class CredentialIssuer(authorizationService: OAuth2AuthorizationServerAdapter, issuer: Issuer = IssuerAgent(), keyMaterial: Set<KeyMaterial> = setOf(issuer.keyMaterial), cryptoAlgorithms: Set<SignatureAlgorithm> = keyMaterial.map { it.signatureAlgorithm }.toSet(), credentialSchemes: Set<ConstantIndex.CredentialScheme>, publicContext: String = "https://wallet.a-sit.at/credential-issuer", credentialEndpointPath: String = "/credential", nonceEndpointPath: String = "/nonce", credentialProvider: CredentialIssuerDataProvider = FallbackCredentialIssuerDataProvider(), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Collection<JwsAlgorithm.Signature> = listOf(JwsAlgorithm.Signature.ES256), clock: Clock = System, timeLeeway: Duration = 5.minutes, verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true }, requireKeyAttestation: Boolean = false, clientNonceService: NonceService = DefaultNonceService(), encryptCredentialRequest: EncryptJweFun = EncryptJwe(EphemeralKeyWithoutCert()), requireEncryption: Boolean = false, supportedJweAlgorithms: Set<JweAlgorithm> = setOf(JweAlgorithm.ECDH_ES), supportedJweEncryptionAlgorithms: Set<JweEncryption> = setOf(JweEncryption.A256GCM), proofValidator: ProofValidator = ProofValidator( publicContext = publicContext, verifyJwsObject = verifyJwsObject, supportedAlgorithms = supportedAlgorithms, clock = clock, timeLeeway = timeLeeway, verifyAttestationProof = verifyAttestationProof, requireKeyAttestation = requireKeyAttestation, clientNonceService = clientNonceService, ))

Server implementation to issue credentials using OID4VCI.

CredentialIssuerDataProvider

fun interface ~~CredentialIssuerDataProvider~~

CredentialIssuerDataProviderAdapter

class CredentialIssuerDataProviderAdapter(val credentialDataProvider: CredentialIssuerDataProvider) : CredentialDataProviderFun

Adapter for deprecated code, to be removed 5.8.0

CredentialSchemeMapping

object CredentialSchemeMapping

Defines mapping of CredentialScheme to identifiers used in OID4VCI in CredentialIssuer (keys in at.asitplus.openid.IssuerMetadata.supportedCredentialConfigurations, and SupportedCredentialFormat.scope) and CredentialAuthorizationServiceStrategy (in at.asitplus.openid.OpenIdAuthorizationDetails.credentialConfigurationId).

DefaultCodeService

class DefaultCodeService : CodeService

DefaultMapStore

class DefaultMapStore<T, U> : MapStore<T, U>

Holds simple map in memory, protected with a Mutex, to ensure a basic form of thread-safety.

DefaultNonceService

class DefaultNonceService : NonceService

Holds valid random values in memory, protected with a Mutex, to ensure a basic form of thread-safety.

FallbackAdapter

class FallbackAdapter(dataProvider: OAuth2DataProvider?) : OAuth2LoadUserFun

MapStore

interface MapStore<T, U>

Provides a simple map of keys of type T to values of type U. Mainly used in OID4VCI to hold state in at.asitplus.wallet.lib.oauth2.SimpleAuthorizationService and WalletService. Can be implemented to provide replication across different instances of the enclosing application.

NonceService

interface NonceService

Provides generation, storage and validation of challenges used throughout the code, e.g. as challenges for presentation of credentials. Can be implemented to provide replication across different instances of the enclosing application.

OAuth2AuthorizationServerAdapter

interface OAuth2AuthorizationServerAdapter

Used in OID4VCI by CredentialIssuer to obtain user data when issuing credentials using OID4VCI.

OAuth2DataProvider

fun interface ~~OAuth2DataProvider~~

Interface used in CredentialAuthorizationServiceStrategy to actually load user data during the OAuth 2.0 flow, after an authn request (see AuthenticationRequestParameters) has been validated.

