vck-openid/at.asitplus.wallet.lib.openid

Package-level declarations

Types

AuthenticationResponse

sealed class AuthenticationResponse

Intermediate DTO to hold the parsed clientMetadata as well as the created params.

AuthenticationResponseResult

sealed class AuthenticationResponseResult

Possible outcomes of creating an OpenID Authentication Response, to be sent back to the verifier.

AuthnResponseResult

sealed class AuthnResponseResult

Result of validating an OpenID authentication response, covering success and error cases. Use to inspect how a wallet response was parsed and whether presentation validation succeeded.

AuthorizationResponsePreparationState

@Serializable

data class AuthorizationResponsePreparationState(val request: RequestParametersFrom<AuthenticationRequestParameters>, val credentialPresentationRequest: CredentialPresentationRequest?, val clientMetadata: RelyingPartyMetadata?, val jsonWebKeys: Collection<JsonWebKey>?, val requestObjectVerified: Boolean?, val verifierInfo: List<VerifierInfo>?)

Intermediate result class to display information about the authentication process to the user, i.e., to let them make an informed decision.

ClientIdScheme

sealed class ClientIdScheme

Represents the OpenID client identifier scheme used to validate verifier identity. Use to select the client-id flavor (redirect URI, X.509, attestation) and derive IDs/URIs accordingly.

CredentialMatchingResult

sealed interface CredentialMatchingResult<Credential : Any>

DCQLMatchingResult

data class DCQLMatchingResult<Credential : Any>(val presentationRequest: CredentialPresentationRequest.DCQLRequest, val dcqlQueryResult: DCQLQueryResult<Credential>) : CredentialMatchingResult<Credential>

JwsHeaderClientIdScheme

class JwsHeaderClientIdScheme(val clientIdScheme: ClientIdScheme) : JwsHeaderIdentifierFun

OpenId4VpHolder

class OpenId4VpHolder(keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), holder: Holder = HolderAgent(keyMaterial), signIdToken: SignJwtFun<IdToken> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), encryptJarm: EncryptJweFun = EncryptJwe(keyMaterial), supportedAlgorithms: Set<SignatureAlgorithm> = setOf(SignatureAlgorithm.ECDSAwithSHA256), signDeviceAuthDetached: SignCoseDetachedFun<ByteArray> = SignCoseDetached(keyMaterial, CoseHeaderNone(), CoseHeaderNone()), clock: Clock = Clock.System, clientId: String = "https://wallet.a-sit.at/", authorizationEndpoint: String = "openid4vp:", remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, requestObjectJwsVerifier: RequestObjectJwsVerifier = RequestObjectJwsVerifier { _ -> true }, walletNonceMapStore: MapStore<String, String> = DefaultMapStore(), randomSource: RandomSource = RandomSource.Secure, lookupJsonWebKeysForClient: (OpenId4VpHolder.JsonWebKeyLookupInput) -> JsonWebKeySet? = { null })

Combines Verifiable Presentations with OAuth 2.0. Implements OpenID4VP (1.0, 2025-07-09) as well as SIOP V2 (D13, 2023-11-28).

OpenId4VpRequestOptions

data class OpenId4VpRequestOptions(val credentials: Set<RequestOptionsCredential>, val presentationMechanism: PresentationMechanismEnum = PresentationMechanismEnum.PresentationExchange, val responseMode: OpenIdConstants.ResponseMode = OpenIdConstants.ResponseMode.Fragment, val responseUrl: String? = null, val responseType: String = VP_TOKEN, val state: String = uuid4().toString(), val encryption: Boolean = false, val transactionData: List<TransactionData>? = null, val expectedOrigins: List<String>? = null, val populateClientId: Boolean = true) : RequestOptions

OpenId4VpVerifier

class OpenId4VpVerifier(clientIdScheme: ClientIdScheme, keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), val verifier: Verifier = VerifierAgent(identifier = clientIdScheme.clientId), decryptionKeyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), decryptJwe: DecryptJweFun = DecryptJwe(decryptionKeyMaterial), signAuthnRequest: SignJwtFun<AuthenticationRequestParameters> = SignJwt(keyMaterial, JwsHeaderClientIdScheme(clientIdScheme)), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Set<SignatureAlgorithm> = setOf(SignatureAlgorithm.ECDSAwithSHA256), verifyCoseSignature: VerifyCoseSignatureWithKeyFun<ByteArray> = VerifyCoseSignatureWithKey(), timeLeewaySeconds: Long = 300, clock: Clock = Clock.System, nonceService: NonceService = DefaultNonceService(), stateToAuthnRequestStore: MapStore<String, AuthenticationRequestParameters> = DefaultMapStore(), supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM, supportedJweEncryptionAlgorithms: Set<JweEncryption> = JweEncryption.entries.toSet()) : AbstractMdocVerifier

Combines Verifiable Presentations with OAuth 2.0. Implements OpenID4VP (1.0, 2025-07-09) as well as SIOP V2 (D13, 2023-11-28).

PresentationExchangeMatchingResult

data class PresentationExchangeMatchingResult<Credential : Any>(val presentationRequest: CredentialPresentationRequest.PresentationExchangeRequest, val matchingInputDescriptorCredentials: Map<String, Map<Credential, Map<ConstraintField, NodeList>>>) : CredentialMatchingResult<Credential>

PresentationMechanismEnum

enum PresentationMechanismEnum : Enum<PresentationMechanismEnum>

RequestOptions

class ~~RequestOptions~~

RequestOptionsCredential

class ~~RequestOptionsCredential~~

RequestParser

class RequestParser(remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, requestObjectJwsVerifier: RequestObjectJwsVerifier = RequestObjectJwsVerifier { _: Any -> true }, buildRequestObjectParameters: suspend () -> RequestObjectParameters? = { null })

ResponseParser

class ResponseParser(decryptJwe: DecryptJweFun = DecryptJwe(EphemeralKeyWithoutCert()), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject())

Parses authentication responses for OpenId4VpVerifier

Functions

toOAuth2Error

fun Throwable.toOAuth2Error(request: RequestParametersFrom<*>): OAuth2Error

fun Throwable.toOAuth2Error(state: String?): OAuth2Error