vck-openid/at.asitplus.wallet.lib.oidc

Package-level declarations

Types

@Serializable

data class AuthenticationRequestParameters(val responseType: String? = null, val clientId: String? = null, val redirectUrl: String? = null, val scope: String? = null, val state: String? = null, val nonce: String? = null, val claims: AuthnRequestClaims? = null, val clientMetadata: RelyingPartyMetadata? = null, val clientMetadataUri: String? = null, val idTokenHint: String? = null, val request: String? = null, val requestUri: String? = null, val idTokenType: String? = null, val presentationDefinition: PresentationDefinition? = null, val presentationDefinitionUrl: String? = null, val authorizationDetails: Set<AuthorizationDetails>? = null, val clientIdScheme: OpenIdConstants.ClientIdScheme? = null, val walletIssuer: String? = null, val userHint: String? = null, val issuerState: String? = null, val responseMode: OpenIdConstants.ResponseMode? = null, val responseUrl: String? = null, val audience: String? = null, val issuer: String? = null, val issuedAt: Instant? = null, val resource: String? = null, val codeChallenge: String? = null, val codeChallengeMethod: String? = null)

Contents of an OIDC Authentication Request.

AuthenticationRequestParametersFrom

@Serializable

sealed class AuthenticationRequestParametersFrom

AuthenticationResponse

data class AuthenticationResponse(val params: AuthenticationResponseParameters, val clientMetadata: RelyingPartyMetadata?, val jsonWebKeys: Collection<JsonWebKey>?)

Intermediate DTO to hold the parsed clientMetadata as well as the created params.

AuthenticationResponseParameters

@Serializable

data class AuthenticationResponseParameters(val code: String? = null, val idToken: String? = null, val vpToken: JsonElement? = null, val presentationSubmission: PresentationSubmission? = null, val state: String? = null, val issuer: String? = null, val audience: String? = null, val expiration: Instant? = null, val response: String? = null)

Contents of an OIDC Authentication Response.

AuthenticationResponseResult

sealed class AuthenticationResponseResult

Possible outcomes of creating the OIDC Authentication Response

AuthnRequestClaims

@Serializable

data class AuthnRequestClaims(val idTokenMap: Map<String, AuthnRequestSingleClaim?>? = null, val userInfoMap: Map<String, AuthnRequestSingleClaim?>? = null)

AuthnRequestSingleClaim

@Serializable

data class AuthnRequestSingleClaim(val essential: Boolean? = null, val value: String? = null, val values: Array<String>? = null)

IdToken

@Serializable

data class IdToken(val issuer: String, val audience: String, val issuedAt: Instant, val expiration: Instant, val subject: String, val nonce: String, val subjectJwk: JsonWebKey? = null)

OpenID Connect ID Token, usually signed as JWS in id_token in a URL

IdTokenType

@Serializable(with = IdTokenTypeSerializer::class)

enum IdTokenType : Enum<IdTokenType>

IdTokenTypeSerializer

object IdTokenTypeSerializer : KSerializer<IdTokenType>

OidcSiopVerifier

class OidcSiopVerifier

Combines Verifiable Presentations with OpenId Connect. Implements OIDC for VP (2023-04-21) as well as SIOP V2 (2023-01-01).

OidcSiopWallet

class OidcSiopWallet(holder: Holder, agentPublicKey: CryptoPublicKey, jwsService: JwsService, clock: Clock = Clock.System, clientId: String = "https://wallet.a-sit.at/", remoteResourceRetriever: RemoteResourceRetrieverFunction, requestObjectJwsVerifier: RequestObjectJwsVerifier, scopePresentationDefinitionRetriever: ScopePresentationDefinitionRetriever)

Combines Verifiable Presentations with OpenId Connect. Implements OIDC for VP (2023-04-21) as well as SIOP V2 (2023-01-01).

OpenIdConstants

object OpenIdConstants

RelyingPartyMetadata

@Serializable

data class RelyingPartyMetadata(val redirectUris: List<String>? = null, val jsonWebKeySet: JsonWebKeySet? = null, val jsonWebKeySetUrl: String? = null, val idTokenSignedResponseAlg: JwsAlgorithm? = null, val authorizationSignedResponseAlg: JwsAlgorithm? = null, val authorizationEncryptedResponseAlg: JweAlgorithm? = null, val authorizationEncryptedResponseEncoding: JweEncryption? = null, val idTokenEncryptedResponseAlg: JweAlgorithm? = null, val idTokenEncryptedResponseEncoding: JweEncryption? = null, val subjectSyntaxTypesSupported: Set<String>? = null, val vpFormats: FormatHolder? = null, val clientIdScheme: OpenIdConstants.ClientIdScheme? = OpenIdConstants.ClientIdScheme.PRE_REGISTERED)

RemoteResourceRetrieverFunction

typealias RemoteResourceRetrieverFunction = suspend (String) -> String?

Implementations need to fetch the url passed in, and return either the body, if there is one, or the HTTP header Location, i.e. if the server sends the request object as a redirect.

RequestObjectJwsVerifier

fun interface RequestObjectJwsVerifier

Implementations need to verify the passed JwsSigned and return its result

ScopePresentationDefinitionRetriever

typealias ScopePresentationDefinitionRetriever = suspend (String) -> PresentationDefinition?

Implementations need to match a scope value to a PresentationDefinition if a related presentation definition is known.

Properties

jsonSerializer

val jsonSerializer: Json