiatedInteractionArgs,
	opts *InteractionOpts,
) (*IssuerInitiatedInteraction, error)

NewIssuerInitiatedInteraction creates a new OpenID4CI IssuerInitiatedInteraction.

func (*IssuerInitiatedInteraction) Acknowledgment 

func (i *IssuerInitiatedInteraction) Acknowledgment() (*Acknowledgment, error)

Acknowledgment return not nil Acknowledgment if the issuer requires to be acknowledged that the user accepts or rejects credentials.

func (*IssuerInitiatedInteraction) AuthorizationCodeGrantParams 

func (i *IssuerInitiatedInteraction) AuthorizationCodeGrantParams() (*AuthorizationCodeGrantParams, error)

AuthorizationCodeGrantParams returns an object that can be used to determine the issuer's authorization code grant parameters. The caller should call the AuthorizationCodeGrantTypeSupported method first and only call this method to get the params if AuthorizationCodeGrantTypeSupported returns true. This method returns an error if (and only if) AuthorizationCodeGrantTypeSupported returns false.

func (*IssuerInitiatedInteraction) AuthorizationCodeGrantTypeSupported 

func (i *IssuerInitiatedInteraction) AuthorizationCodeGrantTypeSupported() bool

AuthorizationCodeGrantTypeSupported indicates whether an issuer supports the authorization code grant type.

func (*IssuerInitiatedInteraction) CreateAuthorizationURL 

func (i *IssuerInitiatedInteraction) CreateAuthorizationURL(clientID, redirectURI string,
	opts *CreateAuthorizationURLOpts,
) (string, error)

CreateAuthorizationURL creates an authorization URL that can be opened in a browser to proceed to the login page. It is the first step in the authorization code flow. It creates the authorization URL that can be opened in a browser to proceed to the login page. This method can only be used if the issuer supports authorization code grants. Check the issuer's capabilities first using the methods available on this IssuerInitiatedInteraction object. If scopes are needed, pass them in using the CreateAuthorizationURLOpts object.

func (*IssuerInitiatedInteraction) DynamicClientRegistrationEndpoint 

func (i *IssuerInitiatedInteraction) DynamicClientRegistrationEndpoint() (string, error)

DynamicClientRegistrationEndpoint returns the issuer's dynamic client registration endpoint. The caller should call the DynamicClientRegistrationSupported method first and only call this method if DynamicClientRegistrationSupported returns true. This method will return an error if the issuer does not support dynamic client registration.

func (*IssuerInitiatedInteraction) DynamicClientRegistrationSupported 

func (i *IssuerInitiatedInteraction) DynamicClientRegistrationSupported() (bool, error)

DynamicClientRegistrationSupported indicates whether the issuer supports dynamic client registration.

func (*IssuerInitiatedInteraction) IssuerMetadata 

func (i *IssuerInitiatedInteraction) IssuerMetadata() (*IssuerMetadata, error)

IssuerMetadata returns the issuer's metadata.

func (*IssuerInitiatedInteraction) IssuerTrustInfo 

func (i *IssuerInitiatedInteraction) IssuerTrustInfo() (*IssuerTrustInfo, error)

IssuerTrustInfo returns issuer trust info like, did, domain, credential type, format.

func (*IssuerInitiatedInteraction) IssuerURI 

func (i *IssuerInitiatedInteraction) IssuerURI() string

IssuerURI returns the issuer's URI from the initiation request. It's useful to store this somewhere in case there's a later need to refresh credential display data using the latest display information from the issuer.

func (*IssuerInitiatedInteraction) OTelTraceID 

func (i *IssuerInitiatedInteraction) OTelTraceID() string

OTelTraceID returns the OpenTelemetry trace ID. If OpenTelemetry has been disabled, then an empty string is returned.

func (*IssuerInitiatedInteraction) OfferedCredentialsTypes 

func (i *IssuerInitiatedInteraction) OfferedCredentialsTypes() *api.StringArrayArray

OfferedCredentialsTypes returns types of offered credentials.

func (*IssuerInitiatedInteraction) PreAuthorizedCodeGrantParams 

func (i *IssuerInitiatedInteraction) PreAuthorizedCodeGrantParams() (*PreAuthorizedCodeGrantParams, error)

