OIDC4VCI - HackMD

# OIDC4VCI in IM4DEC #### Links * Wallet: https://github.com/Sphereon-Opensource * ssi-mobile-wallet: https://github.com/OwnYourData/ssi-mobile-wallet * Veramo: https://github.com/OwnYourData/veramo * Open ID Specs: https://openid.net/developers/specs/ * OpenID for VC Issuance : https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html * Sphereon Example: https://github.com/Sphereon-Opensource/OID4VC-demo * check: [Pre-authorized Code Flow](https://github.com/Sphereon-Opensource/OID4VCI#pre-authorized-code-flow) * sample QR: https://ssi.sphereon.com/demo/issuer/#/credentials/verify/request * Walt-ID Example: https://github.com/walt-id/waltid-openid4vc#examples * Ruby Gem with code samples: https://github.com/jwt/ruby-jwt * Useful Tools * Base64 decoding: https://www.base64decode.org/ * URL encoding: https://www.url-encode-decode.com/ * JWT decoding: https://jwt.io/ * Uniresolver: https://dev.uniresolver.io/ * Specs * Multibase: https://github.com/multiformats/multibase * Multihash: https://github.com/multiformats/multihash * Multicodec: https://github.com/sleeplessbyte/ruby-multicodec ([table](https://github.com/SleeplessByte/ruby-multicodec/blob/master/lib/table.csv)) ## OIDC4VP #### Links * Example (outdated): https://dutchblockchaincoalition.org/en/userlogin * OpenID Specs: https://openid.net/wg/connect/specifications/ * Spec SIOPv2: https://openid.net/specs/openid-connect-self-issued-v2-1_0.html#name-self-issued-openid-provider-a (check Chap 9 for Auth Request) * Spec OID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html * Spec OID4VCI: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html * Sphereon Sample Code: https://github.com/Sphereon-Opensource/SIOP-OID4VP/tree/develop/test ``` openid-vc://?request_uri=https%3A%2F%2Fssi.dutchblockchaincoalition.org%2Fagent%2Fsiop%2Fdefinitions%2Fdbc2023%2Fauth-requests%2F0aec1dab-1c88-4131-9896-6aa15ddedb3e ``` ## OIDC4VC* Basic Information #### Tasks - [x] setup app that acts as issuer https://wallet-start.data-container.net/welcome - [x] implement JWT to establish handshake with Sphereon Wallet - [x] implement transferring credential from issuer to wallet - [x] commit changes in Veramo and Sphereon Wallet to Github - [ ] check with Mario if he can reproduce creating a credential ### Identity of Issuer * DID: [`did:oyd:zQmX7WYhQCdHcdzfCLRj9tAUgRYar6pqAf2GXS7NQfoX6aE`](https://dev.uniresolver.io/#did:oyd:zQmX7WYhQCdHcdzfCLRj9tAUgRYar6pqAf2GXS7NQfoX6aE) * command: ```bash= echo '' | oydid create --doc-pwd oydpwd --rev-pwd oydrev \ --authentication --x25519-keyAgreement -z 1 ``` ### Credential Structure the DEC112Credential with ID Austria identity and SIP credentials is a JWT, and has the following structure in the decoded form: * `id_austria`: encrypted with the public key of the older -> decrypt with private key in wallet * `sip_credentials`: encrypted with the public key of the older -> decrypt with private key in wallet ```json= { "vc": { "@context": [ "https://www.w3.org/2018/credentials/v1" ], "type": [ "VerifiableCredential", "DEC112Credential" ], "issuer": "did:oyd:zQmX7WYhQCdHcdzfCLRj9tAUgRYar6pqAf2GXS7NQfoX6aE", "issuanceDate": "2023-11-26T11:50:08Z", "credentialSubject": { "id": "did:oyd:zQmaUxLCQp37ci2hqR63Vr2SqRtpLDAbhbGE47CJjRMQcL7", "id_austria": { "value": "6eda6af296...b1", "nonce": "a17f3019a3763f1c33dd7e8a736894b1cf67199bb17f9557" }, "sip_credentials": { "value": "82a8410b94...fb", "nonce": "f3303a40eaaaf8670dcc3422cc32132aa896dc85ce1c078d" } }, "proof": { "type": "Ed25519Signature2020", "verificationMethod": "did:oyd:zQmX7WYhQCdHcdzfCLRj9tAUgRYar6pqAf2GXS7NQfoX6aE", "proofPurpose": "assertionMethod", "proofValue": "z4iDnhb7JUXR6tfye4DzQZZqktCabkMpX8oVQm3sC4KoJMwhsRHEJPiFYWsJ18vbEzw8TCUisfbZCtD7APk8MzJLB" }, "identifier": "zQmdMEab6oRtXf56h9ZxKpFhM8KBHjisKP4MPucfRYRKzMy", "expirationDate": "2024-02-26T11:50:08Z" }, "iss": "did:oyd:zQmX7WYhQCdHcdzfCLRj9tAUgRYar6pqAf2GXS7NQfoX6aE", "nbf": 1700999408, "exp": 1708948208, "jti": "zQmdMEab6oRtXf56h9ZxKpFhM8KBHjisKP4MPucfRYRKzMy", "sub": "did:oyd:zQmaUxLCQp37ci2hqR63Vr2SqRtpLDAbhbGE47CJjRMQcL7" } ```