Claims

Claim specific credential. User has to pass authorization token in header and data in request body. authorization header has to contain Bearer and token returned from previous token endpoint. In request body user has to pass types array with type of credential being claimed, format string with format of the credential, and proof object with proof_type string and jwt string. proof_type is a string that represents the type of the proof, which is in our case jwt. jwt is a string that represents the JWT token which is generated by wallet and acts as a proof of posession JWT. If successful, the server returns an object with credential, format, c_nonce and c_nonce_expires_in properties. credential is a string that represents the JWT token which contains all the details about the claimed credential. format is a string that represents the format of the credential. c_nonce is a string that represents c-nonce and c_nonce_expires_in is a number that represents the expiration time of the c-nonce in seconds.

Before claiming the credential, the user has to get an access token. This endpoint facilitates the retrieval of an access token with the provided client_id, grant_type and pre-authorized_code. The client_id is a string that represents the client ID. The grant_type is a string that represents the grant type, which is in our case urn:ietf:params:oauth:grant-type:pre-authorized_code. The pre-authorized_code is a string that represents the pre-authorized code, which is generated by the web client when creating an offer. If successful, the server returns an object with access_token, token_type, expires_in, c_nonce, c_nonce_expires_in, authorization_pending and interval properties. access_token is a string that represents the access token. token_type is a string that represents the token type (bearer in our case). expires_in is a number that represents the expiration time of the token in seconds. c_nonce is a string that represents the c-nonce. c_nonce_expires_in is a number that represents the expiration time of the c-nonce in seconds. authorization_pending is a boolean that indicates if the authorization is pending (not used in our case). interval is a number that represents the interval in milliseconds.

Endpoint will return credential data that can be claimed which is transformed in QR code by web client, for wallet app to scan. User has to pass data in request body for which credential one wants to trigger issueance. In this example we will use Character credential. We want to create body with properties credentials which is an array of strings and has to contain CharacterCredential type as string. We also want to pass grants object with urn:ietf:params:oauth:grant-type:pre-authorized_code as key and object with pre-authorized_code which is a random id web client generates to later access status of issued credential, and user_pin_required property, which is set to false in this case. Last thing we want to pass is credentialDataSupplierInput object with properties for specified credential type. Those properties are written in JSON file in /dev/oid4vci_metadata directory in object credentialSubject. In this case we want to pass name and biography. If successful, the server returns a URI (in url encoded format) containing the credential offer and a boolean indicating if user pin is required (we set it to false).

Endpoint returns status of the credential offer that has been created (look at previous endpoint). User has to pass id of the offer in request body. Id is generated by web client when creating an offer (look at previous endpoint). If successful, the server returns an object with createdAt,lastUpdatedAt and status properties. createdAt is a timestamp indicating when the offer was created, lastUpdatedAt is a timestamp indicating the last update time of the offer and status is the status of the offer. status can be OFFER_CREATED, CREDENTIAL_ISSUED, ERROR