PreAuthorizedCodeGrantParams returns an object that can be used to determine an issuer's pre-authorized code grant parameters. The caller should call the PreAuthorizedCodeGrantTypeSupported method first and only call this method to get the params if PreAuthorizedCodeGrantTypeSupported returns true. This method returns an error if (and only if) PreAuthorizedCodeGrantTypeSupported returns false.

func (*IssuerInitiatedInteraction) PreAuthorizedCodeGrantTypeSupported 

func (i *IssuerInitiatedInteraction) PreAuthorizedCodeGrantTypeSupported() bool

PreAuthorizedCodeGrantTypeSupported indicates whether an issuer supports the pre-authorized code grant type.

func (*IssuerInitiatedInteraction) RequestCredentialWithAuth 

func (i *IssuerInitiatedInteraction) RequestCredentialWithAuth(vm *api.VerificationMethod,
	redirectURIWithAuthCode string,
	opts *RequestCredentialWithAuthOpts,
) (*verifiable.CredentialsArray, error)

RequestCredentialWithAuth requests credential(s) from the issuer. This method can only be used for the authorization code flow, where it acts as the final step in the interaction with the issuer. For the equivalent method for the pre-authorized code flow, see RequestCredentialWithPreAuth instead.

RequestCredentialWithAuth should be called only once all authorization pre-requisite steps have been completed. The redirect URI that you pass in here should look like the redirect URI that you passed in to the CreateAuthorizationURL, except that now it has some URL query parameters appended to it.

func (*IssuerInitiatedInteraction) RequestCredentialWithPreAuth 

func (i *IssuerInitiatedInteraction) RequestCredentialWithPreAuth(
	vm *api.VerificationMethod, opts *RequestCredentialWithPreAuthOpts,
) (*verifiable.CredentialsArray, error)

RequestCredentialWithPreAuth requests credential(s) from the issuer. This method can only be used for the pre-authorized code flow, where it acts as the final step in the interaction with the issuer. For the equivalent method for the authorization code flow, see RequestCredentialWithAuth instead. If a PIN is required (which can be checked via the Capabilities method), then it must be passed into this method via the SetPIN method on the RequestCredentialWithPreAuthOpts object.

func (*IssuerInitiatedInteraction) RequestCredentialWithPreAuthV2 

func (i *IssuerInitiatedInteraction) RequestCredentialWithPreAuthV2(
	vm *api.VerificationMethod, opts *RequestCredentialWithPreAuthOpts,
) (*verifiable.CredentialsArrayV2, error)

RequestCredentialWithPreAuthV2 requests credentials using a pre-authorized code flow. Returns an array of credentials with config IDs, which map to CredentialConfigurationSupported in the issuer's metadata.

func (*IssuerInitiatedInteraction) RequireAcknowledgment 

func (i *IssuerInitiatedInteraction) RequireAcknowledgment() (bool, error)

RequireAcknowledgment if true indicates that the issuer requires to be acknowledged if the user accepts or rejects credentials.

func (*IssuerInitiatedInteraction) VerifyIssuer 

func (i *IssuerInitiatedInteraction) VerifyIssuer() (string, error)

VerifyIssuer verifies the issuer via its issuer metadata. If successful, then the service URL is returned. An error means that either the issuer failed the verification check, or something went wrong during the process (and so a verification status could not be determined).

type IssuerInitiatedInteractionArgs 

type IssuerInitiatedInteractionArgs struct {
	// contains filtered or unexported fields
}

IssuerInitiatedInteractionArgs contains the required parameters for an IssuerInitiatedInteraction.

func NewIssuerInitiatedInteractionArgs 

func NewIssuerInitiatedInteractionArgs(initiateIssuanceURI string, crypto api.Crypto,
	didResolver api.DIDResolver,
) *IssuerInitiatedInteractionArgs

NewIssuerInitiatedInteractionArgs creates a new IssuerInitiatedInteractionArgs object. All parameters are mandatory.

type IssuerMetadata 

type IssuerMetadata struct {
	// contains filtered or unexported fields
}

IssuerMetadata represents metadata about an issuer as obtained from their .well-known OpenID configuration.

func IssuerMetadataFromGoImpl 

func IssuerMetadataFromGoImpl(goAPIIssuerMetadata *issuer.Metadata) *IssuerMetadata

