├── .github └── workflows │ └── Build-OID4VCI.yml ├── .gitignore ├── CONTRIBUTING.md ├── README.md ├── diagrams ├── README.md ├── attestation_native_app_bff.plantuml ├── attestation_native_app_bff.png ├── attestation_native_app_client_assertion.plantuml ├── attestation_native_app_client_assertion.png ├── attestation_native_app_client_cert.plantuml ├── attestation_native_app_client_cert.png ├── attestation_native_app_client_cert_provisioning.plantuml ├── attestation_native_app_client_cert_provisioning.png ├── attestation_native_app_issuer_initiated_bff.plantuml ├── attestation_native_app_issuer_initiated_bff.png ├── attestation_native_app_issuer_initiated_client_assertion.plantuml ├── attestation_native_app_issuer_initiated_client_assertion.png ├── attestation_web_wallet.plantuml └── attestation_web_wallet.png ├── examples ├── authorization_details.json ├── authorization_details_jwt_vc_json.json ├── authorization_details_ldp_vc.json ├── authorization_details_mso_doc.json ├── authorization_details_multiple_credentials.json ├── authorization_details_sd_jwt_vc.json ├── authorization_details_with_as.json ├── credential_issuer_metadata_jwt_vc_json.json ├── credential_metadata_jwt_vc_json.json ├── credential_metadata_ldp_vc.json ├── credential_metadata_mso_mdoc.json ├── credential_metadata_sd_jwt_vc.json ├── credential_offer_authz_code.txt ├── credential_offer_by_reference.json ├── credential_offer_multiple_credentials.json ├── credential_offer_pre-authz_code.json ├── credential_request_iso_mdl.json ├── credential_response_jwt_vc_json.txt ├── credential_response_ldp_vc.txt ├── credential_response_mso_mdoc.txt ├── credential_response_sd_jwt_vc.txt └── issuer_jwks.json └── openid-4-verifiable-credential-issuance-1_0.md /.github/workflows/Build-OID4VCI.yml: -------------------------------------------------------------------------------- 1 | name: OID4VCI document push 2 | on: 3 | push: 4 | branches: [ main ] 5 | pull_request: 6 | branches: [ main ] 7 | 8 | jobs: 9 | compile-oid4vc: 10 | name: Compile site assets 11 | runs-on: ubuntu-latest 12 | steps: 13 | - uses: actions/checkout@v4 14 | - name: Run the build process with Docker 15 | run: | 16 | docker run \ 17 | -v /${{ github.workspace }}:/data danielfett/markdown2rfc \ 18 | openid-4-verifiable-credential-issuance-1_0.md 19 | - name: rename 20 | run: | 21 | mv ./openid-4-verifiable-credential-issuance-1_0*.html ./openid-4-verifiable-credential-issuance-wg-draft.html 22 | - uses: actions/upload-artifact@v4 23 | with: 24 | # Artifact name 25 | name: output # optional 26 | # Destination path 27 | path: ./openid-4-verifiable-credential-issuance*.html # optional 28 | 29 | publish-to-pages: 30 | name: Publish to GitHub Pages 31 | if: github.ref == 'refs/heads/main' 32 | needs: compile-oid4vc 33 | runs-on: ubuntu-latest 34 | permissions: 35 | pages: write 36 | id-token: write 37 | environment: 38 | name: github-pages 39 | url: ${{ steps.deployment.outputs.page_url }} 40 | steps: 41 | - name: Download artifact 42 | uses: actions/download-artifact@v4 43 | with: 44 | name: output 45 | - name: Upload pages artifact 46 | uses: actions/upload-pages-artifact@v3 47 | with: 48 | path: . 49 | - name: Deploy to GitHub Pages 50 | id: deployment 51 | uses: actions/deploy-pages@v4 52 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | openid-4-verifiable-credential-issuance-1_*.html 2 | openid-4-verifiable-credential-issuance-1_*.xml 3 | .idea/ -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | I'm really glad you're reading this, because we need volunteer developers to help this effort come to fruition. 4 | 5 | Here are some important resources: 6 | 7 | * [Digital Credentials Protocols (DCP) Working Group Home Page](https://openid.net/wg/digital-credentials-protocols/) should give you a little background 8 | * Mailing list: Join our [mailing list](http://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols) to ask questions or provide feedback 9 | * Bugs? the issue tracker above is where to report them 10 | 11 | ## Intellectual Policy 12 | 13 | You have to sign IPR Contribution Agreement to file issues. [More info on IPR](http://openid.net/intellectual-property/) 14 | 15 | Thanks, 16 | DCP Working Group Co-chairs 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # openid-4-verifiable-credential-issuance 2 | Specification to allow holders to request issuance of credentials and issuers to issue verifiable credentials. 3 | 4 | ### Current WG-Draft 5 | 6 | The current WG-Draft version is built automatically from the master branch and can be accessed at: https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html 7 | 8 | Other versions of the spec can be accessed at: https://openid.net/sg/openid4vc/specifications/ 9 | 10 | ### Build the HTML ### 11 | 12 | ```docker run -v `pwd`:/data danielfett/markdown2rfc openid-4-verifiable-credential-issuance-1_0.md``` 13 | -------------------------------------------------------------------------------- /diagrams/README.md: -------------------------------------------------------------------------------- 1 | These sequence diagrams shall illustrate different design options to implement credential issuance in scenarios with substantial or high security security requirements. 