vck-openid-ktor/at.asitplus.wallet.lib.ktor.openid

Package-level declarations

Types

Link copied to clipboard
@Serializable
data class CredentialIdentifierInfo(val issuerMetadata: IssuerMetadata, val credentialIdentifier: String, val supportedCredentialFormat: SupportedCredentialFormat)

Gets parsed from the credential issuer's metadata, essentially an entry from IssuerMetadata.supportedCredentialConfigurations

Link copied to clipboard
sealed interface CredentialIssuanceResult

Result of the credential issuance process: Either open an authentication request URL externally (i.e. the browser), or store the received credentials.

Link copied to clipboard
sealed class IntermediateResult<R>

Intermediate class to perform error handling on ktor responses, see onFailure and onSuccess.

Link copied to clipboard
class OAuth2KtorClient(engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, loadClientAttestationJwt: suspend () -> String? = null, signClientAttestationPop: SignJwtFun<JsonWebToken>? = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderNone()), signDpop: SignJwtFun<JsonWebToken> = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderCertOrJwk()), dpopAlgorithm: JwsAlgorithm = JwsAlgorithm.Signature.ES256, val oAuth2Client: OAuth2Client, randomSource: RandomSource = RandomSource.Secure)

Implements the client side of OAuth2

Link copied to clipboard
class OpenId4VciClient(engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, oid4vciService: WalletService = WalletService(), oauth2InternalClient: OAuth2Client = OAuth2Client(clientId = oid4vciService.clientId), oauth2Client: OAuth2KtorClient = OAuth2KtorClient( engine = engine, cookiesStorage = cookiesStorage, httpClientConfig = httpClientConfig, oAuth2Client = oauth2InternalClient, ))

Implements the client side of OpenID for Verifiable Credential Issuance 1.0 from 2025-09-16. Supported features:

Link copied to clipboard
@Serializable
data class OpenId4VpSuccess(val redirectUri: String)
Link copied to clipboard
class OpenId4VpWallet(engine: HttpClientEngine, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, keyMaterial: KeyMaterial, holderAgent: HolderAgent, randomSource: RandomSource = RandomSource.Secure)

Implements the wallet side of Self-Issued OpenID Provider v2 - draft 13 and OpenID for Verifiable Presentations - draft 21

Link copied to clipboard
@Serializable
data class ProvisioningContext(val state: String, val credential: CredentialIdentifierInfo, val oauthMetadata: OAuth2AuthorizationServerMetadata, val issuerMetadata: IssuerMetadata)

Gets stored before jumping into the web browser (with the authorization request), so that we can load it back when we resume the issuing process with the auth code

Link copied to clipboard
@Serializable
data class RefreshTokenInfo(val refreshToken: String, val issuerMetadata: IssuerMetadata, val oauthMetadata: OAuth2AuthorizationServerMetadata, val credentialFormat: SupportedCredentialFormat, val credentialIdentifier: String)

Holds all information needed to refresh a credential, pass it to OpenId4VciClient.refreshCredential.

Link copied to clipboard
class RemoteOAuth2AuthorizationServerAdapter(val publicContext: String, engine: HttpClientEngine, cookiesStorage: CookiesStorage? = null, httpClientConfig: HttpClientConfig<*>.() -> Unit? = null, scope: CoroutineScope = CoroutineScope(Dispatchers.IO), oauth2Client: OAuth2KtorClient = OAuth2KtorClient( engine = engine, cookiesStorage = cookiesStorage, httpClientConfig = httpClientConfig, oAuth2Client = OAuth2Client(), ), val internalTokenVerificationService: TokenVerificationService, val dpopNonceService: NonceService = DefaultNonceService()) : OAuth2AuthorizationServerAdapter

Uses an external OAuth 2.0 Authorization Server with a at.asitplus.wallet.lib.oidvci.CredentialIssuer, i.e., delegate authorization to the external AS, and load user info from there (after performing token exchange with the Wallet's access token to get a fresh one). Make sure to configure oauth2Client to use the correct OAuth2KtorClient.loadClientAttestationJwt.

Link copied to clipboard
data class TokenResponseWithDpopNonce(val params: TokenResponseParameters, val dpopNonce: String?)

Properties

Link copied to clipboard
val HttpHeaders.DPoP: String
Link copied to clipboard
val HttpHeaders.DPoPNonce: String
Link copied to clipboard
val HttpHeaders.OAuthClientAttestation: String
Link copied to clipboard

Functions

Link copied to clipboard
fun OAuth2Error?.dpopNonce(response: HttpResponse): String?

Extracts the header DPoP-Nonce if the error is use_dpop_nonce.

Link copied to clipboard
fun <T> CoroutineScope.lazyDeferred(block: suspend CoroutineScope.() -> T): Lazy<Deferred<T>>
Link copied to clipboard
inline suspend fun <R> HttpResponse.onFailure(block: OAuth2Error?.(response: HttpResponse) -> R): IntermediateResult<R>

Helper method to perform error handling on ktor responses, see onSuccess.

Link copied to clipboard
inline suspend fun <T, R> IntermediateResult<R>.onSuccess(block: T.(response: HttpResponse) -> R): R

Helper method to perform error handling on ktor responses, see onFailure.