IssuerMetadataFromGoImpl wrap original issuer.Metadata into IssuerMetadata wrapper.

func (*IssuerMetadata) CredentialIssuer 

func (i *IssuerMetadata) CredentialIssuer() string

CredentialIssuer returns the issuer's identifier.

func (*IssuerMetadata) LocalizedIssuerDisplays 

func (i *IssuerMetadata) LocalizedIssuerDisplays() *LocalizedIssuerDisplays

LocalizedIssuerDisplays returns an object that contains display information for the issuer in various locales.

func (*IssuerMetadata) SupportedCredentials 

func (i *IssuerMetadata) SupportedCredentials() *SupportedCredentials

SupportedCredentials returns an object that can be used to determine the types of credentials that the issuer supports issuance of.

type IssuerTrustInfo 

type IssuerTrustInfo struct {
	DID              string
	Domain           string
	CredentialOffers []*CredentialOffer
}

IssuerTrustInfo represent issuer trust information.

func (*IssuerTrustInfo) OfferAtIndex 

func (i *IssuerTrustInfo) OfferAtIndex(index int) *CredentialOffer

OfferAtIndex returns offer by index.

func (*IssuerTrustInfo) OfferLength 

func (i *IssuerTrustInfo) OfferLength() int

OfferLength returns the number offers.

type LocalizedCredentialDisplay 

type LocalizedCredentialDisplay struct {
	// contains filtered or unexported fields
}

LocalizedCredentialDisplay represents display information for a credential in a specific locale.

func (*LocalizedCredentialDisplay) BackgroundColor 

func (l *LocalizedCredentialDisplay) BackgroundColor() string

BackgroundColor returns this LocalizedCredentialDisplay's background color.

func (*LocalizedCredentialDisplay) Locale 

func (l *LocalizedCredentialDisplay) Locale() string

Locale returns this LocalizedCredentialDisplay's locale. 

func (l *LocalizedCredentialDisplay) Logo() *Logo

Logo returns this LocalizedCredentialDisplay's logo.

func (*LocalizedCredentialDisplay) Name 

func (l *LocalizedCredentialDisplay) Name() string

Name returns this LocalizedCredentialDisplay's name.

func (*LocalizedCredentialDisplay) TextColor 

func (l *LocalizedCredentialDisplay) TextColor() string

TextColor returns this LocalizedCredentialDisplay's text color.

type LocalizedCredentialDisplays 

type LocalizedCredentialDisplays struct {
	// contains filtered or unexported fields
}

LocalizedCredentialDisplays represents display information for a credential in various locales.

func (*LocalizedCredentialDisplays) AtIndex 

func (l *LocalizedCredentialDisplays) AtIndex(index int) *LocalizedCredentialDisplay

AtIndex returns the LocalizedCredentialDisplays at the given index. If the index passed in is out of bounds, then nil is returned.

func (*LocalizedCredentialDisplays) Length 

func (l *LocalizedCredentialDisplays) Length() int

Length returns the number of LocalizedIssuerDisplays contained within this object.

type LocalizedIssuerDisplay 

type LocalizedIssuerDisplay struct {
	// contains filtered or unexported fields
}

LocalizedIssuerDisplay represents display information for an issuer in a specific locale.

func (*LocalizedIssuerDisplay) BackgroundColor 

func (l *LocalizedIssuerDisplay) BackgroundColor() string

BackgroundColor returns this LocalizedIssuerDisplay's background color.

func (*LocalizedIssuerDisplay) Locale 

func (l *LocalizedIssuerDisplay) Locale() string

Locale returns this LocalizedIssuerDisplay's Locale. 

func (l *LocalizedIssuerDisplay) Logo() *Logo

Logo returns this LocalizedIssuerDisplay's logo. If it has no logo, then nil/null is returned instead.

func (*LocalizedIssuerDisplay) Name 

func (l *LocalizedIssuerDisplay) Name() string

Name returns this LocalizedIssuerDisplay's name.

func (*LocalizedIssuerDisplay) TextColor 

func (l *LocalizedIssuerDisplay) TextColor() string

TextColor returns this LocalizedIssuerDisplay's text color.

func (*LocalizedIssuerDisplay) URL 

func (l *LocalizedIssuerDisplay) URL() string

URL returns this LocalizedIssuerDisplay's URL.