2 | 3 | The focus is on the wallet design, the issuer design is out of scope. 4 | 5 | The design options described here are based on the security considerations in https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#name-trust-between-wallet-and-is. 6 | 7 | Most of the design options assume the wallet is an app running on a smartphone and utilizing the device's capabilities to secutely store keys and credentials. This app then uses a cloud service for some operations relevant for achieving the desired security level, namely app attestation and client authentication towards the issuer. The interface towards the issuer is always the client authentication based on trust established between the wallet provider and the issuer (directly or via a registry). 8 | 9 | One flow show how a web wallet could be implemented. 10 | 11 | All flows assume the different components are operated by the Wallet Provider. 12 | 13 | Terms: 14 | 15 | * (Wallet) Frontend: Wallet mobile application that the End-User interacts with. 16 | * (Wallet) Backend: Component of the Wallet in the form of a Cloud service. 17 | 18 | Options: 19 | 20 | * __attestation_native_app_bff.plantuml__ - The native app utilizes the cloud service according to the "Backend for Frontend" pattern that is common practice in the OAuth world. It means, in particular, that the app relies on its cloud service to authenticate towards the issuer (PAR & token endpoint) to set up a pushed authorization request and to get the access token to obtain one or more credentials. To maximize privacy, the actual credential issuance is NOT sent through the backend. Instead the wallet directly calls the issuer's credential endpoint. A variant of this option for issuer initiated issuance is given in attestation_native_app_issuer_initiated_bff.plantuml 21 | * __attestation_native_app_client_assertion.plantuml__ - The native app utilizes it's cloud service to get a short living assertion that it then uses to directly authenticate with the credental issuer (PAR & token endpoints) to set up a pushed authorization request and obtain the access token from the issuer. A variant of this option for issuer initiated issuance is given in attestation_native_app_issuer_initiated_client_assertion.plantuml 22 | * __attestation_native_app_cert.plantuml__/__attestation_native_app_cert_provisioning.plantuml__ - every native app instance is provisioned with a X.509 certificate by its cloud service, i.e. the wallet provider is the CA for those certificates. Such a certificate is used to authenticate the native app towards the credential issuer (PAR & token endpoint). The issuer must verify that the certificate was issued by a trusted party (the wallet provider). -------------------------------------------------------------------------------- /diagrams/attestation_native_app_bff.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | 3 | autonumber 4 | 5 | participant "User Agent" as ua 6 | 7 | participant "Wallet Frontend" as w 8 | 9 | participant "Wallet Backend" as b 10 | 11 | participant "Credential Issuer" as i 12 | 13 | ua --> w: get credential 14 | 15 | w -> i: get metadata 16 | 17 | i -> w : metadata 18 | 19 | w -> w : create PKCE code verifier 20 | 21 | w -> b : par (client_id, code_challenge, code_challenge_method, \nauthorization_details, redirect_uri) 22 | 23 | b -> i : par (response_type, client_id, code_challenge,\ncode_challenge_method, authorization_details, redirect_uri) 24 | 25 | i --> b : request_uri 26 | 27 | b --> w : request_uri 28 | 29 | 30 | w --> ua: authorize (client_id, request_uri) 31 | ua --> i: authorize (client_id, request_uri) 32 | 33 | 34 | note over ua, i: user authentication and consent 35 | 36 | i --> ua : authorize response (code) 37 | ua --> w : authorize response (code) 38 | 39 | w -> w : gen DPoP key 40 | 41 | w -> w : gen DPoP proof for issuer token endpoint 42 | 43 | w -> b : get nonce 44 | 45 | b -> w : return nonce 46 | 47 | w -> w : sign attestation assertion (nonce) 48 | 49 | w -> b : get access token (client_id, code, code_verifier,\ndpop, assertion, redirect_uri, token_endpoint) 50 | 51 | b -> b : check assertion 52 | 53 | b -> i : token (client_id, grant_type, code, code_verifier,\ndpop_proof, redirect_uri) 54 | 55 | note over w, i: wallet backend authenticates with certificate registered with trusted registry\ncredential issuer checks wallet provider's cert with trusted registry\naccess token is bound to DPoP key maintained by wallet frontend 56 | 57 | i -> b : access_token, c_nonce, authorization_details 58 | 59 | b -> w : access_token, c_nonce, authorization_details 60 | 61 | w -> w : gen key for credential 62 | 63 | w -> w : create proof of posssion (c_nonce) 64 | 65 | w -> w : create DPoP proof for issuance request 66 | 67 | w -> i : issue credential (access_token, credential_type, format, proof, proof) 68 | 69 | i -> w : credential, format 70 | 71 | w -> w : store credential 72 | 73 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_native_app_bff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_native_app_bff.png -------------------------------------------------------------------------------- /diagrams/attestation_native_app_client_assertion.