Package-level declarations
Functions
GET request to obtain the list of unexpired issuance sessions on this server in JSON format.
GET request to obtain information on a particular issuance session including all unexpired credentials issued in this session.
POST request to change the status of the given credential.
Serves "OAuth 2.0 for First-Party Applications" workflow.
Handle user's authorization and redirect to finish_authorization endpoint.
Issues a credential based on DPoP authentication with access token.
Generates request for Digital Credential for the browser-based authorization workflow.
Finish web-based authorization and hand off the session back to the Wallet App (or Wallet Server).
Handles presentation-during-issuance OpenId4VP response from the wallet/client.
Server-to-server RPC that System of Record can call to create pre-authorized offers at this issuance server.
Pushed Authorization Request, which is the first request to be sent to our OpenID4VCI server if authorize challenge path is not used. In theory, other, simpler (and less secure) forms of client authorization are possible, but our implementation requires Pushed Authorization Request.
GET request that displays signing certificate for a given credential id in pem format.
Takes control over authentication session after web-based user authentication. This is a counterpart of the pushedAuthorizationRequest. It checks that (1) hash of code_verifier supplied here matches code_challenge supplied to push authorization, (2) performs DPoP authorization using the key established in push authorization. Once all the checks are done it issues access token that can be used to request a credential and possibly a refresh token that can be used to request more access tokens.
Ensures the client supplied valid "issuance_auth" cookie.
Generates .well-known/oauth-authorization-server metadata file.
Generates .well-known/openid-credential-issuer metadata file.