# Dentity : OIDC Verification Dentity has the following requirements for their verification uses - Login with SMS - Verification Types - Possession of credential - Sharing credential details [Recorded video from meeting](https://grain.com/app/editor-invite/recording/efd27a9e-d226-44cf-9f01-750840153d16?token=NMxRRamIReZerG9hsmCf3raiDufCPZVtxFe8gd3D&referrer_id=33fd7c5f-b42a-4677-af1a-8ed8973d25ee) ## Login with SMS Wallet holders should be able to login using their SMS as MFA provider. It is OK if this is only enabled only for US/Canada customers #### Required Work - **[feature]** Support SMS login - **[server]** Integration with Twilio - `AccountService.SignIn` support for SMS - `WalletService.Send` support for SMS - (optional) Add support for SMS in addition to Email associated with existing wallet - (optional) Allow multiple emails or SMS associated with a wallet - (optional) Support updating organization/wallet name - (optional) Notify users by SMS or Email that they have received a new item/credential - **[UI]** Twilio templates for Email notifications - **[UX]** Twilio templates for SMS notifications ## Verification Types Dentity has identified 2 verification workflows: ### Possession of credential Verify if holder has credential, but don't reveal any subject details. This can be implemented by creating a proof that doesn't reveal anything in the `credentialSubject` field, but does reveal issuer, revocation status, schema, etc. ### Sharing credential details Verify credential by revealing subject details with selective disclosure option. This can be implemented by creating a proof that asks the user to select which fields in the `credentialSubject` they want revealed. #### Required Work - OIDC Service - **[authorize endpoint]** Support specifying required subject fields disclosure (any, none, etc) - **[authorize endpoint]** Support selection of credentials by issuer (only supports template now) - **[authorize endpoint]** Support UI hinting for login (sms, email, both, default, etc) - Create proof reveal frame based on input parameters and field selections - Support/verify organization names upon registration (this is already in) - OIDC Web - Login with SMS screen - (optional) If UI hinting not specified, present screen for login with Email or SMS - Credentail request screen for use case 1 (no field selection) - Credentail request screen for use case 2, select credential and fields to disclose - (optional) Support branding - this can be very simple to start with, by specifying logo and accent color, but it does require server endpoint and sdk support ### Questions - What are the timelines for us to give to dentity? #### OIDC Verifier Sample - Setup the verifier ecosystem (in DEV environment) - Create new ecosystem - Create a sample template for a credential (citizenship card, vaccination, event ticket) - Issue a credential to person with email A - Setup a JS based example - Integrate OIDC4VP flow using the ecosystem and template created above - Should be pure client application, no backend - Using the oidc ts library As a user, I will arrive at verifier web site, and be able to present my credential in order to perform an action Action = Login with Citizenship Card `trinsic-id/server` will have `server` in `oidc-app-service` sample client in `client` folder