vck-openid/at.asitplus.wallet.lib.openid/OpenId4VpVerifier

OpenId4VpVerifier

class OpenId4VpVerifier(clientIdScheme: ClientIdScheme, keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), val verifier: Verifier = VerifierAgent(identifier = clientIdScheme.clientId), decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptJwe: DecryptJweFun = DecryptJwe(decryptionKeyMaterial), signAuthnRequest: SignJwtFun<AuthenticationRequestParameters> = SignJwt(keyMaterial, JwsHeaderClientIdScheme(clientIdScheme)), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Set<SignatureAlgorithm> = setOf(SignatureAlgorithm.ECDSAwithSHA256), verifyCoseSignature: VerifyCoseSignatureWithKeyFun<ByteArray> = VerifyCoseSignatureWithKey(), timeLeewaySeconds: Long = 300, clock: Clock = Clock.System, nonceService: NonceService = DefaultNonceService(), stateToAuthnRequestStore: MapStore<String, AuthenticationRequestParameters> = DefaultMapStore(), supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM)(source)

Combines Verifiable Presentations with OAuth 2.0. Implements OpenID4VP (1.0, 2025-07-09) as well as SIOP V2 (D13, 2023-11-28).

This class creates the Authentication Request (see AuthenticationRequestParameters), clients need to send it to the holder (see OpenId4VpHolder) which will create the Authentication Response, which will be verified here in validateAuthnResponse.

Constructors

Link copied to clipboard
constructor(clientIdScheme: ClientIdScheme, keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), verifier: Verifier = VerifierAgent(identifier = clientIdScheme.clientId), decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptJwe: DecryptJweFun = DecryptJwe(decryptionKeyMaterial), signAuthnRequest: SignJwtFun<AuthenticationRequestParameters> = SignJwt(keyMaterial, JwsHeaderClientIdScheme(clientIdScheme)), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Set<SignatureAlgorithm> = setOf(SignatureAlgorithm.ECDSAwithSHA256), verifyCoseSignature: VerifyCoseSignatureWithKeyFun<ByteArray> = VerifyCoseSignatureWithKey(), timeLeewaySeconds: Long = 300, clock: Clock = Clock.System, nonceService: NonceService = DefaultNonceService(), stateToAuthnRequestStore: MapStore<String, AuthenticationRequestParameters> = DefaultMapStore(), supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM)

Types

Link copied to clipboard
data class CreatedRequest(val url: String, val loadRequestObject: suspend (RequestObjectParameters?) -> KmmResult<String>? = null)
Link copied to clipboard
sealed class CreationOptions

Properties

Link copied to clipboard
Link copied to clipboard
val metadataWithEncryption: RelyingPartyMetadata

Creates the RelyingPartyMetadata, but with parameters set to request encryption of pushed authentication responses, see RelyingPartyMetadata.encryptedResponseEncValues.

Link copied to clipboard
val verifier: Verifier

Verifies the holder's response against our identifier from clientIdScheme.

Functions

Link copied to clipboard
suspend fun createAuthnRequest(requestOptions: RequestOptions, requestObjectParameters: RequestObjectParameters? = null): AuthenticationRequestParameters

Creates AuthenticationRequestParameters, to be encoded in the URL of the wallet somehow, see createAuthnRequest

suspend fun createAuthnRequest(requestOptions: RequestOptions, creationOptions: OpenId4VpVerifier.CreationOptions): KmmResult<OpenId4VpVerifier.CreatedRequest>
Link copied to clipboard
suspend fun createAuthnRequestAsSignedRequestObject(requestOptions: RequestOptions, requestObjectParameters: RequestObjectParameters? = null): KmmResult<JwsSigned<AuthenticationRequestParameters>>

Creates an JWS Authorization Request (JAR, RFC9101), wrapping the usual AuthenticationRequestParameters.

Link copied to clipboard
suspend fun prepareAuthnRequest(requestOptions: RequestOptions, requestObjectParameters: RequestObjectParameters? = null): AuthenticationRequestParameters

Creates AuthenticationRequestParameters, to be encoded in the URL of the wallet somehow, see createAuthnRequest

Link copied to clipboard
suspend fun submitAuthnRequest(authenticationRequestParameters: AuthenticationRequestParameters)

Remembers authenticationRequestParameters to link responses to requests

Link copied to clipboard
suspend fun validateAuthnResponse(input: ResponseParametersFrom): AuthnResponseResult

Validates AuthenticationResponseParameters from the Wallet

suspend fun validateAuthnResponse(input: String): AuthnResponseResult

Validates an Authentication Response from the Wallet, where input is either:

suspend fun validateAuthnResponse(input: Map<String, String>): AuthnResponseResult