type LocalizedIssuerDisplays 

type LocalizedIssuerDisplays struct {
	// contains filtered or unexported fields
}

LocalizedIssuerDisplays represents display information for an issuer in various locales.

func (*LocalizedIssuerDisplays) AtIndex 

func (l *LocalizedIssuerDisplays) AtIndex(index int) *LocalizedIssuerDisplay

AtIndex returns the LocalizedIssuerDisplays at the given index. If the index passed in is out of bounds, then nil is returned.

func (*LocalizedIssuerDisplays) Length 

func (l *LocalizedIssuerDisplays) Length() int

Length returns the number of LocalizedIssuerDisplays contained within this object. 

type Logo struct {
	// contains filtered or unexported fields
}

Logo represents display information for a logo.

func (*Logo) AltText 

func (l *Logo) AltText() string

AltText returns alt text for this logo.

func (*Logo) URL 

func (l *Logo) URL() string

URL returns the URL where this logo's image can be fetched.

type PreAuthorizedCodeGrantParams 

type PreAuthorizedCodeGrantParams struct {
	// contains filtered or unexported fields
}

PreAuthorizedCodeGrantParams represents an issuer's pre-authorized code grant parameters.

func (*PreAuthorizedCodeGrantParams) PINRequired 

func (p *PreAuthorizedCodeGrantParams) PINRequired() bool

PINRequired indicates whether the issuer requires a PIN.

type RequestCredentialWithAuthOpts 

type RequestCredentialWithAuthOpts struct{}

RequestCredentialWithAuthOpts contains all optional arguments that can be passed into the RequestCredentialWithAuth method.

type RequestCredentialWithPreAuthOpts 

type RequestCredentialWithPreAuthOpts struct {
	// contains filtered or unexported fields
}

RequestCredentialWithPreAuthOpts contains all optional arguments that can be passed into the RequestCredentialWithPreAuth method.

func NewRequestCredentialWithPreAuthOpts 

func NewRequestCredentialWithPreAuthOpts() *RequestCredentialWithPreAuthOpts

NewRequestCredentialWithPreAuthOpts returns a new RequestCredentialWithPreAuthOpts object.

func (*RequestCredentialWithPreAuthOpts) SetAttestationVC 

func (r *RequestCredentialWithPreAuthOpts) SetAttestationVC(
	vm *api.VerificationMethod, vc string,
) *RequestCredentialWithPreAuthOpts

SetAttestationVC is an option for the RequestCredentialWithPreAuth method that allows you to specify attestation VC, which may be required by the issuer.

func (*RequestCredentialWithPreAuthOpts) SetPIN 

func (r *RequestCredentialWithPreAuthOpts) SetPIN(pin string) *RequestCredentialWithPreAuthOpts

SetPIN is an option for the RequestCredentialWithPreAuth method that allows you to specify a PIN, which may be required by the issuer. Check the issuer capabilities object first to determine this.

type SupportedCredential 

type SupportedCredential struct {
	// contains filtered or unexported fields
}

SupportedCredential represents a specific credential (type and format) that an issuer can issue.

func (*SupportedCredential) Format 

func (s *SupportedCredential) Format() string

Format returns this SupportedCredential's format.

func (*SupportedCredential) LocalizedDisplays 

func (s *SupportedCredential) LocalizedDisplays() *LocalizedCredentialDisplays

LocalizedDisplays returns an object that contains this SupportedCredential's display data in various locales.

func (*SupportedCredential) Types 

func (s *SupportedCredential) Types() *api.StringArray

Types returns this SupportedCredential's types.

type SupportedCredentials 

type SupportedCredentials struct {
	// contains filtered or unexported fields
}

SupportedCredentials represents the credentials (types and formats) that an issuer can issue.

func (*SupportedCredentials) AtIndex 

func (s *SupportedCredentials) AtIndex(index int) *SupportedCredential

AtIndex returns the SupportedCredential at the given index. If the index passed in is out of bounds, then nil is returned. Deprecated. Use CredentialConfigurationSupported instead.

func (*SupportedCredentials) CredentialConfigurationSupported 

func (s *SupportedCredentials) CredentialConfigurationSupported(
	credentialConfigurationID issuer.CredentialConfigurationID,
) *SupportedCredential

