SVX Documentation
HomepageAPISDK
Current
Current
  • Docs
  • Concepts
    • Digital Identity and Why It's Important
    • Digital Wallets
    • Ecosystems
    • Information Security
    • Personal Data & Attributes
    • Privacy- and Security-by-design
    • Secure Data Storage
    • Selective Disclosure / ZKP
    • Tokens and Tokenisation
    • Verifiable Credentials
    • Terminology
  • Platform
    • Secure Value Exchange
    • Authorisation, Tenant & Organisation Manager (ATOM)
    • Credential Service
    • Decentralised Identifiers (DIDs)
    • Keys
    • Tenants, Organisations, and End-Users
    • Vault
      • Enterprise Vault
    • Portal
    • Supported Standards
  • Guides
    • Onboarding to SVX
    • API Guides
      • Credentials
        • Credential Schemas
        • Credential Types
        • Issue Credentials
        • Presentation Definitions
        • Presentations
      • DIDs
        • DID Resolver
        • DID Registrar
        • DID Methods
          • did:key
          • did:web
          • did:ebsi
          • did:indy
        • DID Controller Keypair
      • OpenID Connect
        • For Verifiable Presentation
      • Users
        • Inviting End-Users
        • Authenticating End-Users
      • Vault
        • Items and Slots
        • Connections and Sharing
        • Classification Hierarchies
        • Attachments
        • On-sharing & Client Tasks
        • Account Delegation
      • Machine-2-Machine Communication
    • Portal Tutorials
      • Tenant Administrators
        • Onboard to a Tenancy
        • Dashboard and Navigation
        • Manage Tenancy
        • Manage Tenant Administrators
        • Manage Organisations
        • Manage Organisation Administrators
        • Credential Schemas
        • Applications
        • End Users
      • Organisation Administrators
        • Manage Organisation
        • Onboarding and Organisation Setup
        • Dashboard and Navigation
        • Manage Organisation Administrators
        • Credential Templates
        • View Credentials
        • Verification Templates
        • Verification Requests
        • Connections
        • Applications
    • Wallet Tutorials
      • Wallet Set Up
      • Provider Registration
      • Organisation Configuration
      • Credentials
      • Requests
      • Security
      • Wallet Recovery
  • Tools
    • Meeco SDK & CLI
    • Cryppo SDK & CLI
  • Releases
    • 2.1.1
    • 2.1.0
    • 2.0.0
    • 1.4.3
    • 1.4.2
    • 1.4.1
    • 1.4.0
    • 1.3.8
    • 1.3.7
    • 1.3.6
    • 1.3.5
    • 1.3.4
    • 1.3.3
    • 1.3.2
    • 1.3.0
    • 1.2.5
    • 1.2.4
    • 1.2.3
    • 1.2.2
    • 1.2.1
    • 1.2.0
    • 1.1.0
    • 1.0.0
    • Legacy API-of-Me
  • Policies
    • Privacy
    • Developer Policy
Powered by GitBook
On this page
  • Prerequisites
  • Who can undertake this operation?
  • Request
  • Create Presentation Requests
  • Update Presentation Request
  • Read Presentation Request JWT
  • Verify Presentation Request
  • Response
  • Create Presentation Response
  • Verify Presentation Response
  • Detailed Sequence Diagram of the Flow (API integration)

Was this helpful?

Edit on GitHub
  1. Guides
  2. API Guides
  3. OpenID Connect

For Verifiable Presentation

Last updated 1 year ago

Was this helpful?

Below is a list of endpoints that assist a Holder wallet and a Verifier to participate in the protocol. Built on top of OAuth 2.0, it allows a client (wallet) to present claims in the form of . Currently, credentials and presentations in JWT format (vc-jwt, vp-jwt) are supported.

The endpoints provided are to support the following high-level verification flow:

The flow centres around the creation and exchange of a Request and a Response object, by the Verifier and Holder (wallet) respectively. The endpoints are categorised under these two headings.

Prerequisites

Who can undertake this operation?

Organisations (Verifiers) and users (Holders) in a verification flow using the OpenID Connect protocol.

Request

List of endpoints to help create and verify the part of the verification flow.

Create Presentation Requests

Creation of a presentation request.

Endpoint

POST /oidc/presentations/requests

Request

  • Organisation (header, optional)

  • Name – Title string

  • Description – Explains the purpose for which the request is created

  • Verifier

    • Name

  • Expiration Date – Timestamp the request token expires

  • Redirect Base URI

Response

The presentation request object that includes an unsigned JWT. The client calling this endpoint (e.g. verifier system) is responsible for adding the signature.

Update Presentation Request

Update an existing presentation request by ID.

Endpoint

PUT /oidc/presentations/requests/{id}

Request

  • Request ID

  • Organisation (header, optional)

  • Signed request JWT

Response

The updated presentation request object.

Read Presentation Request JWT

A public endpoint that returns the (signed) presentation request JWT.

Endpoint

GET /oidc/presentations/requests/{id}/jwt

Request

  • Request ID

Response

Signed presentation request JWT token.

Verify Presentation Request

Verification of the SIOP token. The steps performed during this verification are:

  1. Resolve Verifier DID

  2. Verify request signature

  3. Extract the presentation definition URI

    • Verify presentation definition structure

Endpoint

POST /oidc/presentations/requests/verify

Request

  • Signed presentation request JWT

Responses

The result of the verification, either true or false.

Response

Create Presentation Response

Generate id_token for request submission based on the wallet information and the verifiable presentation token.

Endpoint

POST /oidc/presentations/token

Request

  • Presentation Request JWT

Response

The presentation response object that includes two unsigned JWTs, id_token and vp_token. The client calling this endpoint (e.g. Holder wallet) is responsible for adding the signatures for each token.

Verify Presentation Response

Verify the presentation response to a given request. The steps performed are:

  1. Verify ID Token

  2. Verify VP Token

  3. Verify if the response is valid for the given request, i.e. if it matches the presentation definition from the request

Endpoint

POST /oidc/presentations/response/verify

Request

  • Presentation Request JWT

  • Signed ID Token

  • Signed VP Token

Response

The result of the verification, either true or false. In case of false, all errors are provided, with an explanation.

Detailed Sequence Diagram of the Flow (API integration)

One of the options is to use the platform to host the (signed) request (see ). The request parameters can't be updated, only the signed request JWT.

List of endpoints to help create and verify the part of the verification flow.

DID
Presentation Definition
Response
Verify presentation
here
OpenID for Verifiable Presentations
W3C Verifiable Credentials
DID
Presentation
Request