vck-openid/at.asitplus.wallet.lib.oidvci/CredentialAuthorizationServiceStrategy

CredentialAuthorizationServiceStrategy

class CredentialAuthorizationServiceStrategy(credentialSchemes: Set<ConstantIndex.CredentialScheme>) : AuthorizationServiceStrategy(source)

Provide authentication and authorization for credential issuance.

Constructors

Link copied to clipboard
constructor(credentialSchemes: Set<ConstantIndex.CredentialScheme>)

Functions

Link copied to clipboard
open override fun allCredentialIdentifier(): Collection<String>

Return all valid credential identifiers for all schemes.

Link copied to clipboard
open override fun filterScope(scope: String): String

Filter the requested scope in the access token request to ones valid for credential issuance

Link copied to clipboard
open override fun matchAuthorizationDetails(authRequest: ClientAuthRequest, tokenRequest: TokenRequestParameters): Set<OpenIdAuthorizationDetails>

For credential issuing authorization details need to be present and need to match at least semantically

Link copied to clipboard
open override fun validateAuthorizationDetails(authorizationDetails: Collection<AuthorizationDetails>): Set<OpenIdAuthorizationDetails>

RFC9396. The AS MUST refuse to process any unknown authorization details type or authorization details not conforming to the respective type definition. The AS MUST abort processing and respond with an error invalid_authorization_details to the client if any of the following are true of the objects in the authorizationDetails structure:

Link copied to clipboard
open override fun validAuthorizationDetails(): Collection<OpenIdAuthorizationDetails>

Return all valid authorization details for pre-authorized codes, that the client may use in token requests

Link copied to clipboard
open override fun validScopes(): String

Return all valid scopes for pre-authorized codes, that the client may use in token requests