Current Credential Offer Example 1 - preauth + tx_code
{
"credential_issuer": "https://credential-issuer.example.com",
"credential_configuration_ids": [
"UniversityDegreeCredential",
"org.iso.18013.5.1.mDL"
],
"grants": {
"urn:ietf:params:oauth:grant-type:pre-authorized_code": {
"pre-authorized_code": "oaKazRN8I0IbtZ0C7JuMn5",
"tx_code": {
"length": 4,
"input_mode": "numeric",
"description": "Please provide the one-time code that was sent via e-mail"
}
}
}
}
Current Credential Offer Example 2 - auth code flow
{
"Credential_issuer": "https://credential-issuer.example.com",
"credential_configuration_ids": [
"UniversityDegreeCredential"
],
"grants": {
"authorization_code": {
"issuer_state": "eyJhbGciOiJSU0Et...FYUaBy"
}
}
}
Current Credential Offer Example 3 - pre auth code
{
"credential_issuer": "https://credential-issuer.example.com",
"credential_configuration_ids": [
"UniversityDegree_LDP_VC"
],
"grants": {
"urn:ietf:params:oauth:grant-type:pre-authorized_code": {
"pre-authorized_code": "adhjhdjajkdkhjhdj",
"tx_code": {}
}
}
}
Credential Metadata
{
"credential_configurations_supported": {
"UniversityDegreeCredential": {
"format": "jwt_vc_json",
"scope": "UniversityDegree",
"cryptographic_binding_methods_supported": [
"did:example"
],
"credential_signing_alg_values_supported": [
"ES256"
],
"credential_definition": {
"type": [
"VerifiableCredential",
"UniversityDegreeCredential"
],
"credentialSubject": {
"given_name": {
"display": [
{ "name": "Given Name", "locale": "en-US" }
]
},
"degree": {}
}
},
"proof_types_supported": {
"jwt": {
"proof_signing_alg_values_supported": [ "ES256" ]
}
},
"display": [
{
"name": "University Credential",
"locale": "en-US",
"logo": { "uri": "https://university.example.edu/public/logo.png" },
"background_color": "#12107c",
"text_color": "#FFFFFF"
}
]
}
}
}
Question: Issuance over Browser API
Wallet cannot fetch anything from network before the user decides which wallet will store credential
What else does the wallet need to know to decide if it can handle the credential or not?
Proposals from IIW session
Add 2 optional parameters into credential offer and pass all metadata by value
Should be pick which metadata to pick? Suggest passing it all as the ‘lazy’ and/or ‘future proof’ option.
May need to do some checks on the web origin to avoid pre-authorized code being passed to wrong wallet and potentially stolen & used by attacker?
Proposed Credential Offer Example 2 - auth code flow
{
"Credential_issuer": "https://credential-issuer.example.com",
"credential_configuration_ids": [
"UniversityDegreeCredential"
],
"grants": {
"authorization_code": {
"issuer_state": "eyJhbGciOiJSU0Et...FYUaBy"
}
},
"issuer_metadata": { entire JSON },
"Authorization_server_metadata”: { entire JSON }
}
Issuance response (didn’t talk about this at IIW)
OID4VCI currently has not direct response
Optional API that issuer can provide that the wallet can call for:
Do we need a response in browser API? If so what should be in it?
Notification example
POST /notification HTTP/1.1
Host: server.example.com
Content-Type: application/json
Authorization: Bearer czZCaGRSa3F0MzpnWDFmQmF0M2JW
{
"notification_id": "3fwe98js",
"event": "credential_failure",
"event_description": "Could not store the Credential. Out of storage."
}