CredentialConfigurationSupported returns the SupportedCredential by given credentialConfigurationID. If credentialConfigurationID is unknown, then nil is returned.

func (*SupportedCredentials) Length 

func (s *SupportedCredentials) Length() int

Length returns the number of SupportedCredentials contained within this object.

type WalletInitiatedInteraction 

type WalletInitiatedInteraction struct {
	// contains filtered or unexported fields
}

WalletInitiatedInteraction represents a single wallet-instantiated OpenID4CI interaction between a wallet and an issuer. The methods defined on this object are used to help guide the calling code through the OpenID4CI flow. An WalletInitiatedInteraction is a stateful object, and is intended for going through the full flow only once after which it should be discarded. Any new interactions should use a fresh WalletInitiatedInteraction instance.

func NewWalletInitiatedInteraction 

func NewWalletInitiatedInteraction(
	args *WalletInitiatedInteractionArgs,
	opts *InteractionOpts,
) (*WalletInitiatedInteraction, error)

NewWalletInitiatedInteraction creates a new OpenID4CI WalletInitiatedInteraction.

func (*WalletInitiatedInteraction) CreateAuthorizationURL 

func (i *WalletInitiatedInteraction) CreateAuthorizationURL(clientID, redirectURI, credentialFormat string,
	credentialTypes *api.StringArray, opts *CreateAuthorizationURLOpts,
) (string, error)

CreateAuthorizationURL creates an authorization URL that can be opened in a browser to proceed to the login page. It must be called before calling the RequestCredential method. It creates the authorization URL that can be opened in a browser to proceed to the login page. This method can only be used if the issuer supports authorization code grants. Check the issuer's capabilities first using the Capabilities method. If scopes are needed, pass them in using the CreateAuthorizationURLOpts object.

func (*WalletInitiatedInteraction) DynamicClientRegistrationEndpoint 

func (i *WalletInitiatedInteraction) DynamicClientRegistrationEndpoint() (string, error)

DynamicClientRegistrationEndpoint returns the issuer's dynamic client registration endpoint. The caller should call the DynamicClientRegistrationSupported method first and only call this method if DynamicClientRegistrationSupported returns true. This method will return an error if the issuer does not support dynamic client registration.

func (*WalletInitiatedInteraction) DynamicClientRegistrationSupported 

func (i *WalletInitiatedInteraction) DynamicClientRegistrationSupported() (bool, error)

DynamicClientRegistrationSupported indicates whether the issuer supports dynamic client registration.

func (*WalletInitiatedInteraction) IssuerMetadata 

func (i *WalletInitiatedInteraction) IssuerMetadata() (*IssuerMetadata, error)

IssuerMetadata returns the issuer's metadata object.

func (*WalletInitiatedInteraction) RequestCredential 

func (i *WalletInitiatedInteraction) RequestCredential(vm *api.VerificationMethod,
	redirectURIWithAuthCode string,
	opts *RequestCredentialWithAuthOpts,
) (*verifiable.CredentialsArray, error)

RequestCredential requests credential(s) from the issuer. This method is the final step in the interaction with the issuer. This method must be called only once all authorization pre-requisite steps have been completed. The redirect URI that you pass in here should look like the redirect URI that you passed in to the CreateAuthorizationURL, except that now it has some URL query parameters appended to it.

func (*WalletInitiatedInteraction) VerifyIssuer 

func (i *WalletInitiatedInteraction) VerifyIssuer() (string, error)

VerifyIssuer verifies the issuer via its issuer metadata. If successful, then the service URL is returned. An error means that either the issuer failed the verification check, or something went wrong during the process (and so a verification status could not be determined).

type WalletInitiatedInteractionArgs 

type WalletInitiatedInteractionArgs struct {
	// contains filtered or unexported fields
}

WalletInitiatedInteractionArgs contains the required parameters for an WalletInitiatedInteraction.

func NewWalletInitiatedInteractionArgs 

func NewWalletInitiatedInteractionArgs(issuerURI string, crypto api.Crypto,
	didResolver api.DIDResolver,
) *WalletInitiatedInteractionArgs

NewWalletInitiatedInteractionArgs creates a new WalletInitiatedInteractionArgs object. All parameters are mandatory.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.