OAuth2Error

@Serializable

data class OAuth2Error(val error: String, val errorDescription: String? = null, val errorUri: String? = null, val state: String? = null)

Source: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html OpenID for Verifiable Credential Issuance Published: 3 February 2023

OAuth2Exception

@Serializable

sealed class OAuth2Exception : Throwable

OAuth2ExceptionSerializer

object OAuth2ExceptionSerializer : JsonContentPolymorphicSerializer<OAuth2Exception>

OAuth2LoadUserFun

fun interface OAuth2LoadUserFun

Interface used in at.asitplus.wallet.lib.oauth2.AuthorizationService to actually load user data during the OAuth 2.0 flow, after an authn request (see AuthenticationRequestParameters) has been validated.

OAuth2LoadUserFunInput

data class OAuth2LoadUserFunInput(val request: AuthenticationRequestParameters, val code: String)

Parameters

typealias Parameters = Map<String, String>

ProofValidator

class ProofValidator(publicContext: String = "https://wallet.a-sit.at/credential-issuer", verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Collection<JwsAlgorithm.Signature> = listOf(JwsAlgorithm.Signature.ES256), clock: Clock = Clock.System, timeLeeway: Duration = 5.minutes, verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true }, requireKeyAttestation: Boolean = false, clientNonceService: NonceService = DefaultNonceService())

Server implementation to issue credentials using OID4VCI.

WalletService

class WalletService(val clientId: String = "https://wallet.a-sit.at/app", redirectUrl: String = "/callback", keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, loadKeyAttestation: suspend (WalletService.KeyAttestationInput) -> KmmResult<JwsSigned<KeyAttestationJwt>>? = null, requestEncryption: Boolean = false, decryptionKeyMaterial: KeyMaterial? = null, supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM, val oauth2Client: OAuth2Client = OAuth2Client(clientId, redirectUrl))

Client service to retrieve credentials using OID4VCI

Properties

json

val json: Json

Functions

decode

inline fun <T> Parameters.decode(): T

decodeFromPostBody

inline fun <T> String.decodeFromPostBody(): T

decodeFromUrlQuery

inline fun <T> Parameters.decodeFromUrlQuery(): T

inline fun <T> String.decodeFromUrlQuery(): T

encodeToParameters

inline fun <T> T.encodeToParameters(): Parameters

formUrlEncode

fun Parameters.formUrlEncode(): String

matches

fun OpenIdAuthorizationDetails.matches(other: AuthorizationDetails): Boolean

Returns true if the other authorization detail is semantically the same, i.e. it has either the same OpenIdAuthorizationDetails.credentialConfigurationId or the same OpenIdAuthorizationDetails.format plus format-specific properties.

safeDecodeUrlQueryComponent

fun String.safeDecodeUrlQueryComponent(plusIsSpace: Boolean = false): String

Empty strings can not be decoded by decodeURLQueryComponent, so we'll need to filter it.

toCredentialIdentifier

fun ConstantIndex.CredentialScheme.~~toCredentialIdentifier~~(): List<String>

fun ConstantIndex.CredentialScheme.~~toCredentialIdentifier~~(rep: ConstantIndex.CredentialRepresentation): String

toCredentialResponseParameters

suspend fun Issuer.IssuedCredential.toCredentialResponseParameters(transformer: suspend (String) -> String = { it }): CredentialResponseParameters

suspend fun Collection<Issuer.IssuedCredential>.toCredentialResponseParameters(transformer: suspend (String) -> String = { it }): CredentialResponseParameters

toCredentialResponseSingleCredential

suspend fun Issuer.IssuedCredential.toCredentialResponseSingleCredential(transformer: suspend (String) -> String = { it }): CredentialResponseSingleCredential

toFormat

fun ConstantIndex.CredentialRepresentation.toFormat(): CredentialFormatEnum

toRepresentation

fun CredentialFormatEnum.toRepresentation(): ConstantIndex.CredentialRepresentation