openid4ci

Documentation

Overview

Package openid4ci provides APIs for wallets to receive verifiable credentials via OIDC for Credential Issuance.

Index

• type AuthorizeResult
• type ClientConfig
• type CredentialRequestOpts
• type CredentialResponse
• type InitiationRequest
• type Interaction
  • func NewInteraction(initiateIssuanceURI string, config *ClientConfig) (*Interaction, error)
  • func (i *Interaction) Authorize() (*AuthorizeResult, error)
  • func (i *Interaction) RequestCredential(credentialRequestOpts *CredentialRequestOpts) ([]CredentialResponse, error)
  • func (i *Interaction) ResolveDisplay(preferredLocale string) (*credentialschema.ResolvedDisplayData, error)

Types

type AuthorizeResult

type AuthorizeResult struct {
	AuthorizationRedirectEndpoint string
	UserPINRequired               bool
}

AuthorizeResult is the object returned from the Client.Authorize method. An empty/missing AuthorizationRedirectEndpoint indicates that the wallet is pre-authorized.

type ClientConfig

type ClientConfig struct {
	UserDID        string
	ClientID       string
	SignerProvider didsignjwt.SignerGetter
	DIDResolver    api.DIDResolver
}

ClientConfig contains the various required parameters for an OpenID4CI Interaction. TODO: https://github.com/trustbloc/wallet-sdk/issues/163 refactor to instead require a key ID and a signer.

type CredentialRequestOpts

type CredentialRequestOpts struct {
	UserPIN string
}

CredentialRequestOpts represents the data (required and optional) that is used in the final step of the OpenID4CI flow, where the wallet requests the credential from the issuer.

type CredentialResponse

type CredentialResponse struct {
	Credential string `json:"credential,omitempty"` // Optional for deferred credential flow
	Format     string `json:"format,omitempty"`
}

CredentialResponse is the object returned from the Client.Callback method. It contains the issued credential (as base64url-encoded JSON) and the credential's format.

type InitiationRequest

type InitiationRequest struct {
	IssuerURI         string   `json:"issuer,omitempty"`
	CredentialTypes   []string `json:"credential_type,omitempty"`
	PreAuthorizedCode string   `json:"pre-authorized_code,omitempty"`
	UserPINRequired   bool     `json:"user_pin_required,omitempty"`
	OpState           string   `json:"op_state,omitempty"`
}

InitiationRequest represents the Issuance Initiation Request object received from an issuer as defined in https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-5.1.

type Interaction

type Interaction struct {
	// contains filtered or unexported fields
}

Interaction represents a single OpenID4CI interaction between a wallet and an issuer. The methods defined on this object are used to help guide the calling code through the OpenID4CI flow.

func NewInteraction

func NewInteraction(initiateIssuanceURI string, config *ClientConfig) (*Interaction, error)

NewInteraction creates a new OpenID4CI Interaction. The methods defined on this object are used to help guide the calling code through the OpenID4CI flow. Calling this function represents taking the first step in the flow. This function takes in an Initiate Issuance Request object from an issuer (as defined in https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-5.1), encoded using URL query parameters. This object is intended for going through the full flow only once (i.e. one interaction), after which it should be discarded. Any new interactions should use a fresh Interaction instance.

func (*Interaction) Authorize

func (i *Interaction) Authorize() (*AuthorizeResult, error)

Authorize is used by a wallet to authorize an issuer's OIDC Verifiable Credential Issuance Request. After initializing the Interaction object with an Issuance Request, this should be the first method you call in order to continue with the flow. It only supports the pre-authorized flow in its current implementation. Once the authorization flow is implemented, the following section of the spec will be relevant: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-6

func (*Interaction) RequestCredential

func (i *Interaction) RequestCredential(credentialRequestOpts *CredentialRequestOpts) ([]CredentialResponse, error)

RequestCredential is the second last step (or last step, if the ResolveDisplay method isn't needed) in the interaction. This is called after the wallet is authorized and is ready to receive credential(s). Relevant sections of the spec: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-7 https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-8

func (*Interaction) ResolveDisplay

func (i *Interaction) ResolveDisplay(preferredLocale string) (*credentialschema.ResolvedDisplayData, error)

ResolveDisplay is the optional final step that can be called after RequestCredential. It resolves display information for the credentials received in this interaction. The CredentialDisplays in the returned credentialschema.ResolvedDisplayData object correspond to the VCs received and are in the same order. If preferredLocale is not specified, then the first locale specified by the issuer's metadata will be used during resolution.