@gaia-x/oidc4vc
v1.2.0
Published
The Gaia-X OpenID Connect for Verifiable Credential Issuance library
Downloads
95
Readme
Gaia-X - OpenID Connect for Verifiable Credential Issuance
The OIDC4VC library used in Gaia-X applications
Usage
npm install @gaia-x/oidc4vc
import { OIDC4VCIService, CredentialSupportedJwtVcJsonLdAndLdpVc, OIDC4VCIServiceOptions } from '@gaia-x/oidc4vc'
import { KeyLike } from 'jose'
const privateKey: KeyLike = [...]
const credentialsSupport: CredentialSupportedJwtVcJsonLdAndLdpVc[] = [...]
const options: OIDC4VCIServiceOptions = { baseUrl: 'http://localhost:3000' }
const oidcService = new OIDC4VCIService(privateKey, credentialsSupport, options)
// Then expose endpoints that proxy to the methods of the OIDC4VCIService
A full example implementation using NestJS is available through Gaia-X Lab Cloud Wallet
Limitations
- Uses OpenID for Verifiable Credentials Issuance draft 11 for now
- Pre-authorized flow only
- PS256 only
COMMIT HOOKS
Flow
The following flow is provided.
sequenceDiagram
participant H as Holder
participant Wiz as Wizard
participant W as Wallet
participant I as Issuer
H->>Wiz: Enters registration number
Note over Wiz,I: /requestCredential
Wiz->>I: Request registration number validation and signing
I->>I: Create a new OIDC4VCI CredentialOffer
I->>I: Verify and sign the VerifiableCredential
I->>I: Store the VerifiableCredential linked to the CredentialOffer
I->>Wiz: Responds with the CredentialOffer URI and PIN code
Wiz->>Wiz: Convert the CredentialOffer URI to a QRCode
Wiz->>H: Display the QRCode and PIN code
H->>W: Scan the QRCode and enter the PIN code
Note over W,I: /getCredentialOffer/:preAuthorizedCode
W->>I: Request CredentialOffer
I->>W:
Note over W,I: /.well-known/openid-credential-issuer
W->>I: Request Issuer metadata
I->>W:
W->>H: Ask Holder to choose the wanted VerifiableCredential(s)
H->>W:
Note over W,I: /token
W->>I: Request an access token with the PIN code <br> and CredentialOffer's pre-authorized code
I->>W:
Note over W,I: /credential
W->>I: Request the credential with the access token and proof(s)
I->>W: The issued VerifiableCredential