vck-openid/at.asitplus.wallet.lib.openid/ClientIdScheme/CertificateHash

CertificateHash

class CertificateHash(val chain: CertificateChain, val redirectUri: String) : ClientIdScheme(source)

When the Client Identifier Prefix is x509_hash, the original Client Identifier (the part without the x509_hash: prefix) MUST be a hash and match the hash of the leaf certificate passed with the request. The request MUST be signed with the private key corresponding to the public key in the leaf X.509 certificate of the certificate chain added to the request in the x5c JOSE header parameter RFC 7515 of the signed request object. The value of x509_hash is the base64url encoded value of the SHA-256 hash of the DER-encoded X.509 certificate. The Wallet MUST validate the signature and the trust chain of the X.509 leaf certificate. All Verifier metadata other than the public key MUST be obtained from the client_metadata parameter. Example Client Identifier: x509_hash:Uvo3HtuIxuhC92rShpgqcT3YXwrqRxWEviRiA0OZszk.

Constructors

Link copied to clipboard
constructor(chain: CertificateChain, redirectUri: String)

Properties

Link copied to clipboard
val chain: CertificateChain
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val issuerUri: String?

Optional parameter, to be used as iss for signed authorization requests

Link copied to clipboard
Link copied to clipboard