-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: OIDC and ConnectionlessOffer examples (#294)
retroactively sign off on these commits: commit ba908b1 fix: e2e issues fix (#236) commit 9891707 fix: add missing files in package to clean rxdb vulnerabilities to fix e2e (#233) commit efb771d fix: create custom class to verify bitstring position more precisely. (#234) Signed-off-by: Javier Ribó [email protected]
- Loading branch information
Showing
6 changed files
with
215 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Edge SDK Connectionless Credential Offer | ||
|
||
## Flow | ||
1. Obtain a Connectionless Credential Offer from an Issuer. | ||
|
||
A Connectionless Credential Offer is an Out of Band Invitation with a Credential Offer Attachment. | ||
This should be a URI with a single query parameter `_oob`, which is an encoded JSON. | ||
It should look similar to: | ||
|
||
``` | ||
https://my.domain.com/path?_oob=eyJpZCI6ImY5NmUzNjk5LTU5MWMtNGFlNy1iNWU2LTZlZmU2ZDI2MjU1YiIsInR5cGUiOiJodHRwczovL2RpZGNvbW0ub3JnL291dC1vZi1iYW5kLzIuMC9pbnZpdGF0aW9uIiwiZnJvbSI6ImRpZDpwZWVyOjIuRXo2TFNmc0tNZTh2U1NXa1lkWkNwbjRZVmlQRVJmZEdBaGRMQUdIZ3gyTEdKd2ZtQS5WejZNa3B3MWtTYWJCTXprQTN2NTl0UUZuaDNGdGtLeTZ4TGhMeGQ5UzZCQW9hQmcyLlNleUowSWpvaVpHMGlMQ0p6SWpwN0luVnlhU0k2SW1oMGRIQTZMeTh4T1RJdU1UWTRMakV1TXpjNk9EQTRNQzlrYVdSamIyMXRJaXdpY2lJNlcxMHNJbUVpT2xzaVpHbGtZMjl0YlM5Mk1pSmRmWDAiLCJib2R5Ijp7ImdvYWxfY29kZSI6Imlzc3VlLXZjIiwiZ29hbCI6IlRlc3QgT09CIiwiYWNjZXB0IjpbImRpZGNvbW0vdjIiXX0sImNyZWF0ZWRfdGltZSI6MTcyNDg1MTEzOSwiZXhwaXJlc190aW1lIjo5OTI0ODUxNDM5LCJhdHRhY2htZW50cyI6W3siaWQiOiIwMGNkYzkwYy05YTk5LTRjZGEtODdmZS00ZjRiMjU5NTExMmEiLCJtZWRpYV90eXBlIjoiYXBwbGljYXRpb24vanNvbiIsImRhdGEiOnsianNvbiI6eyJpZCI6IjY1NWU5YTJjLTQ4ZWQtNDU5Yi1iM2RhLTZiMzY4NjY1NTU2NCIsInR5cGUiOiJodHRwczovL2RpZGNvbW0ub3JnL2lzc3VlLWNyZWRlbnRpYWwvMy4wL29mZmVyLWNyZWRlbnRpYWwiLCJib2R5Ijp7ImdvYWxfY29kZSI6Ik9mZmVyIENyZWRlbnRpYWwiLCJjcmVkZW50aWFsX3ByZXZpZXciOnsidHlwZSI6Imh0dHBzOi8vZGlkY29tbS5vcmcvaXNzdWUtY3JlZGVudGlhbC8zLjAvY3JlZGVudGlhbC1jcmVkZW50aWFsIiwiYm9keSI6eyJhdHRyaWJ1dGVzIjpbeyJuYW1lIjoiZmFtaWx5TmFtZSIsInZhbHVlIjoiV29uZGVybGFuZCJ9XX19fSwiYXR0YWNobWVudHMiOlt7ImlkIjoiODQwNDY3OGItOWEzNi00OTg5LWFmMWQtMGY0NDUzNDdlMGUzIiwibWVkaWFfdHlwZSI6ImFwcGxpY2F0aW9uL2pzb24iLCJkYXRhIjp7Impzb24iOnsib3B0aW9ucyI6eyJjaGFsbGVuZ2UiOiJhZDBmNDNhZC04NTM4LTQxZDQtOWNiOC0yMDk2N2JjNjg1YmMiLCJkb21haW4iOiJkb21haW4ifSwicHJlc2VudGF0aW9uX2RlZmluaXRpb24iOnsiaWQiOiI3NDhlZmE1OC0yYmNlLTQ0MGQtOTIxZi0yNTIwYTg0NDY2NjMiLCJpbnB1dF9kZXNjcmlwdG9ycyI6W10sImZvcm1hdCI6eyJqd3QiOnsiYWxnIjpbIkVTMjU2SyJdLCJwcm9vZl90eXBlIjpbXX19fX19LCJmb3JtYXQiOiJwcmlzbS9qd3QifV0sInRoaWQiOiJmOTZlMzY5OS01OTFjLTRhZTctYjVlNi02ZWZlNmQyNjI1NWIiLCJmcm9tIjoiZGlkOnBlZXI6Mi5FejZMU2ZzS01lOHZTU1drWWRaQ3BuNFlWaVBFUmZkR0FoZExBR0hneDJMR0p3Zm1BLlZ6Nk1rcHcxa1NhYkJNemtBM3Y1OXRRRm5oM0Z0a0t5NnhMaEx4ZDlTNkJBb2FCZzIuU2V5SjBJam9pWkcwaUxDSnpJanA3SW5WeWFTSTZJbWgwZEhBNkx5OHhPVEl1TVRZNExqRXVNemM2T0RBNE1DOWthV1JqYjIxdElpd2ljaUk2VzEwc0ltRWlPbHNpWkdsa1kyOXRiUzkyTWlKZGZYMCJ9fX1dfQ== | ||
