class CredentialIssuer(authorizationService: OAuth2AuthorizationServerAdapter, issuer: Issuer, keyMaterial: Set<KeyMaterial> = setOf(issuer.keyMaterial), cryptoAlgorithms: Set<SignatureAlgorithm> = keyMaterial.map { it.signatureAlgorithm }.toSet(), credentialSchemes: Set<ConstantIndex.CredentialScheme>, publicContext: String = "https://wallet.a-sit.at/credential-issuer", credentialEndpointPath: String = "/credential", nonceEndpointPath: String = "/nonce", requireKeyAttestation: Boolean = false, proofValidator: ProofValidator = ProofValidator( publicContext = publicContext, requireKeyAttestation = requireKeyAttestation, ), signMetadata: SignJwtFun<IssuerMetadata> = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderCertOrJwk()), encryptionService: IssuerEncryptionService = IssuerEncryptionService(), credentialSchemeMapper: CredentialSchemeMapper = DefaultCredentialSchemeMapper())

Server implementation to issue credentials using OID4VCI.

CredentialSchemeMapper

interface CredentialSchemeMapper

Defines mapping of CredentialScheme to identifiers used in OID4VCI in CredentialIssuer (keys in at.asitplus.openid.IssuerMetadata.supportedCredentialConfigurations, and SupportedCredentialFormat.scope) and CredentialAuthorizationServiceStrategy (in at.asitplus.openid.OpenIdAuthorizationDetails.credentialConfigurationId).

CredentialSchemeMapping

object CredentialSchemeMapping

DefaultCodeService

class DefaultCodeService : CodeService

DefaultCredentialSchemeMapper

class DefaultCredentialSchemeMapper : CredentialSchemeMapper

DefaultMapStore

class ~~DefaultMapStore~~

DefaultNonceService

class ~~DefaultNonceService~~

IssuerEncryptionService

class IssuerEncryptionService(encryptCredentialResponse: EncryptJweFun = EncryptJwe(EphemeralKeyWithoutCert()), requireResponseEncryption: Boolean = false, supportedJweAlgorithms: Set<JweAlgorithm> = setOf(JweAlgorithm.ECDH_ES), supportedJweEncryptionAlgorithms: Set<JweEncryption> = setOf(JweEncryption.A256GCM), requireRequestEncryption: Boolean = false, decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptCredentialRequest: DecryptJweFun? = DecryptJwe(decryptionKeyMaterial))

Server implementation to handle credential request decryption and credential response encryption using OID4VCI.

MapStore

class ~~MapStore~~

NonceService

class ~~NonceService~~

OAuth2AuthorizationServerAdapter

interface OAuth2AuthorizationServerAdapter

Used in OID4VCI by CredentialIssuer to obtain user data when issuing credentials using OID4VCI.

OAuth2Error

@Serializable

data class OAuth2Error(val error: String, val errorDescription: String? = null, val errorUri: String? = null, val state: String? = null)

The OAuth 2.0 Authorization Framework: Error responses, see RFC 6749.

OAuth2Exception

@Serializable

sealed class OAuth2Exception : Throwable

OAuth2/OIDC error representation for issuer and wallet flows. Use to model protocol errors and serialize them for responses.

OAuth2ExceptionSerializer

object OAuth2ExceptionSerializer : JsonContentPolymorphicSerializer<OAuth2Exception>

OAuth2LoadUserFun

fun interface OAuth2LoadUserFun

Interface used in at.asitplus.wallet.lib.oauth2.AuthorizationService to actually load user data during the OAuth 2.0 flow, after an authn request (see AuthenticationRequestParameters) has been validated.

OAuth2LoadUserFunInput

data class OAuth2LoadUserFunInput(val request: AuthenticationRequestParameters)

OAuthAuthorizationError

interface OAuthAuthorizationError

Parameters

typealias Parameters = Map<String, String>

ProofValidator

class ProofValidator(publicContext: String = "https://wallet.a-sit.at/credential-issuer", verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Collection<JwsAlgorithm.Signature> = listOf(JwsAlgorithm.Signature.ES256), clock: Clock = Clock.System, timeLeeway: Duration = 5.minutes, verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true }, requireKeyAttestation: Boolean = false, clientNonceService: NonceService = DefaultNonceService())

Server implementation to issue credentials using OID4VCI.

TokenInfo

@Serializable

data class TokenInfo(val token: String, val authorizationDetails: Set<AuthorizationDetails>? = null, val scope: String? = null)

Internal data class for a token introspection result

WalletEncryptionService

class WalletEncryptionService(requestResponseEncryption: Boolean = false, requireRequestEncryption: Boolean = false, encryptCredentialRequest: EncryptJweFun = EncryptJwe(EphemeralKeyWithoutCert()), supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM, fallbackJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM, decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptCredentialResponse: DecryptJweFun? = DecryptJwe(decryptionKeyMaterial))

Wallet implementation to handle credential request encryption and credential response decryption using OID4VCI.

WalletService

class WalletService(val clientId: String = "https://wallet.a-sit.at/app", keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, loadKeyAttestation: suspend (WalletService.KeyAttestationInput) -> KmmResult<JwsSigned<KeyAttestationJwt>>? = null, encryptionService: WalletEncryptionService = WalletEncryptionService())

Client service to retrieve credentials using OID4VCI

Properties

json

val json: Json

Functions

decode

inline fun <T> Parameters.decode(): T

decodeFromPostBody

inline fun <T> String.decodeFromPostBody(): T

decodeFromUrlQuery

inline fun <T> String.decodeFromUrlQuery(): T

inline fun <T> Parameters.decodeFromUrlQuery(): T

encodeToParameters

inline fun <T> T.encodeToParameters(): Parameters

formUrlEncode

fun Parameters.formUrlEncode(): String

matches

fun OpenIdAuthorizationDetails.matches(other: AuthorizationDetails): Boolean

Returns true if the other authorization detail is semantically the same, i.e., it has the same OpenIdAuthorizationDetails.credentialConfigurationId.

safeDecodeUrlQueryComponent

fun String.safeDecodeUrlQueryComponent(plusIsSpace: Boolean = false): String

Empty strings can not be decoded by decodeURLQueryComponent, so we'll need to filter it.

toCredentialResponseParameters

fun Collection<Issuer.IssuedCredential>.toCredentialResponseParameters(): CredentialResponseParameters

toCredentialResponseSingleCredential

fun Issuer.IssuedCredential.toCredentialResponseSingleCredential(): CredentialResponseSingleCredential

toFormat

fun ConstantIndex.CredentialRepresentation.toFormat(): CredentialFormatEnum

toRepresentation

fun CredentialFormatEnum.toRepresentation(): ConstantIndex.CredentialRepresentation