class CredentialIssuer(authorizationService: OAuth2AuthorizationServerAdapter, issuer: Issuer, keyMaterial: Set<KeyMaterial> = setOf(issuer.keyMaterial), cryptoAlgorithms: Set<SignatureAlgorithm> = keyMaterial.map { it.signatureAlgorithm }.toSet(), credentialSchemes: Set<ConstantIndex.CredentialScheme>, publicContext: String = "https://wallet.a-sit.at/credential-issuer", credentialEndpointPath: String = "/credential", nonceEndpointPath: String = "/nonce", requireKeyAttestation: Boolean = false, proofValidator: ProofValidator = ProofValidator( publicContext = publicContext, requireKeyAttestation = requireKeyAttestation, ), signMetadata: SignJwtFun<IssuerMetadata> = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderCertOrJwk()), encryptionService: IssuerEncryptionService = IssuerEncryptionService())

Server implementation to issue credentials using OID4VCI.

CredentialSchemeMapping

object CredentialSchemeMapping

Defines mapping of CredentialScheme to identifiers used in OID4VCI in CredentialIssuer (keys in at.asitplus.openid.IssuerMetadata.supportedCredentialConfigurations, and SupportedCredentialFormat.scope) and CredentialAuthorizationServiceStrategy (in at.asitplus.openid.OpenIdAuthorizationDetails.credentialConfigurationId).

DefaultCodeService

class DefaultCodeService : CodeService

DefaultMapStore

class DefaultMapStore<T, U> : MapStore<T, U>

Holds simple map in memory, protected with a Mutex, to ensure a basic form of thread-safety.

DefaultNonceService

class DefaultNonceService : NonceService

Holds valid random values in memory, protected with a Mutex, to ensure a basic form of thread-safety.

IssuerEncryptionService

class IssuerEncryptionService(encryptCredentialResponse: EncryptJweFun = EncryptJwe(EphemeralKeyWithoutCert()), requireResponseEncryption: Boolean = false, supportedJweAlgorithms: Set<JweAlgorithm> = setOf(JweAlgorithm.ECDH_ES), supportedJweEncryptionAlgorithms: Set<JweEncryption> = setOf(JweEncryption.A256GCM), requireRequestEncryption: Boolean = false, decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptCredentialRequest: DecryptJweFun? = DecryptJwe(decryptionKeyMaterial))

Server implementation to handle credential request decryption and credential response encryption using OID4VCI.

MapStore

interface MapStore<T, U>

Provides a simple map of keys of type T to values of type U. Mainly used in OID4VCI to hold state in at.asitplus.wallet.lib.oauth2.SimpleAuthorizationService and WalletService. Can be implemented to provide replication across different instances of the enclosing application.

NonceService

interface NonceService

Provides generation, storage and validation of challenges used throughout the code, e.g. as challenges for presentation of credentials. Can be implemented to provide replication across different instances of the enclosing application.

OAuth2AuthorizationServerAdapter

interface OAuth2AuthorizationServerAdapter

Used in OID4VCI by CredentialIssuer to obtain user data when issuing credentials using OID4VCI.

OAuth2Error

@Serializable

data class OAuth2Error(val error: String, val errorDescription: String? = null, val errorUri: String? = null, val state: String? = null)

The OAuth 2.0 Authorization Framework: Error responses, see RFC 6749.

OAuth2Exception

@Serializable

sealed class OAuth2Exception : Throwable

OAuth2ExceptionSerializer

object OAuth2ExceptionSerializer : JsonContentPolymorphicSerializer<OAuth2Exception>

OAuth2LoadUserFun

fun interface OAuth2LoadUserFun

Interface used in at.asitplus.wallet.lib.oauth2.AuthorizationService to actually load user data during the OAuth 2.0 flow, after an authn request (see AuthenticationRequestParameters) has been validated.

OAuth2LoadUserFunInput

data class OAuth2LoadUserFunInput(val request: AuthenticationRequestParameters)

OAuthAuthorizationError

interface OAuthAuthorizationError

Parameters

typealias Parameters = Map<String, String>

ProofValidator

class ProofValidator(publicContext: String = "https://wallet.a-sit.at/credential-issuer", verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Collection<JwsAlgorithm.Signature> = listOf(JwsAlgorithm.Signature.ES256), clock: Clock = Clock.System, timeLeeway: Duration = 5.minutes, verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true }, requireKeyAttestation: Boolean = false, clientNonceService: NonceService = DefaultNonceService())

Server implementation to issue credentials using OID4VCI.

TokenInfo

@Serializable

data class TokenInfo(val token: String, val authorizationDetails: Set<AuthorizationDetails>? = null, val scope: String? = null)

Internal data class for a token introspection result

WalletEncryptionService

class WalletEncryptionService(requestResponseEncryption: Boolean = false, requireRequestEncryption: Boolean = false, encryptCredentialRequest: EncryptJweFun = EncryptJwe(EphemeralKeyWithoutCert()), supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM, decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptCredentialResponse: DecryptJweFun? = DecryptJwe(decryptionKeyMaterial))

Wallet implementation to handle credential request encryption and credential response decryption using OID4VCI.

WalletService

class WalletService(val clientId: String = "https://wallet.a-sit.at/app", keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, loadKeyAttestation: suspend (WalletService.KeyAttestationInput) -> KmmResult<JwsSigned<KeyAttestationJwt>>? = null, encryptionService: WalletEncryptionService = WalletEncryptionService())

Client service to retrieve credentials using OID4VCI

Properties

json

val json: Json

Functions

decode

inline fun <T> Parameters.decode(): T

decodeFromPostBody

inline fun <T> String.decodeFromPostBody(): T

decodeFromUrlQuery

inline fun <T> Parameters.decodeFromUrlQuery(): T

inline fun <T> String.decodeFromUrlQuery(): T

encodeToParameters

inline fun <T> T.encodeToParameters(): Parameters

formUrlEncode

fun Parameters.formUrlEncode(): String

matches

fun OpenIdAuthorizationDetails.matches(other: AuthorizationDetails): Boolean

Returns true if the other authorization detail is semantically the same, i.e., it has the same OpenIdAuthorizationDetails.credentialConfigurationId.

safeDecodeUrlQueryComponent

fun String.safeDecodeUrlQueryComponent(plusIsSpace: Boolean = false): String

Empty strings can not be decoded by decodeURLQueryComponent, so we'll need to filter it.

toCredentialResponseParameters

fun Collection<Issuer.IssuedCredential>.toCredentialResponseParameters(): CredentialResponseParameters

toCredentialResponseSingleCredential

fun Issuer.IssuedCredential.toCredentialResponseSingleCredential(): CredentialResponseSingleCredential

toFormat

fun ConstantIndex.CredentialRepresentation.toFormat(): CredentialFormatEnum

toRepresentation

fun CredentialFormatEnum.toRepresentation(): ConstantIndex.CredentialRepresentation