vck-openid/at.asitplus.wallet.lib.openid/OpenId4VpVerifier

OpenId4VpVerifier

open class OpenId4VpVerifier( clientIdScheme: ClientIdScheme, keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), val verifier: Verifier = VerifierAgent(identifier = clientIdScheme.clientId), jwsService: JwsService = DefaultJwsService(DefaultCryptoService(keyMaterial)), verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(DefaultVerifierCryptoService()), verifierCoseService: VerifierCoseService = DefaultVerifierCoseService(DefaultVerifierCryptoService()), timeLeewaySeconds: Long = 300, clock: Clock = Clock.System, nonceService: NonceService = DefaultNonceService(), stateToAuthnRequestStore: MapStore<String, AuthenticationRequestParameters> = DefaultMapStore())(source)

Combines Verifiable Presentations with OpenId Connect. Implements OpenID for VP (2024-12-02) as well as SIOP V2 (2023-11-28).

This class creates the Authentication Request, verifier verifies the response. See OpenId4VpHolder for the holder.

Constructors

OpenId4VpVerifier

constructor( clientIdScheme: ClientIdScheme, keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), verifier: Verifier = VerifierAgent(identifier = clientIdScheme.clientId), jwsService: JwsService = DefaultJwsService(DefaultCryptoService(keyMaterial)), verifierJwsService: VerifierJwsService = DefaultVerifierJwsService(DefaultVerifierCryptoService()), verifierCoseService: VerifierCoseService = DefaultVerifierCoseService(DefaultVerifierCryptoService()), timeLeewaySeconds: Long = 300, clock: Clock = Clock.System, nonceService: NonceService = DefaultNonceService(), stateToAuthnRequestStore: MapStore<String, AuthenticationRequestParameters> = DefaultMapStore())

Types

CreatedRequest

data class CreatedRequest(val url: String, val loadRequestObject: suspend (RequestObjectParameters?) -> KmmResult<String>? = null)

CreationOptions

sealed class CreationOptions

Properties

jarMetadata

val jarMetadata: JwtVcIssuerMetadata

Serve this result JSON-serialized under /.well-known/jar-issuer (see OpenIdConstants.PATH_WELL_KNOWN_JAR_ISSUER), so that SIOP Wallets can look up the keys used to sign request objects.

metadata

val metadata: RelyingPartyMetadata

Creates the at.asitplus.openid.RelyingPartyMetadata, without encryption (see metadataWithEncryption)

metadataWithEncryption

val metadataWithEncryption: RelyingPartyMetadata

Creates the RelyingPartyMetadata, but with parameters set to request encryption of pushed authentication responses, see RelyingPartyMetadata.authorizationEncryptedResponseAlg and RelyingPartyMetadata.authorizationEncryptedResponseEncoding.

verifier

val verifier: Verifier

Functions

createAuthnRequest

suspend fun createAuthnRequest( requestOptions: RequestOptions, requestObjectParameters: RequestObjectParameters? = null): AuthenticationRequestParameters

Creates AuthenticationRequestParameters, to be encoded in the URL of the wallet somehow, see createAuthnRequest

suspend fun createAuthnRequest( requestOptions: RequestOptions, creationOptions: OpenId4VpVerifier.CreationOptions): KmmResult<OpenId4VpVerifier.CreatedRequest>

createAuthnRequestAsSignedRequestObject

suspend fun createAuthnRequestAsSignedRequestObject( requestOptions: RequestOptions, requestObjectParameters: RequestObjectParameters? = null): KmmResult<JwsSigned<AuthenticationRequestParameters>>

Creates an JWS Authorization Request (JAR, RFC9101), wrapping the usual AuthenticationRequestParameters.

prepareAuthnRequest

suspend fun prepareAuthnRequest( requestOptions: RequestOptions, requestObjectParameters: RequestObjectParameters? = null): AuthenticationRequestParameters

Creates AuthenticationRequestParameters, to be encoded in the URL of the wallet somehow, see createAuthnRequest

submitAuthnRequest

suspend fun submitAuthnRequest(authenticationRequestParameters: AuthenticationRequestParameters)

Remembers authenticationRequestParameters to link responses to requests

validateAuthnResponse

suspend fun validateAuthnResponse(input: ResponseParametersFrom): AuthnResponseResult

Validates AuthenticationResponseParameters from the Wallet

suspend fun validateAuthnResponse(input: String): AuthnResponseResult

Validates an Authentication Response from the Wallet, where input is either:

suspend fun validateAuthnResponse(input: Map<String, String>): AuthnResponseResult

Validates an Authentication Response from the Wallet, where input is a map of POST parameters received.