JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 14
  • Score
    100M100P100Q50011F
  • License EPL-2.0

The Gaia-X OpenID Connect for Verifiable Credential Issuance library

Package Exports

  • @gaia-x/oidc4vc
  • @gaia-x/oidc4vc/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@gaia-x/oidc4vc) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Gaia-X - OpenID Connect for Verifiable Credential Issuance

The OIDC4VC library used in Gaia-X applications

Usage

npm install @gaia-x/oidc4vc
import { OIDC4VCIService, CredentialSupportedJwtVcJsonLdAndLdpVc, OIDC4VCIServiceOptions } from '@gaia-x/oidc4vc'
import { KeyLike } from 'jose'

const privateKey: KeyLike = [...]
const credentialsSupport: CredentialSupportedJwtVcJsonLdAndLdpVc[] = [...]
const options: OIDC4VCIServiceOptions = { baseUrl: 'http://localhost:3000' }
const oidcService = new OIDC4VCIService(privateKey, credentialsSupport, options)
// Then expose endpoints that proxy to the methods of the OIDC4VCIService

A full example implementation using NestJS is available through Gaia-X Lab Cloud Wallet

Limitations

  • Uses OpenID for Verifiable Credentials Issuance draft 11 for now
  • Pre-authorized flow only
  • PS256 only

COMMIT HOOKS

Flow

The following flow is provided.

sequenceDiagram
    participant H as Holder
    participant Wiz as Wizard
    participant W as Wallet
    participant I as Issuer

    H->>Wiz: Enters registration number
    Note over Wiz,I: /requestCredential
    Wiz->>I: Request registration number validation and signing
    I->>I: Create a new OIDC4VCI CredentialOffer
    I->>I: Verify and sign the VerifiableCredential
    I->>I: Store the VerifiableCredential linked to the CredentialOffer
    I->>Wiz: Responds with the CredentialOffer URI and PIN code
    Wiz->>Wiz: Convert the CredentialOffer URI to a QRCode
    Wiz->>H: Display the QRCode and PIN code

    H->>W: Scan the QRCode and enter the PIN code
    Note over W,I: /getCredentialOffer/:preAuthorizedCode
    W->>I: Request CredentialOffer
    I->>W:
    Note over W,I: /.well-known/openid-credential-issuer
    W->>I: Request Issuer metadata
    I->>W:
    W->>H: Ask Holder to choose the wanted VerifiableCredential(s)
    H->>W:
    Note over W,I: /token
    W->>I: Request an access token with the PIN code <br> and CredentialOffer's pre-authorized code
    I->>W:
    Note over W,I: /credential
    W->>I: Request the credential with the access token and proof(s)
    I->>W: The issued VerifiableCredential