vck-openid/at.asitplus.wallet.lib.oidvci/WalletService

WalletService

class WalletService(val clientId: String = "https://wallet.a-sit.at/app", keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, loadKeyAttestation: suspend (WalletService.KeyAttestationInput) -> KmmResult<JwsSigned<KeyAttestationJwt>>? = null, encryptionService: WalletEncryptionService = WalletEncryptionService())(source)

Client service to retrieve credentials using OID4VCI

Implemented from OpenID for Verifiable Credential Issuance 1.0 from 2025-09-16.

Constructors

Link copied to clipboard
constructor(clientId: String = "https://wallet.a-sit.at/app", keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, loadKeyAttestation: suspend (WalletService.KeyAttestationInput) -> KmmResult<JwsSigned<KeyAttestationJwt>>? = null, encryptionService: WalletEncryptionService = WalletEncryptionService())

Types

Link copied to clipboard
sealed interface CredentialRequest
Link copied to clipboard
data class KeyAttestationInput(val clientNonce: String?, val supportedAlgorithms: Collection<String>?)
Link copied to clipboard
data class RequestOptions(val credentialScheme: ConstantIndex.CredentialScheme, val representation: ConstantIndex.CredentialRepresentation = PLAIN_JWT, val state: String = uuid4().toString())

Properties

Link copied to clipboard
val clientId: String

Used as the issuer in credential proofs. Must match the client_id of the OAuth client.

Functions

Link copied to clipboard
fun buildAuthorizationDetails(credentialConfigurationId: String, authorizationServers: Set<String>? = null): Set<OpenIdAuthorizationDetails>
fun buildAuthorizationDetails(credentialConfigurationIds: Set<String>, authorizationServers: Set<String>? = null): Set<OpenIdAuthorizationDetails>

Build authorization details for use in OAuth2Client.createAuthRequest.

Link copied to clipboard
suspend fun createCredential(tokenResponse: TokenResponseParameters, metadata: IssuerMetadata, credentialFormat: SupportedCredentialFormat, clientNonce: String? = null, previouslyRequestedScope: String? = null, clock: Clock = Clock.System): KmmResult<Collection<WalletService.CredentialRequest>>

Creates the credential request to be sent to the credential issuer. Also send along the TokenResponseParameters.accessToken from the token response in HTTP header Authorization see TokenResponseParameters.toHttpHeaderValue. Be sure to include a DPoP header if TokenResponseParameters.tokenType is DPoP, see BuildDPoPHeader. For sample ktor code see OpenId4VciClient in vck-openid-ktor.

Link copied to clipboard
suspend fun parseCredentialOffer(input: String): KmmResult<CredentialOffer>

Pass in the URL provided by the Credential Issuer, which may contain a direct CredentialOffer or a URI pointing to it.

Link copied to clipboard
suspend fun parseCredentialResponse(response: CredentialIssuer.CredentialResponse, representation: ConstantIndex.CredentialRepresentation, scheme: ConstantIndex.CredentialScheme): KmmResult<Collection<Holder.StoreCredentialInput>>
suspend fun parseCredentialResponse(response: String, isEncrypted: Boolean, representation: ConstantIndex.CredentialRepresentation, scheme: ConstantIndex.CredentialScheme): KmmResult<Collection<Holder.StoreCredentialInput>>

Parses response received from the credential issuer, mapping to Holder.StoreCredentialInput, decrypting the response if required.

Link copied to clipboard