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | 3 | autonumber 4 | 5 | participant User as u 6 | 7 | participant "User Agent" as ua 8 | 9 | participant "Wallet Frontend" as w 10 | 11 | participant "Wallet Backend" as b 12 | 13 | participant "Credential Issuer" as i 14 | 15 | 16 | ua --> w: get credential 17 | 18 | w -> i: get metadata 19 | 20 | i -> w: Metadata cointaining credential types, key requirements, endpoints 21 | 22 | w -> b: get nonce 23 | b -> w: return nonce 24 | 25 | w -> w : obtain app attestation (nonce) 26 | 27 | w -> b : get assertion for oauth exchange(app attestation, client_id, redirect_uri) 28 | 29 | b -> b : check app_attestation & client data 30 | 31 | b -> b : generate assertion (iss=wallet backend, client_id, redirect_uri) 32 | 33 | b -> w : assertion 34 | 35 | w -> w : create PKCE code verifier 36 | 37 | w -> i : par (assertion, response_type, client_id, code_challenge,\ncode_challenge_method, authorization_details, redirect_uri) 38 | 39 | i -> w : request_uri 40 | 41 | 42 | w --> ua: authorize (client_id, request_uri) 43 | ua --> i: authorize (client_id, request_uri) 44 | 45 | 46 | note over u, i: user authentication and consent 47 | 48 | i --> ua : authorize response (code) 49 | ua --> w : authorize response (code) 50 | 51 | w -> w : gen DPoP key 52 | 53 | w -> w : gen DPoP proof for issuer token endpoint 54 | 55 | w -> i : token (assertion, code, client_id, code_verifier, dpop_proof) 56 | 57 | note over w, i: wallet authenticates with assertion as OAuth Client\ncredential issuer checks assertion issuer (wallet provider) with trust registry 58 | 59 | i -> w : access_token, c_nonce 60 | 61 | w -> w : gen key : key, key_attestation 62 | 63 | w -> w : create proof of possession (c_nonce) 64 | 65 | w -> w : create DPoP proof for issuance request 66 | 67 | w -> i : request credential (access_token, credential_type, format, proof, key_policy, dpop_proof) 68 | 69 | i -> w : credential 70 | 71 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_native_app_client_assertion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_native_app_client_assertion.png -------------------------------------------------------------------------------- /diagrams/attestation_native_app_client_cert.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | autonumber 3 | participant "User Agent" as u 4 | participant "Wallet Frontend" as w 5 | participant "Wallet Backend" as b 6 | participant "Credential Issuer" as i 7 | 8 | u --> w: get credential 9 | 10 | w -> i: get metadata 11 | i -> w: credential types, key requirements, endpoints 12 | w -> w : create PKCE code verifier 13 | 14 | w -> i : par (response_type, client_id, code_challenge,\ncode_challenge_method, authorization_details, redirect_uri) 15 | 16 | i --> w : request_uri 17 | 18 | 19 | w -> u: authorize (client_id, request_uri) 20 | u -> i: authorize (client_id, request_uri) 21 | note over u, i: user authenticatation/identification + consent 22 | i --> u : authorize response (code) 23 | u --> w: authorize response (code) 24 | w -> i : token (code, client_id, assertion) 25 | note over w, i: wallet frontend authenticates with certificate issued by wallet provider (or any other trusted 3rd party) as OAuth Client\ncredential issuer checks assertion issuer (wallet provider) with trust registry\naccess token is bound to wallet certificate 26 | i -> w : access_token, c_nonce 27 | w -> w : gen key : key, key_attestation 28 | w -> w : create proof of posssion (c_nonce) 29 | w -> i : issue credential (access_token, credential_type, format, proof, key_policy) 30 | note over w, i: wallet frontend authenticates with same certificate as used for token request\ncredential issuer checks access token cert binding 31 | i -> w : credential 32 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_native_app_client_cert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_native_app_client_cert.png -------------------------------------------------------------------------------- /diagrams/attestation_native_app_client_cert_provisioning.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | autonumber 3 | participant User as u 4 | participant "Wallet Frontend" as w 5 | participant "Wallet Backend" as b 6 | 7 | u -> w : setup 8 | w -> w : create key pair (pub, priv) 9 | w -> b : get nonce (for app attestation) 10 | b -> w : nonce 11 | w -> w : obtain app attestation (nonce) 12 | w -> b : get certificate (app attestation, pub) 13 | b -> b : check app_attestation 14 | b -> b : generate certificate (pub, issuer=wallet provider, client_id) 15 | b -> w : certificate, client_id 16 | note over w,b: could also be a verifiable credential 17 | w -> w: store certificate 18 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_native_app_client_cert_provisioning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_native_app_client_cert_provisioning.png -------------------------------------------------------------------------------- /diagrams/attestation_native_app_issuer_initiated_bff.