For Verifiable Presentation
Below is a list of endpoints that assist a Holder wallet and a Verifier to participate in the OpenID for Verifiable Presentations protocol. Built on top of OAuth 2.0, it allows a client (wallet) to present claims in the form of W3C Verifiable Credentials. Currently, credentials and presentations in JWT format (vc-jwt, vp-jwt) are supported.
The endpoints provided are to support the following high-level verification flow:
The flow centres around the creation and exchange of a Request and a Response object, by the Verifier and Holder (wallet) respectively. The endpoints are categorised under these two headings.
Organisations (Verifiers) and users (Holders) in a verification flow using the OpenID Connect protocol.
Creation of a presentation request.
Endpoint
POST /oidc/presentations/requests
Request
- Organisation (header, optional)
- Name – Title string
- Description – Explains the purpose for which the request is created
- Verifier
- Name
- Expiration Date – Timestamp the request token expires
- Redirect Base URI
Response
The presentation request object that includes an unsigned JWT. The client calling this endpoint (e.g. verifier system) is responsible for adding the signature.
Update an existing presentation request by ID.
One of the options is to use the platform to host the (signed) request (see here). The request parameters can't be updated, only the signed request JWT.
Endpoint
PUT /oidc/presentations/requests/{id}
Request
- Request ID
- Organisation (header, optional)
- Signed request JWT
Response
The updated presentation request object.
A public endpoint that returns the (signed) presentation request JWT.
Endpoint
GET /oidc/presentations/requests/{id}/jwt
Request
- Request ID
Response
Signed presentation request JWT token.
Verification of the SIOP token. The steps performed during this verification are:
- 1.Resolve Verifier DID
- 2.Verify request signature
- 3.Extract the presentation definition URI
- Verify presentation definition structure
Endpoint
POST /oidc/presentations/requests/verify
Request
- Signed presentation request JWT
Responses
The result of the verification, either true or false.
Generate id_token for request submission based on the wallet information and the verifiable presentation token.
Endpoint
POST /oidc/presentations/token
Request
- Presentation Request JWT
Response
The presentation response object that includes two unsigned JWTs,
id_token
and vp_token
. The client calling this endpoint (e.g. Holder wallet) is responsible for adding the signatures for each token.Verify the presentation response to a given request. The steps performed are:
- 1.Verify ID Token
- 2.Verify VP Token
- 3.Verify if the response is valid for the given request, i.e. if it matches the presentation definition from the request
Endpoint
POST /oidc/presentations/response/verify
Request
- Presentation Request JWT
- Signed ID Token
- Signed VP Token
Response
The result of the verification, either true or false. In case of false, all errors are provided, with an explanation.
Last modified 20d ago