Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Authorization Code Flow 1a for JWT in the OID4VCI protocol in the Kotlin SDK #211

Open
yshyn-iohk opened this issue Oct 22, 2024 · 0 comments

Comments

@yshyn-iohk
Copy link
Member

yshyn-iohk commented Oct 22, 2024

Proposed feature

The SDK should support the Authorization Code Flow 1a the Wallet-Initiated Issuance after Installation

Feature description

Story

(1a) The Wallet-initiated flow begins as the End-User requests a Credential via the Wallet from the Credential Issuer. The End-User either selects a Credential from a pre-configured list of Credentials ready to be issued, or alternatively, the Wallet gives guidance to the End-User to select a Credential from a Credential Issuer based on the information it received in the presentation request from a Verifier.

An End-User comes across a Verifier app that is requesting the End-User to present a Credential, e.g., a driving license. The Wallet determines the requested Credential type(s) from the presentation request and notifies the End-User that there is currently no matching Credential in the Wallet. The Wallet selects a Credential Issuer capable of issuing the missing Credential and, upon End-User consent, sends the End-User to the Credential Issuer's End-User experience (Web site or app). Once authenticated and consent is provided for the issuance of the Credential into the Wallet, the End-User is redirected back to the Wallet. The Wallet informs the End-User that Credential was successfully issued into the Wallet and is ready to be presented to the Verifier app that originally requested presentation of that Credential.

Use case
Given the OID4VCI issuer is configured in the cloud-agent and the account for the user is created in the AIM (Keycloak)
And the edge agent SDK knows the CredentialIssuerMetadata endpoint
Then the edge agent fetches the metadata
And selects the credential for the issuance
And sends the Authorization Request to the OIDC Credential Issuer (cloud-agent)
Then the cloud-agent receives the Authorization Request
And replies with the redirect to the authentication web page
Then the user of the edge agent gets authenticated and receives the code
And the edge-agent exchange the code to the token
And the edge-agent make the Credential Request to the cloud-agent
Then the cloud-agent issues the requested VC

@yshyn-iohk yshyn-iohk changed the title ddd Support Authorization Code Flow 1a for JWT in the OID4VCI protocol in the Kotlin SDK Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant