vck-openid/at.asitplus.wallet.lib.oidc/OpenIdConstants/ClientIdScheme/X509_SAN_URI

X509_SAN_URI

@Serializable(with = OpenIdConstants.ClientIdScheme.Serializer::class)

object X509_SAN_URI : OpenIdConstants.ClientIdScheme(source)

When the Client Identifier Scheme is x509_san_uri, the Client Identifier MUST be a URI name and match a uniformResourceIdentifier Subject Alternative Name (SAN) RFC5280 entry in the leaf certificate passed with the request. The request MUST be signed with the private key corresponding to the public key in the leaf X.509 certificate of the certificate chain added to the request in the x5c JOSE header RFC7515 of the signed request object.

The Wallet MUST validate the signature and the trust chain of the X.509 certificate. All Verifier metadata other than the public key MUST be obtained from the client_metadata parameter. If the Wallet can establish trust in the Client Identifier authenticated through the certificate, e.g. because the Client Identifier is contained in a list of trusted Client Identifiers, it may allow the client to freely choose the redirect_uri value. If not, the FQDN of the redirect_uri value MUST match the Client Identifier.

Properties

stringRepresentation

val stringRepresentation: String

Functions

equals

open operator override fun equals(other: Any?): Boolean

toString

open override fun toString(): String