vck-openid/at.asitplus.wallet.lib.oidc/OidcSiopVerifier

OidcSiopVerifier

class OidcSiopVerifier(source)

Combines Verifiable Presentations with OpenId Connect. Implements OIDC for VP (2023-04-21) as well as SIOP V2 (2023-01-01).

This class creates the Authentication Request, verifier verifies the response. See OidcSiopWallet for the holder.

Types

Link copied to clipboard
sealed class AuthnResponseResult
Link copied to clipboard
object Companion
Link copied to clipboard
data class RequestOptions(val responseMode: OpenIdConstants.ResponseMode? = null, val representation: ConstantIndex.CredentialRepresentation = ConstantIndex.CredentialRepresentation.PLAIN_JWT, val state: String? = uuid4().toString(), val credentialScheme: ConstantIndex.CredentialScheme? = null, val requestedAttributes: List<String>? = null, val clientMetadataUrl: String? = null, val encryption: Boolean = false)

Properties

Link copied to clipboard
Link copied to clipboard

Functions

Link copied to clipboard
suspend fun createAuthnRequest(requestOptions: OidcSiopVerifier.RequestOptions = RequestOptions()): AuthenticationRequestParameters

Creates AuthenticationRequestParameters, to be encoded as query params appended to the URL of the Wallet, e.g. https://example.com?repsonse_type=... (see createAuthnRequestUrl)

Link copied to clipboard
suspend fun createAuthnRequestAsSignedRequestObject(requestOptions: OidcSiopVerifier.RequestOptions = RequestOptions()): KmmResult<JwsSigned>

Creates an JWS Authorization Request (JAR, RFC9101), wrapping the usual AuthenticationRequestParameters.

Link copied to clipboard
suspend fun createAuthnRequestUrl(walletUrl: String, requestOptions: OidcSiopVerifier.RequestOptions = RequestOptions()): String

Creates an OIDC Authentication Request, encoded as query parameters to the walletUrl.

Link copied to clipboard
suspend fun createAuthnRequestUrlWithRequestObject(walletUrl: String, requestOptions: OidcSiopVerifier.RequestOptions = RequestOptions()): KmmResult<String>

Creates an OIDC Authentication Request, encoded as query parameters to the walletUrl, containing a JWS Authorization Request (JAR, RFC9101) in request, containing the request parameters itself.

suspend fun createAuthnRequestUrlWithRequestObjectByReference(walletUrl: String, requestUrl: String, requestOptions: OidcSiopVerifier.RequestOptions = RequestOptions()): KmmResult<Pair<String, String>>

Creates an OIDC Authentication Request, encoded as query parameters to the walletUrl, containing a reference (request_uri, see AuthenticationRequestParameters.requestUri) to the JWS Authorization Request (JAR, RFC9101), containing the request parameters itself.

Link copied to clipboard
fun createQrCodeUrl(walletUrl: String, clientMetadataUrl: String, requestUrl: String): String

Create a URL to be displayed as a static QR code for Wallet initiation. URL is the walletUrl, with query parameters appended for relyingPartyUrl, clientMetadataUrl, requestUrl.

Link copied to clipboard
suspend fun createSignedMetadata(): KmmResult<JwsSigned>

Creates a JWS containing signed RelyingPartyMetadata, to be served under a client_metadata_uri at the Verifier.

Link copied to clipboard
suspend fun validateAuthnResponse(params: AuthenticationResponseParameters): OidcSiopVerifier.AuthnResponseResult

Validates AuthenticationResponseParameters from the Wallet

suspend fun validateAuthnResponse(url: String): OidcSiopVerifier.AuthnResponseResult

Validates the OIDC Authentication Response from the Wallet, where url is the whole URL, containing the AuthenticationResponseParameters as the fragment, e.g. https://example.com#id_token=...

Link copied to clipboard
suspend fun validateAuthnResponseFromPost(content: String): OidcSiopVerifier.AuthnResponseResult

Validates the OIDC Authentication Response from the Wallet, where content are the HTTP POST encoded AuthenticationResponseParameters, e.g. id_token=...&vp_token=...