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | participant User as u 3 | participant "Wallet Frontend" as w 4 | participant "Wallet Backend" as b 5 | participant Issuer as i 6 | 7 | u -> i : get credential 8 | i -> w : get your credential (pre-authz-code, credential_type, expected_key_types) 9 | w -> w : gen DPoP key 10 | w -> w : gen DPoP proof for issuer token endpoint 11 | w -> b : get nonce 12 | b -> w : return nonce 13 | w -> w : sign attestation assertion (nonce) 14 | w -> b : exchange code (pre-authz-code, pin, dpop, assertion) 15 | b -> b : check assertion 16 | 17 | b -> i : token (client_id, grant_type, code, code_verifier,\ndpop_proof, redirect_uri) 18 | 19 | note over w, i: wallet backend authenticates with certificate registered with trusted registry\ncredential issuer checks wallet provider's cert with trusted registry\naccess token is bound to DPoP key maintained by wallet frontend 20 | 21 | i -> b : access_token, c_nonce, authorization_details 22 | 23 | b -> w : access_token, c_nonce, authorization_details 24 | 25 | w -> w : gen key for credential 26 | 27 | w -> w : create proof of posssion (c_nonce) 28 | 29 | w -> w : create DPoP proof for issuance request 30 | 31 | w -> i : issue credential (access_token, credential_type, format, proof, dpop_proof) 32 | 33 | i -> w : credential, format 34 | 35 | w -> w : store credential 36 | 37 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_native_app_issuer_initiated_bff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_native_app_issuer_initiated_bff.png -------------------------------------------------------------------------------- /diagrams/attestation_native_app_issuer_initiated_client_assertion.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | participant "User Agent" as u 3 | box "Wallet" 4 | participant "Frontend" as w 5 | participant "Backend" as b 6 | end box 7 | box "Issuer" 8 | participant "Metadata" as m 9 | participant "Web Site" as s 10 | participant "Token Endpoint" as t 11 | participant "Credential Endpoint" as c 12 | end box 13 | 14 | u -> s : get credential 15 | note over u, s: prepare credential issuance 16 | s -> u : Issuance Initiation Request \n(pre-authz-code, credential_type, expected_key_types, issuer) 17 | u -> w : Issuance Initiation Request \n(pre-authz-code, credential_type, expected_key_types, issuer) 18 | w -> w : gen DPoP key 19 | w -> w : gen DPoP proof for issuer token endpoint 20 | w -> b : get nonce (for app attestation) 21 | b -> w : nonce 22 | w -> w : obtain app attestation (nonce) 23 | w -> b : get assertion for code exchange\n(hash(pre-authz-code), app attestation) 24 | b -> b : check app_attestation 25 | b -> b : generate assertion \n(iss=wallet backend, pre_authz_code_hash, client_id) 26 | b -> w : assertion 27 | w -> m : get issuer metadata 28 | w -> t : token request \n(pre-authz-code, pin, client_id, assertion, dpop_proof) 29 | note over w, t: wallet authenticates with issuer as OAuth Client using the assertion issued by its backend (RFC 7523)\nissuer checks wallet backend id and key against trust registry 30 | note over w, t: Token Endpoint validates pre-authorized code and creates corresponding access token 31 | t -> w : token response \n(access_token, c_nonce) 32 | w -> w : gen key : key, key_attestation 33 | w -> w : create proof of posssion (c_nonce) 34 | w -> w : create DPoP proof for issuance request 35 | w -> c : issue credential \n(access_token, credential_type, format, proof, key_policy, dpop_proof) 36 | note over w, c: Credential Endpoint Token checks whether the access token is good for requested credential type and \nwhether the proof of possession is valid 37 | c -> w : credential response (credential, format) 38 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_native_app_issuer_initiated_client_assertion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_native_app_issuer_initiated_client_assertion.png -------------------------------------------------------------------------------- /diagrams/attestation_web_wallet.plantuml: -------------------------------------------------------------------------------- 1 | @startuml 2 | participant "User Agent" as w 3 | participant "Web Wallet" as b 4 | participant Issuer as i 5 | 6 | w -> b : start credential issuance : authz url 7 | w --> i : authorize 8 | i --> w : authorize response (code) 9 | w --> b : authorize response (code) 10 | b -> i : token (code, client_id, ...): access_token, c_nonce 11 | note right: wallet authenticates with issuer\nissuer may check wallet against trust registry 12 | b -> b : gen key : key, key_attestation 13 | b -> b : create proof of posssion 14 | b -> i : issue credential (type, format, proof): credential 15 | @enduml -------------------------------------------------------------------------------- /diagrams/attestation_web_wallet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openid/OpenID4VCI/58af0a264a07fd8448206da3f45433d0d1491f45/diagrams/attestation_web_wallet.png -------------------------------------------------------------------------------- /examples/authorization_details.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "credential_configuration_id": "UniversityDegreeCredential" 5 | } 6 | ] -------------------------------------------------------------------------------- /examples/authorization_details_jwt_vc_json.