Class OID4VCIssuerEndpoint
java.lang.Object
org.keycloak.protocol.oid4vc.issuance.OID4VCIssuerEndpoint
Provides the (REST-)endpoints required for the OID4VCI protocol.
- Author:
- Stefan Wiedemann
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringPrefix for session note keys that store authorization details claims.static final StringSession note key for storing credential configuration IDs from credential offer.static final StringPrefix for session note keys that store the mapping between credential identifiers and configuration IDs.static final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final String -
Constructor Summary
ConstructorsConstructorDescriptionOID4VCIssuerEndpoint(KeycloakSession keycloakSession) OID4VCIssuerEndpoint(KeycloakSession session, Map<String, CredentialBuilder> credentialBuilders, AppAuthManager.BearerTokenAuthenticator authenticator, TimeProvider timeProvider, int preAuthorizedCodeLifeSpan) -
Method Summary
Modifier and TypeMethodDescriptionjakarta.ws.rs.core.Responsethe OpenId4VCI nonce-endpointjakarta.ws.rs.core.ResponsegetCredentialOffer(String sessionCode) Provides an OID4VCI compliant credential offerjakarta.ws.rs.core.ResponsegetCredentialOfferURI(String vcId, OfferUriType type, int width, int height) Provides the URI to the OID4VCI compliant credentials offerjakarta.ws.rs.core.ResponserequestCredential(String requestPayload) Returns a verifiable credential
-
Field Details
-
CREDENTIAL_CONFIGURATION_IDS_NOTE
Session note key for storing credential configuration IDs from credential offer. This allows the authorization details processor to easily retrieve the configuration IDs without having to search through all session notes or parse the full credential offer.- See Also:
-
CREDENTIAL_IDENTIFIER_PREFIX
Prefix for session note keys that store the mapping between credential identifiers and configuration IDs. This is used to store mappings generated during authorization details processing.- See Also:
-
AUTHORIZATION_DETAILS_CLAIMS_PREFIX
Prefix for session note keys that store authorization details claims. This is used to store claims from authorization details for later use during credential issuance.- See Also:
-
DEFLATE_COMPRESSION
- See Also:
-
NONCE_PATH
- See Also:
-
CREDENTIAL_PATH
- See Also:
-
CREDENTIAL_OFFER_PATH
- See Also:
-
RESPONSE_TYPE_IMG_PNG
- See Also:
-
CREDENTIAL_OFFER_URI_CODE_SCOPE
- See Also:
-
-
Constructor Details
-
OID4VCIssuerEndpoint
public OID4VCIssuerEndpoint(KeycloakSession session, Map<String, CredentialBuilder> credentialBuilders, AppAuthManager.BearerTokenAuthenticator authenticator, TimeProvider timeProvider, int preAuthorizedCodeLifeSpan) -
OID4VCIssuerEndpoint
-
-
Method Details
-
getCNonce
@POST @Produces("application/json") @Path("nonce") public jakarta.ws.rs.core.Response getCNonce()the OpenId4VCI nonce-endpoint- Returns:
- a short-lived c_nonce value that must be presented in key-bound proofs at the credential endpoint.
-
getCredentialOfferURI
@GET @Produces({"application/json","image/png"}) @Path("credential-offer-uri") public jakarta.ws.rs.core.Response getCredentialOfferURI(@QueryParam("credential_configuration_id") String vcId, @QueryParam("type") @DefaultValue("uri") OfferUriType type, @QueryParam("width") @DefaultValue("200") int width, @QueryParam("height") @DefaultValue("200") int height) Provides the URI to the OID4VCI compliant credentials offer -
getCredentialOffer
@GET @Produces("application/json") @Path("credential-offer/{sessionCode}") public jakarta.ws.rs.core.Response getCredentialOffer(@PathParam("sessionCode") String sessionCode) Provides an OID4VCI compliant credential offer -
requestCredential
@POST @Consumes({"application/json","application/jwt"}) @Produces({"application/json","application/jwt"}) @Path("credential") public jakarta.ws.rs.core.Response requestCredential(String requestPayload) Returns a verifiable credential
-