openid-data-classes/at.asitplus.openid/SignatureRequestParameters

SignatureRequestParameters

@Serializable

data class SignatureRequestParameters(val responseType: String, val clientId: String, val clientIdScheme: OpenIdConstants.ClientIdScheme? = null, val responseMode: OpenIdConstants.ResponseMode? = null, val responseUrl: String? = null, val nonce: String? = null, val state: String? = null, val signatureQualifier: SignatureQualifier = SignatureQualifier.EU_EIDAS_QES, val documentDigests: List<OAuthDocumentDigest>, val documentLocations: List<DocumentLocation>, val hashAlgorithmOid: ObjectIdentifier = Digest.SHA256.oid, val clientData: String? = null, val transactionData: List<TransactionDataBase64Url>? = null) : RequestParameters(source)

In the Wallet centric model this is the request coming from the Driving application to the wallet which starts the process

Constructors

constructor(responseType: String, clientId: String, clientIdScheme: OpenIdConstants.ClientIdScheme? = null, responseMode: OpenIdConstants.ResponseMode? = null, responseUrl: String? = null, nonce: String? = null, state: String? = null, signatureQualifier: SignatureQualifier = SignatureQualifier.EU_EIDAS_QES, documentDigests: List<OAuthDocumentDigest>, documentLocations: List<DocumentLocation>, hashAlgorithmOid: ObjectIdentifier = Digest.SHA256.oid, clientData: String? = null, transactionData: List<TransactionDataBase64Url>? = null)

Properties

clientData

@SerialName(value = "clientData")

val clientData: String? = null

CSC: OPTIONAL Arbitrary data from the signature application. It can be used to handle a transaction identifier or other application-specific data that may be useful for debugging purposes

clientId

@SerialName(value = "client_id")

val clientId: String

OIDC: REQUIRED. OAuth 2.0 Client Identifier valid at the Authorization Server.

clientIdScheme

@SerialName(value = "client_id_scheme")

val ~~clientIdScheme~~: OpenIdConstants.ClientIdScheme? = null

documentDigests

@SerialName(value = "documentDigests")

val documentDigests: List<OAuthDocumentDigest>

UC5 Draft REQUIRED. An array composed of entries for every document to be signed

documentLocations

@SerialName(value = "documentLocations")

val documentLocations: List<DocumentLocation>

UC5 Draft REQUIRED. An array composed of entries for every document to be signed

hashAlgorithmOid

@SerialName(value = "hashAlgorithmOID")

@Serializable(with = ObjectIdentifierStringSerializer::class)

val hashAlgorithmOid: ObjectIdentifier

UC5 Draft REQUIRED. String containing the OID of the hash algorithm used to generate the hashes listed in documentDigests

nonce

@SerialName(value = "nonce")

val nonce: String? = null

OIDC: OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy MUST be present in the nonce values used to prevent attackers from guessing values.

responseMode

@SerialName(value = "response_mode")

val responseMode: OpenIdConstants.ResponseMode? = null

OAuth 2.0 Responses: OPTIONAL. Informs the Authorization Server of the mechanism to be used for returning Authorization Response parameters from the Authorization Endpoint. This use of this parameter is NOT RECOMMENDED with a value that specifies the same Response Mode as the default Response Mode for the Response Type used. SHOULD be direct post

responseType

@SerialName(value = "response_type")

val responseType: String

OIDC: REQUIRED. OAuth 2.0 Response Type value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints used. When using the Authorization Code Flow, this value is code.

responseUrl

@SerialName(value = "response_uri")

val responseUrl: String? = null

OID4VP: OPTIONAL. The Response URI to which the Wallet MUST send the Authorization Response using an HTTPS POST request as defined by the Response Mode direct_post. The Response URI receives all Authorization Response parameters as defined by the respective Response Type. When the response_uri parameter is present, the redirect_uri Authorization Request parameter MUST NOT be present. If the redirect_uri Authorization Request parameter is present when the Response Mode is direct_post, the Wallet MUST return an invalid_request Authorization Response error.

signatureQualifier

@SerialName(value = "signatureQualifier")

val signatureQualifier: SignatureQualifier

UC5 Draft REQUIRED. This parameter contains the symbolic identifier determining the kind of signature to be created

state

@SerialName(value = "state")

val state: String? = null

OIDC: RECOMMENDED. Opaque value used to maintain state between the request and the callback. Typically, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie.

transactionData

@SerialName(value = "transaction_data")

val transactionData: List<TransactionDataBase64Url>? = null

OID4VP: OPTIONAL. Array of strings, where each string is a base64url encoded JSON object that contains a typed parameter set with details about the transaction that the Verifier is requesting the End-User to authorize. The Wallet MUST return an error if a request contains even one unrecognized transaction data type or transaction data not conforming to the respective type definition.