vck-openid-ktor/at.asitplus.wallet.lib.ktor.openid/OpenId4VciClient

OpenId4VciClient

class OpenId4VciClient(engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, oid4vciService: WalletService = WalletService(), oauth2InternalClient: OAuth2Client = OAuth2Client(clientId = oid4vciService.clientId), oauth2Client: OAuth2KtorClient = OAuth2KtorClient( engine = engine, cookiesStorage = cookiesStorage, httpClientConfig = httpClientConfig, oAuth2Client = oauth2InternalClient, ))(source)

Implements the client side of OpenID for Verifiable Credential Issuance 1.0 from 2025-09-16. Supported features:

Pre-authorized grants
Authentication code flows
OAuth 2.0 Demonstrating Proof of Possession (DPoP)
OAuth 2.0 Attestation-Based Client Authentication
OAuth 2.0 Pushed Authorization Requests

Constructors

OpenId4VciClient

constructor(engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, oid4vciService: WalletService = WalletService(), oauth2InternalClient: OAuth2Client = OAuth2Client(clientId = oid4vciService.clientId), oauth2Client: OAuth2KtorClient = OAuth2KtorClient( engine = engine, cookiesStorage = cookiesStorage, httpClientConfig = httpClientConfig, oAuth2Client = oauth2InternalClient, ))

Functions

loadCredentialMetadata

suspend fun loadCredentialMetadata(host: String): KmmResult<Collection<CredentialIdentifierInfo>>

Loads credential metadata info from host, parses it, returns list of CredentialIdentifierInfo.

loadCredentialWithOfferReturningResult

suspend fun loadCredentialWithOfferReturningResult(credentialOffer: CredentialOffer, credentialIdentifierInfo: CredentialIdentifierInfo, transactionCode: String? = null): KmmResult<CredentialIssuanceResult>

Loads a user-selected credential with pre-authorized code from the OID4VCI credential issuer

refreshCredentialReturningResult

suspend fun refreshCredentialReturningResult(refreshTokenInfo: RefreshTokenInfo): KmmResult<CredentialIssuanceResult.Success>

Call to refresh a credential with a stored refresh token (that was received when issuing the credential for the first time, as returned in CredentialIssuanceResult.Success.refreshToken).

resumeWithAuthCode

suspend fun resumeWithAuthCode(url: String, context: ProvisioningContext): KmmResult<CredentialIssuanceResult.Success>

Called after getting the redirect back from the authorization server to the credential issuer.

startProvisioningWithAuthRequestReturningResult

suspend fun startProvisioningWithAuthRequestReturningResult(credentialIssuerUrl: String, credentialIdentifierInfo: CredentialIdentifierInfo): KmmResult<CredentialIssuanceResult.OpenUrlForAuthnRequest>

Starts the issuing process at credentialIssuerUrl. Clients need to handle the result, i.e. open the URL for user authentication or store the credentials. Clients need to call resumeWithAuthCode after getting the authorization code back from the authorization server, e.g. by the Wallet app getting opened (see redirectUrl at oid4vciService) after the browser being redirecting back from the authorization server.