vck-openid/at.asitplus.wallet.lib.oauth2/OAuth2Client

OAuth2Client

class OAuth2Client(val clientId: String = "https://wallet.a-sit.at/app", val redirectUrl: String = "/callback", stateToCodeStore: MapStore<String, String> = DefaultMapStore(), val signPushedAuthorizationRequest: SignJwtFun<AuthenticationRequestParameters>? = SignJwt(EphemeralKeyWithSelfSignedCert(), JwsHeaderCertOrJwk()))(source)

Simple OAuth 2.0 client to authorize the client against an OAuth 2.0 Authorization Server and request tokens.

Can be used in OID4VCI flows, e.g. WalletService.

Constructors

OAuth2Client

constructor(clientId: String = "https://wallet.a-sit.at/app", redirectUrl: String = "/callback", stateToCodeStore: MapStore<String, String> = DefaultMapStore(), signPushedAuthorizationRequest: SignJwtFun<AuthenticationRequestParameters>? = SignJwt(EphemeralKeyWithSelfSignedCert(), JwsHeaderCertOrJwk()))

Types

AuthorizationForToken

sealed class AuthorizationForToken

Properties

clientId

val clientId: String

Used to create AuthenticationRequestParameters, TokenRequestParameters and CredentialRequestProof, typically a URI.

redirectUrl

val redirectUrl: String

Used to create AuthenticationRequestParameters and TokenRequestParameters.

signPushedAuthorizationRequest

val signPushedAuthorizationRequest: SignJwtFun<AuthenticationRequestParameters>?

Set this variable to use JAR (JWT-secured authorization requests, RFC 9101) for PAR (Pushed authorization requests, RFC 9126), as mandated by OpenID4VC HAIP.

Functions

createAuthRequest

suspend fun createAuthRequest(state: String, authorizationDetails: Set<AuthorizationDetails>? = null, scope: String? = null, resource: String? = null, issuerState: String? = null, audience: String? = null, wrapAsJar: Boolean = true): AuthenticationRequestParameters

Send the result as parameters to the server at OAuth2AuthorizationServerMetadata.authorizationEndpoint. Use POST if OAuth2AuthorizationServerMetadata.pushedAuthorizationRequestEndpoint is available.

createAuthRequestAfterPar

suspend fun createAuthRequestAfterPar(parResponse: PushedAuthenticationResponseParameters): AuthenticationRequestParameters

Send the result as parameters to the server at OAuth2AuthorizationServerMetadata.authorizationEndpoint. Use this method if the previous authn request was sent as a pushed authorization request (RFC 9126), and the server has answered with PushedAuthenticationResponseParameters.

createTokenRequestParameters

suspend fun createTokenRequestParameters(authorization: OAuth2Client.AuthorizationForToken, state: String? = null, authorizationDetails: Set<AuthorizationDetails>? = null, scope: String? = null, resource: String? = null): TokenRequestParameters

Request token with an authorization code, e.g. from createAuthRequest, or pre-auth code.

generateCodeVerifier

suspend fun generateCodeVerifier(state: String): String