``` | ||
|
||
|
||
2. Ensure the validity of the Invitation with `Agent.parseInvitation` | ||
|
||
`parseInvitation` decodes and validates the encoded Out of Band Invitation, plus attachments, returning an instance of `OutOfBandInvitation` on success. This OutOfBandInvitation will have a single Attachment for the Credential Offer. | ||
|
||
``` | ||
const oob = await Agent.parseInvitation(rawOob); | ||
``` | ||
|
||
3. Use `Agent.acceptInvitation` to handle the OutOfBandInvitation appropriately. | ||
In this case, with an attached Credential Offer, the Credential Offer Message will be stored in Pluto. | ||
|
||
``` | ||
await Agent.acceptInvitation(oob) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Edge SDK Connectionless Credential Offer | ||
|
||
## Flow | ||
1. Obtain a Connectionless Credential Offer from an Issuer. | ||
|
||
A Credential Offer should be a URI with a single query parameter `credential_offer`, which is an encoded JSON. | ||
It should look similar to: | ||
|
||
``` | ||
openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22http%3A%2F%2Flocalhost%3A8090%2Foid4vci%2Fissuers%2F59104e60-3bf1-4e38-be58-4a219acf561b%22%2C%22credential_configuration_ids%22%3A%5B%22Example%22%5D%2C%22grants%22%3A%7B%22authorization_code%22%3A%7B%22issuer_state%22%3A%22aa10127f-c27e-4130-a0ed-659e3e1ad6ae%22%7D%7D%7D | ||
``` | ||
|
||
|
||
2. Ensure the validity of the Offer with `Agent.parseCredentialOffer` | ||
|
||
`parseCredentialOffer` decodes and validates the encoded credential_offer returning the JSON on success. | ||
|
||
``` | ||
const offer = await Agent.parseCredentialOffer(rawOffer); | ||
``` | ||
|
||
3. Create an AuthorizationRequest with `Agent.resolveCredentialOffer` | ||
|
||
`resolveCredentialOffer` takes the parsed Offer, relevant client id and the desired redirect url, | ||
and constructs an AuthorizationRequest. This AuthorizationRequest contains a url that goes to the Authorization Server | ||
where the user can authorize the client to gain an access token. | ||
|
||
``` | ||
const authRequest = await Agent.resolveCredentialOffer(offer, CLIENT_ID, REDIRECT_URL); | ||
const urlString = authRequest.url.href; | ||
``` | ||
|
||
4. Retrieve the Credential with `Agent.resolveCredentialRequest` | ||
|
||
After successfully authorizing, the user will be redirected to the given redirect url. | ||
Once there we use the full URL plus query parameters, the Offer and the AuthorizationRequest | ||
to gain an access token and request the Credential (these steps are handled by `resolveCredentialRequest`). | ||
|
||
``` | ||
const credential = await oidcAgent.resolveCredentialRequest(offer, authRequest, { callbackUrl: url }); | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters