Skip to content

Support Authorization Code Flow 1a for JWT in the OID4VCI protocol in the Swift SDK #175

New issue
New issue
Open
Open
Support Authorization Code Flow 1a for JWT in the OID4VCI protocol in the Swift SDK#175
Labels
questionFurther information is requested
@yshyn-iohk

Description

@yshyn-iohk
yshyn-iohk
opened on Oct 22, 2024

Proposed feature

The SDK should support the Authorization Code Flow 1a the Wallet-Initiated Issuance after Installation

Feature description

Story

(1a) The Wallet-initiated flow begins as the End-User requests a Credential via the Wallet from the Credential Issuer. The End-User either selects a Credential from a pre-configured list of Credentials ready to be issued, or alternatively, the Wallet gives guidance to the End-User to select a Credential from a Credential Issuer based on the information it received in the presentation request from a Verifier.

An End-User comes across a Verifier app that is requesting the End-User to present a Credential, e.g., a driving license. The Wallet determines the requested Credential type(s) from the presentation request and notifies the End-User that there is currently no matching Credential in the Wallet. The Wallet selects a Credential Issuer capable of issuing the missing Credential and, upon End-User consent, sends the End-User to the Credential Issuer's End-User experience (Web site or app). Once authenticated and consent is provided for the issuance of the Credential into the Wallet, the End-User is redirected back to the Wallet. The Wallet informs the End-User that Credential was successfully issued into the Wallet and is ready to be presented to the Verifier app that originally requested presentation of that Credential.

Use case

Given the OID4VCI issuer is configured in the cloud-agent and the account for the user is created in the AIM (Keycloak)
And the edge agent SDK knows the CredentialIssuerMetadata endpoint
Then the edge agent fetches the metadata
And selects the credential for the issuance
And sends the Authorization Request to the OIDC Credential Issuer (cloud-agent)
Then the cloud-agent receives the Authorization Request
And replies with the redirect to the authentication web page
Then the user of the edge agent gets authenticated and receives the code
And the edge-agent exchange the code to the token
And the edge-agent make the Credential Request to the cloud-agent
Then the cloud-agent issues the requested VC

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions