vck-openid/at.asitplus.wallet.lib.oidvci/CredentialIssuer

CredentialIssuer

class CredentialIssuer(    authorizationService: OAuth2AuthorizationServerAdapter,     issuer: Issuer,     credentialSchemes: Set<ConstantIndex.CredentialScheme>,     publicContext: String = "https://wallet.a-sit.at/credential-issuer",     credentialEndpointPath: String = "/credential",     nonceEndpointPath: String = "/nonce",     credentialProvider: CredentialIssuerDataProvider,     verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(),     clock: Clock = System,     timeLeeway: Duration = 5.minutes,     verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true },     requireKeyAttestation: Boolean = false,     clientNonceService: NonceService = DefaultNonceService(),     jwsEncryptionService: JwsService = DefaultJwsService(DefaultCryptoService(EphemeralKeyWithoutCert())),     requireEncryption: Boolean = false)(source)

Server implementation to issue credentials using OID4VCI.

Implemented from OpenID for Verifiable Credential Issuance , Draft 15, 2024-12-19.

Constructors

Link copied to clipboard
constructor(    authorizationService: OAuth2AuthorizationServerAdapter,     issuer: Issuer,     credentialSchemes: Set<ConstantIndex.CredentialScheme>,     publicContext: String = "https://wallet.a-sit.at/credential-issuer",     credentialEndpointPath: String = "/credential",     nonceEndpointPath: String = "/nonce",     credentialProvider: CredentialIssuerDataProvider,     verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(),     clock: Clock = System,     timeLeeway: Duration = 5.minutes,     verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true },     requireKeyAttestation: Boolean = false,     clientNonceService: NonceService = DefaultNonceService(),     jwsEncryptionService: JwsService = DefaultJwsService(DefaultCryptoService(EphemeralKeyWithoutCert())),     requireEncryption: Boolean = false)

Properties

Link copied to clipboard
val jwtVcMetadata: JwtVcIssuerMetadata

Serve this result JSON-serialized under /.well-known/jwt-vc-issuer (see OpenIdConstants.PATH_WELL_KNOWN_JWT_VC_ISSUER_METADATA), so that verifiers can look up the keys used to sign credentials.

Link copied to clipboard
val metadata: IssuerMetadata

Serve this result JSON-serialized under /.well-known/openid-credential-issuer (see OpenIdConstants.PATH_WELL_KNOWN_CREDENTIAL_ISSUER)

Functions

Link copied to clipboard
suspend fun credential(    authorizationHeader: String,     params: CredentialRequestParameters,     request: RequestInfo? = null): KmmResult<CredentialResponseParameters>

Verifies the authorizationHeader to contain a token from authorizationService, verifies the proof sent by the client (must contain a nonce sent from authorizationService), and issues credentials to the client.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
suspend fun nonce(): KmmResult<ClientNonceResponse>

Provides a fresh nonce to the clients, for incorporating them into the credential proofs.