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "credential_configuration_id": "UniversityDegreeCredential", 5 | "claims": [ 6 | {"path": ["credentialSubject", "given_name"]}, 7 | {"path": ["credentialSubject", "family_name"]}, 8 | {"path": ["credentialSubject", "degree"]} 9 | ] 10 | } 11 | ] -------------------------------------------------------------------------------- /examples/authorization_details_ldp_vc.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "credential_configuration_id": "UniversityDegree_LDP_VC", 5 | "claims": [ 6 | {"path": ["credentialSubject", "given_name"]}, 7 | {"path": ["credentialSubject", "family_name"]}, 8 | {"path": ["credentialSubject", "degree"]} 9 | ] 10 | } 11 | ] -------------------------------------------------------------------------------- /examples/authorization_details_mso_doc.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "credential_configuration_id": "org.iso.18013.5.1.mDL", 5 | "claims": [ 6 | {"path": ["org.iso.18013.5.1","given_name"]}, 7 | {"path": ["org.iso.18013.5.1","family_name"]}, 8 | {"path": ["org.iso.18013.5.1","birth_date"]}, 9 | {"path": ["org.iso.18013.5.1.aamva","organ_donor"]} 10 | ] 11 | } 12 | ] -------------------------------------------------------------------------------- /examples/authorization_details_multiple_credentials.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "credential_configuration_id": "UniversityDegreeCredential" 5 | }, 6 | { 7 | "type": "openid_credential", 8 | "credential_configuration_id": "org.iso.18013.5.1.mDL" 9 | } 10 | ] -------------------------------------------------------------------------------- /examples/authorization_details_sd_jwt_vc.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "format": "dc+sd-jwt", 5 | "vct": "SD_JWT_VC_example_in_OpenID4VCI" 6 | } 7 | ] -------------------------------------------------------------------------------- /examples/authorization_details_with_as.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "type": "openid_credential", 4 | "locations": [ 5 | "https://credential-issuer.example.com" 6 | ], 7 | "credential_configuration_id": "UniversityDegreeCredential" 8 | } 9 | ] -------------------------------------------------------------------------------- /examples/credential_issuer_metadata_jwt_vc_json.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_issuer": "https://credential-issuer.example.com", 3 | "authorization_servers": [ 4 | "https://server.example.com" 5 | ], 6 | "credential_endpoint": "https://credential-issuer.example.com", 7 | "deferred_credential_endpoint": "https://credential-issuer.example.com/deferred_credential", 8 | "credential_response_encryption": { 9 | "alg_values_supported": [ 10 | "ECDH-ES" 11 | ], 12 | "enc_values_supported": [ 13 | "A128GCM" 14 | ], 15 | "encryption_required": false 16 | }, 17 | "display": [ 18 | { 19 | "name": "Example University", 20 | "locale": "en-US" 21 | }, 22 | { 23 | "name": "Example Université", 24 | "locale": "fr-FR" 25 | } 26 | ], 27 | "credential_configurations_supported": { 28 | "UniversityDegreeCredential": { 29 | "format": "jwt_vc_json", 30 | "scope": "UniversityDegree", 31 | "cryptographic_binding_methods_supported": [ 32 | "did:example" 33 | ], 34 | "credential_signing_alg_values_supported": [ 35 | "ES256" 36 | ], 37 | "credential_definition":{ 38 | "type": [ 39 | "VerifiableCredential", 40 | "UniversityDegreeCredential" 41 | ] 42 | }, 43 | "claims": [ 44 | { 45 | "path": ["credentialSubject", "given_name"], 46 | "display": [ 47 | { 48 | "name": "Given Name", 49 | "locale": "en-US" 50 | } 51 | ] 52 | }, 53 | { 54 | "path": ["credentialSubject", "family_name"], 55 | "display": [ 56 | { 57 | "name": "Surname", 58 | "locale": "en-US" 59 | } 60 | ] 61 | }, 62 | { 63 | "path": ["credentialSubject", "degree"] 64 | }, 65 | { 66 | "path": ["credentialSubject", "gpa"], 67 | "display": [ 68 | { 69 | "name": "GPA" 70 | } 71 | ] 72 | } 73 | ], 74 | "proof_types_supported": { 75 | "jwt": { 76 | "proof_signing_alg_values_supported": [ 77 | "ES256" 78 | ] 79 | } 80 | }, 81 | "display": [ 82 | { 83 | "name": "University Credential", 84 | "locale": "en-US", 85 | "logo": { 86 | "uri": "https://university.example.edu/public/logo.png", 87 | "alt_text": "a square logo of a university" 88 | }, 89 | "background_color": "#12107c", 90 | "text_color": "#FFFFFF" 91 | } 92 | ] 93 | } 94 | } 95 | } -------------------------------------------------------------------------------- /examples/credential_metadata_jwt_vc_json.