Authorization Code Flow

# Authorization Code Flow ```plantuml actor User as U box Wallet participant "Wallet" as W end box participant "Issuer\nWeb App" as Iss box Authorization Server participant "Authorization Endpoint" as AE participant "Token Endpoint" as TE end box box Credential Issuer participant "Credential Endpoint" as CI end box hide footbox Iss -> Iss: 1. generate QR code. W -> Iss: 2. scan QR code. W -> CI: 3. obtains Credential Issuer's metadata W-> AE: 4. obtains Authorization Server's metadata group obtaining Access Token\nvalid for the Issuance of a specific Credential W -> AE: 5. Authorization Request\nw/ scope indicating a credential-requested-be-issued note over AE: 6. User identification/authentication\ncould be different IAL return 7. code W -> TE: 8. Token Request return 9. Access Token valid for the issuance of a certain credential end group Credential Issuance W -> CI: 10. Credential Request w/Access Token and a proof\nthat the user controls the key material that the issued Credential will be bound to. CI -> W: 11. Issues Verifiable Credential, bound to a key material presented in step 10 end ``` # Pre-Authorized Code Flow ```plantuml actor User as U box Wallet participant "Wallet" as W end box participant "Issuer\nWeb App" as Iss box Authorization Endpoint participant "Token Endpoint" as TE end box box Credential Issuer participant "Credential Endpoint" as CI end box hide footbox U -> Iss: 1. User identification/authentication\n(data upload using (selfie, etc.)\ncould be different IAL Iss -> CI: 2. uploads the data return 3. pre-authorized code Iss -> Iss: 4. generate QR code\nwith pre-authorized code. W -> Iss: 5. scan QR code. W -> CI: 6. obtains Credential Issuer's metadata W-> TE: 7. obtains Authorization Server's metadata group obtaining Access Token\nvalid for the Issuance of a specific Credential W -> TE: 8. Token Request with pre-authorized code return 9. Access Token valid for the issuance of a certain credential end group Credential Issuance (same steps as authorization code flow) W -> CI: 10. Credential Request w/Access Token and a proof\nthat the user controls the key material that the issued Credential will be bound to. CI -> W: 11. Issues Verifiable Credential, bound to a key material presented in step 10 end ```