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_configurations_supported": { 3 | "UniversityDegreeCredential": { 4 | "format": "jwt_vc_json", 5 | "scope": "UniversityDegree", 6 | "cryptographic_binding_methods_supported": [ 7 | "did:example" 8 | ], 9 | "credential_signing_alg_values_supported": [ 10 | "ES256" 11 | ], 12 | "credential_definition": { 13 | "type": [ 14 | "VerifiableCredential", 15 | "UniversityDegreeCredential" 16 | ] 17 | }, 18 | "claims": [ 19 | { 20 | "path": ["credentialSubject", "given_name"], 21 | "display": [ 22 | { 23 | "name": "Given Name", 24 | "locale": "en-US" 25 | } 26 | ] 27 | }, 28 | { 29 | "path": ["credentialSubject", "family_name"], 30 | "display": [ 31 | { 32 | "name": "Surname", 33 | "locale": "en-US" 34 | } 35 | ] 36 | }, 37 | { 38 | "path": ["credentialSubject", "degree"] 39 | }, 40 | { 41 | "path": ["credentialSubject", "gpa"], 42 | "mandatory": true, 43 | "display": [ 44 | { 45 | "name": "GPA" 46 | } 47 | ] 48 | } 49 | ], 50 | "proof_types_supported": { 51 | "jwt": { 52 | "proof_signing_alg_values_supported": [ 53 | "ES256" 54 | ] 55 | } 56 | }, 57 | "display": [ 58 | { 59 | "name": "University Credential", 60 | "locale": "en-US", 61 | "logo": { 62 | "uri": "https://university.example.edu/public/logo.png", 63 | "alt_text": "a square logo of a university" 64 | }, 65 | "background_color": "#12107c", 66 | "text_color": "#FFFFFF" 67 | } 68 | ] 69 | } 70 | } 71 | } -------------------------------------------------------------------------------- /examples/credential_metadata_ldp_vc.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_configurations_supported": { 3 | "UniversityDegree_LDP_VC": { 4 | "format": "ldp_vc", 5 | "cryptographic_binding_methods_supported": [ 6 | "did:example" 7 | ], 8 | "credential_signing_alg_values_supported": [ 9 | "Ed25519Signature2018" 10 | ], 11 | "credentials_definition": { 12 | "@context": [ 13 | "https://www.w3.org/2018/credentials/v1", 14 | "https://www.w3.org/2018/credentials/examples/v1" 15 | ], 16 | "type": [ 17 | "VerifiableCredential", 18 | "UniversityDegreeCredential" 19 | ] 20 | "@context": [ 21 | "https://www.w3.org/2018/credentials/v1", 22 | "https://www.w3.org/2018/credentials/examples/v1" 23 | ] 24 | }, 25 | "claims": [ 26 | { 27 | "path": ["credentialSubject", "given_name"], 28 | "display": [ 29 | { 30 | "name": "Given Name", 31 | "locale": "en-US" 32 | } 33 | ] 34 | }, 35 | { 36 | "path": ["credentialSubject", "family_name"], 37 | "display": [ 38 | { 39 | "name": "Surname", 40 | "locale": "en-US" 41 | } 42 | ] 43 | }, 44 | { 45 | "path": ["credentialSubject", "degree"] 46 | }, 47 | { 48 | "path": ["credentialSubject", "gpa"], 49 | "mandatory": true, 50 | "display": [ 51 | { 52 | "name": "GPA" 53 | } 54 | ] 55 | } 56 | ], 57 | "display": [ 58 | { 59 | "name": "University Credential", 60 | "locale": "en-US", 61 | "logo": { 62 | "uri": "https://university.example.edu/public/logo.png", 63 | "alt_text": "a square logo of a university" 64 | }, 65 | "background_color": "#12107c", 66 | "text_color": "#FFFFFF" 67 | } 68 | ] 69 | } 70 | } 71 | } -------------------------------------------------------------------------------- /examples/credential_metadata_mso_mdoc.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_configurations_supported": { 3 | "org.iso.18013.5.1.mDL": { 4 | "format": "mso_mdoc", 5 | "doctype": "org.iso.18013.5.1.mDL", 6 | "cryptographic_binding_methods_supported": [ 7 | "cose_key" 8 | ], 9 | "credential_signing_alg_values_supported": [ 10 | "ES256", "ES384", "ES512" 11 | ], 12 | "display": [ 13 | { 14 | "name": "Mobile Driving License", 15 | "locale": "en-US", 16 | "logo": { 17 | "uri": "https://state.example.org/public/mdl.png", 18 | "alt_text": "state mobile driving license" 19 | }, 20 | "background_color": "#12107c", 21 | "text_color": "#FFFFFF" 22 | }, 23 | { 24 | "name": "モバイル運転免許証", 25 | "locale": "ja-JP", 26 | "logo": { 27 | "uri": "https://state.example.org/public/mdl.png", 28 | "alt_text": "米国州発行のモバイル運転免許証" 29 | }, 30 | "background_color": "#12107c", 31 | "text_color": "#FFFFFF" 32 | } 33 | ], 34 | "claims": [ 35 | { 36 | "path": ["org.iso.18013.5.1","given_name"], 37 | "display": [ 38 | { 39 | "name": "Given Name", 40 | "locale": "en-US" 41 | }, 42 | { 43 | "name": "名前", 44 | "locale": "ja-JP" 45 | } 46 | ] 47 | }, 48 | { 49 | "path": ["org.iso.18013.5.1","family_name"], 50 | "display": [ 51 | { 52 | "name": "Surname", 53 | "locale": "en-US" 54 | } 55 | ] 56 | }, 57 | { 58 | "path": ["org.iso.18013.5.1","birth_date"], 59 | "mandatory": true 60 | }, 61 | {"path": ["org.iso.18013.5.1.aamva","organ_donor"]} 62 | ] 63 | } 64 | } 65 | } -------------------------------------------------------------------------------- /examples/credential_metadata_sd_jwt_vc.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_configurations_supported": { 3 | "SD_JWT_VC_example_in_OpenID4VCI": { 4 | "format": "dc+sd-jwt", 5 | "scope": "SD_JWT_VC_example_in_OpenID4VCI", 6 | "cryptographic_binding_methods_supported": [ 7 | "jwk" 8 | ], 9 | "credential_signing_alg_values_supported": [ 10 | "ES256" 11 | ], 12 | "display": [ 13 | { 14 | "name": "IdentityCredential", 15 | "logo": { 16 | "uri": "https://university.example.edu/public/logo.png", 17 | "alt_text": "a square logo of a university" 18 | }, 19 | "locale": "en-US", 20 | "background_color": "#12107c", 21 | "text_color": "#FFFFFF" 22 | } 23 | ], 24 | "proof_types_supported": { 25 | "jwt": { 26 | "proof_signing_alg_values_supported": [ 27 | "ES256" 28 | ] 29 | } 30 | }, 31 | "vct": "SD_JWT_VC_example_in_OpenID4VCI", 32 | "claims": [ 33 | { 34 | "path": ["given_name"], 35 | "display": [ 36 | { 37 | "name": "Given Name", 38 | "locale": "en-US" 39 | }, 40 | { 41 | "name": "Vorname", 42 | "locale": "de-DE" 43 | } 44 | ] 45 | }, 46 | { 47 | "path": ["family_name"], 48 | "display": [ 49 | { 50 | "name": "Surname", 51 | "locale": "en-US" 52 | }, 53 | { 54 | "name": "Nachname", 55 | "locale": "de-DE" 56 | } 57 | ] 58 | }, 59 | {"path": ["email"]}, 60 | {"path": ["phone_number"]}, 61 | { 62 | "path": ["address"], 63 | "display": [ 64 | { 65 | "name": "Place of residence", 66 | "locale": "en-US" 67 | }, 68 | { 69 | "name": "Wohnsitz", 70 | "locale": "de-DE" 71 | } 72 | ] 73 | }, 74 | {"path": ["address", "street_address"]}, 75 | {"path": ["address", "locality"]}, 76 | {"path": ["address", "region"]}, 77 | {"path": ["address", "country"]}, 78 | {"path": ["birthdate"]}, 79 | {"path": ["is_over_18"]}, 80 | {"path": ["is_over_21"]}, 81 | {"path": ["is_over_65"]} 82 | ] 83 | } 84 | } 85 | } -------------------------------------------------------------------------------- /examples/credential_offer_authz_code.txt: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Content-Type: application/json 3 | 4 | { 5 | "credential_issuer": "https://credential-issuer.example.com", 6 | "credential_configuration_ids": [ 7 | "UniversityDegreeCredential" 8 | ], 9 | "grants": { 10 | "authorization_code": { 11 | "issuer_state": "eyJhbGciOiJSU0Et...FYUaBy" 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /examples/credential_offer_by_reference.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_issuer": "https://credential-issuer.example.com", 3 | "credential_configuration_ids": [ 4 | "UniversityDegree_LDP_VC" 5 | ], 6 | "grants": { 7 | "urn:ietf:params:oauth:grant-type:pre-authorized_code": { 8 | "pre-authorized_code": "adhjhdjajkdkhjhdj", 9 | "tx_code": {} 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /examples/credential_offer_multiple_credentials.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_issuer": "https://credential-issuer.example.com", 3 | "credential_configuration_ids": [ 4 | "UniversityDegreeCredential", 5 | "org.iso.18013.5.1.mDL" 6 | ], 7 | "grants": { 8 | "urn:ietf:params:oauth:grant-type:pre-authorized_code": { 9 | "pre-authorized_code": "oaKazRN8I0IbtZ0C7JuMn5", 10 | "tx_code": { 11 | "length": 4, 12 | "input_mode": "numeric", 13 | "description": "Please provide the one-time code that was sent via e-mail" 14 | } 15 | } 16 | } 17 | } -------------------------------------------------------------------------------- /examples/credential_offer_pre-authz_code.json: -------------------------------------------------------------------------------- 1 | { 2 | "credential_issuer": "https://credential-issuer.example.com", 3 | "credential_configuration_ids": [ 4 | "UniversityDegreeCredential" 5 | ], 6 | "grants": { 7 | "urn:ietf:params:oauth:grant-type:pre-authorized_code": { 8 | "pre-authorized_code": "adhjhdjajkdkhjhdj", 9 | "tx_code": { 10 | "description": "Please provide the one-time code which was sent to your mobile phone via SMS" 11 | } 12 | } 13 | } 14 | } -------------------------------------------------------------------------------- /examples/credential_request_iso_mdl.json: -------------------------------------------------------------------------------- 1 | { 2 | "format": "mso_mdoc", 3 | "doctype": "org.iso.18013.5.1.mDL", 4 | "proofs": { 5 | "jwt": [ 6 | "eyJraWQiOiJkaWQ6ZXhhbXBsZ...KPxgihac0aW9EkL1nOzM" 7 | ] 8 | } 9 | } -------------------------------------------------------------------------------- /examples/credential_response_jwt_vc_json.txt: -------------------------------------------------------------------------------- 1 | 2 | HTTP/1.1 200 OK 3 | Content-Type: application/json 4 | Cache-Control: no-store 5 | 6 | { 7 | "credentials": [ 8 | { 9 | "credential": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6I 10 | nVybjppZXRmOnBhcmFtczpvYXV0aDpqd2stdGh1bWJwcmludDpzaGEtMjU2O 11 | m1sVXBvZzd2RWV3RkJlbTZVbDA5YzJkdFR3YzhkRnpWcElEWDNzcUdXVzAif 12 | Q.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC 13 | 9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZW 14 | RlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImlkIjoiaHR0cHM6Ly9jcmVkZW50aW 15 | FsLWlzc3Vlci5leGFtcGxlLmNvbS9jcmVkZW50aWFscy8zNzMyIiwidHlwZS 16 | I6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcm 17 | VkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vY3JlZGVudGlhbC1pc3N1ZX 18 | IuZXhhbXBsZS5jb20iLCJpc3N1YW5jZURhdGUiOiIyMDI1LTAxLTAxVDAwOj 19 | AwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmp3azpleU 20 | pyYVdRaU9pSjFjbTQ2YVdWMFpqcHdZWEpoYlhNNmIyRjFkR2c2YW5kckxYUm 21 | 9kVzFpY0hKcGJuUTZjMmhoTFRJMU5qcFdZa3BQVTNacWVGVTJURGhETjBkVl 22 | R6UmtjMmhKV1ZZemVtSjJSbmRyV1VJME0xbEtOVXQwZERoRklpd2lhM1I1SW 23 | pvaVJVTWlMQ0pqY25ZaU9pSlFMVEkxTmlJc0ltRnNaeUk2SWtWVE1qVTJJaX 24 | dpZUNJNklrMWtReTFQUzNFMFFWRktabFpEV0RWNmNGRnZURGhxTkZaRlpuWl 25 | FXRGs0ZEZVNWFIaGpUbGhIY204aUxDSjVJam9pYm5OWGJtWmlOazVYYzBzek 26 | 9VSklMV2hCWVZOclExTmxORUo1YldWT2MyTktSVjl6WVVRelJETmlUU0o5Ii 27 | wiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsIm5hbWUiOiJCYW 28 | NoZWxvciBvZiBTY2llbmNlIGFuZCBBcnRzIn19fSwiaXNzIjoiaHR0cHM6Ly 29 | 9jcmVkZW50aWFsLWlzc3Vlci5leGFtcGxlLmNvbSIsIm5iZiI6MTczNTY4OT 30 | YwMCwianRpIjoiaHR0cHM6Ly9jcmVkZW50aWFsLWlzc3Vlci5leGFtcGxlLm 31 | NvbS9jcmVkZW50aWFscy8zNzMyIiwic3ViIjoiZGlkOmp3azpleUpyYVdRaU 32 | 9pSjFjbTQ2YVdWMFpqcHdZWEpoYlhNNmIyRjFkR2c2YW5kckxYUm9kVzFpY0 33 | hKcGJuUTZjMmhoTFRJMU5qcFdZa3BQVTNacWVGVTJURGhETjBkVlR6UmtjMm 34 | hKV1ZZemVtSjJSbmRyV1VJME0xbEtOVXQwZERoRklpd2lhM1I1SWpvaVJVTW 35 | lMQ0pqY25ZaU9pSlFMVEkxTmlJc0ltRnNaeUk2SWtWVE1qVTJJaXdpZUNJNk 36 | lrMWtReTFQUzNFMFFWRktabFpEV0RWNmNGRnZURGhxTkZaRlpuWlFXRGs0ZE 37 | ZVNWFIaGpUbGhIY204aUxDSjVJam9pYm5OWGJtWmlOazVYYzBzek9VSklMV2 38 | hCWVZOclExTmxORUo1YldWT2MyTktSVjl6WVVRelJETmlUU0o5In0.k13xQC 39 | nQIKAIuwQIbg37dwlNr8D6_2YUQtDTVQCq-ZsjcXxHagGC_VIZtd7RpR8OvB 40 | zTBHVwrBRD-_RzoV2Ofg" 41 | } 42 | ] 43 | } 44 | -------------------------------------------------------------------------------- /examples/credential_response_ldp_vc.txt: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Content-Type: application/json 3 | Cache-Control: no-store 4 | 5 | { 6 | "credentials": [ 7 | { 8 | "credential": { 9 | "@context": [ 10 | "https://www.w3.org/2018/credentials/v1", 11 | "https://www.w3.org/2018/credentials/examples/v1" 12 | ], 13 | "id": "http://example.edu/credentials/3732", 14 | "type": [ 15 | "VerifiableCredential", 16 | "UniversityDegreeCredential" 17 | ], 18 | "issuer": "https://example.edu/issuers/565049", 19 | "issuanceDate": "2010-01-01T00:00:00Z", 20 | "credentialSubject": { 21 | "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", 22 | "degree": { 23 | "type": "BachelorDegree", 24 | "name": "Bachelor of Science and Arts" 25 | } 26 | }, 27 | "proof": { 28 | "type": "Ed25519Signature2020", 29 | "created": "2022-02-25T14:58:43Z", 30 | "verificationMethod": "https://example.edu/issuers/565049#key-1", 31 | "proofPurpose": "assertionMethod", 32 | "proofValue": "zeEdUoM7m9cY8ZyTpey83yBKeBcmcvbyrEQzJ19rD2UXArU2U1 33 | jPGoEtrRvGYppdiK37GU4NBeoPakxpWhAvsVSt" 34 | } 35 | } 36 | } 37 | ] 38 | } -------------------------------------------------------------------------------- /examples/credential_response_mso_mdoc.txt: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Content-Type: application/json 3 | Cache-Control: no-store 4 | 5 | { 6 | "credentials": [ 7 | { 8 | "credential": "omppc3N1ZXJBdXRohEOhASahG...ArQwggKwMIICVqADAgEC" 9 | } 10 | ] 11 | } -------------------------------------------------------------------------------- /examples/credential_response_sd_jwt_vc.txt: -------------------------------------------------------------------------------- 1 | HTTP/1.1 200 OK 2 | Content-Type: application/json 3 | Cache-Control: no-store 4 | 5 | { 6 | "credentials": [ 7 | { 8 | "credential": "eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImRjK3NkLWp3d 9 | CIsICJraWQiOiAiZG9jLXNpZ25lci0wNS0yNS0yMDIyIn0.eyJfc2QiOiBbI 10 | jA5dktySk1PbHlUV00wc2pwdV9wZE9CVkJRMk0xeTNLaHBINTE1blhrcFkiL 11 | CAiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diS 12 | SIsICJFa084ZGhXMGRIRUpidlVIbEVfVkNldUM5dVJFTE9pZUxaaGg3WGJVV 13 | HRBIiwgIklsRHpJS2VpWmREd3BxcEs2WmZieXBoRnZ6NUZnbldhLXNONndxU 14 | VhDaXciLCAiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN 15 | 0VQWWxTRSIsICJQb3JGYnBLdVZ1Nnh5bUphZ3ZrRnNGWEFiUm9jMkpHbEFVQ 16 | TJCQTRvN2NJIiwgIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc 17 | 3JaemZVYW9tTG8iLCAiamRyVEU4WWNiWTRFaWZ1Z2loaUFlX0JQZWt4SlFaS 18 | UNlaVVRd1k5UXF4SSIsICJqc3U5eVZ1bHdRUWxoRmxNXzNKbHpNYVNGemdsa 19 | FFHMERwZmF5UXdMVUs0Il0sICJpc3MiOiAiaHR0cHM6Ly9leGFtcGxlLmNvb 20 | S9pc3N1ZXIiLCAiaWF0IjogMTY4MzAwMDAwMCwgImV4cCI6IDE4ODMwMDAwM 21 | DAsICJ2Y3QiOiAiaHR0cHM6Ly9jcmVkZW50aWFscy5leGFtcGxlLmNvbS9pZ 22 | GVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJjb 23 | mYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4I 24 | jogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlb 25 | WMiLCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0N 26 | GpUOUYySFpRIn19fQ.dVjA0sh4xGD32uPqc9h4WHiEL3A08kiKNE08IIrtn3 27 | PJvljLU7n19LBTtuzPFZoc_GoPuS97SIDbz96K8pkZew~WyIyR0xDNDJzS1F 28 | 2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyJlbHVWNU 29 | 9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd~WyI2S 30 | Wo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhb 31 | XBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX2 32 | 51bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ~WyJRZ19PNjR6cUF4ZTQxMmE 33 | xMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyB 34 | NYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkF 35 | ueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~WyJBSngtMDk1VlBycFR0TjR 36 | RTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0~WyJQYzMzSk0 37 | yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ~WyJHMDJO 38 | U3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ~WyJsa 39 | 2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ~" 40 | } 41 | ] 42 | } -------------------------------------------------------------------------------- /examples/issuer_jwks.json: -------------------------------------------------------------------------------- 1 | { 2 | "jwks": [ 3 | { 4 | "kid": "urn:ietf:params:oauth:jwk-thumbprint:sha-256:mlUpog7vEewFBem6Ul09c2dtTwc8dFzVpIDX3sqGWW0", 5 | "kty": "EC", 6 | "crv": "P-256", 7 | "alg": "ES256", 8 | "x": "_LC1FTUl0MltKAOQzXNsofVMpWFV2obLGrNCat_CQ-g", 9 | "y": "kBjoyjNuMVAOq--qVUgylDoLKuMdk4imS-Kk5ahuYIU" 10 | } 11 | ] 12 | } --------------------------------------------------------------------------------