From 284bbbbdc40b3cd9179fe8d5292e0b665931629f Mon Sep 17 00:00:00 2001 From: Bastien Lopez Date: Fri, 1 Nov 2024 16:58:06 +0100 Subject: [PATCH] up doc dentsu --- docs/wallet/issuer_configuration.md | 104 +++++++++++++++++++++++----- docs/wallet/wallet-profiles.md | 22 +++--- docusaurus.config.ts | 2 +- 3 files changed, 95 insertions(+), 33 deletions(-) diff --git a/docs/wallet/issuer_configuration.md b/docs/wallet/issuer_configuration.md index 8016f29..7fb2191 100644 --- a/docs/wallet/issuer_configuration.md +++ b/docs/wallet/issuer_configuration.md @@ -1,6 +1,6 @@ # Issuer configuration -Updated the 28th of October 2024. +Updated the 31th of October 2024. The wallets support most of the VC options of the OIDC4VCI standard for issuer configuration. @@ -8,7 +8,7 @@ The wallets support most of the VC options of the OIDC4VCI standard for issuer c OIDC4VCI has evolved rapidly between 2022 (Draft 10/11) and 2024 (Draft >= 13). The issuer metadata has changed multiple times. Right now wallets support Draft 10/11 and Draft 13 of the specifications. The selection of one Draft or another can be done manually in the wallet with the custom profile and the OIDCVC settings screen or through the wallet provider backend. -**EBSI V3.x is based on OIDC4VCI Draft 10**, DIIP V2.1, DIIP V3.0 and ARF uses Draft 13. +**EBSI V3.x is based on OIDC4VCI Draft 10**, DIIP V2.1, DIIP V3.0 and ARF use Draft 13. Specifications of the different Drafts are available here: @@ -68,7 +68,7 @@ The differences between this process and the use of a VP authentication step (OI - the VP(s) requested from the user depend on the VC requested by the user, - the integration and the UX are simpler. -In order to manage that combination wallet must provide its own authorization endpoint to the issuer. Right now, our wallets support the "EBSI V3.x implementation" way with a `client_metadata` argument added to the authorization request and push authorization request. +In order to manage that combination wallet must provide its own authorization endpoint to the issuer. Our wallets support the "EBSI V3.x implementation" way with a `client_metadata` argument when Draft is below or equal to 11 and the `wallet_issuer` attribute for more recent Draft, both added to the authorization request and push authorization request. Example of client_metadata: @@ -114,21 +114,26 @@ Wallet support all the attributes of the display. ```json "credential_configurations_supported": { "IBANLegalPerson": { - "scope": "IBANLegalPerson_scope", - "display": [ - { - "name": "Company IBAN", - "description": "IBAN", - "text_color": "#FBFBFB", - "text_color": "#FFFFFF", - "logo": { - "uri": "https://i.ibb.co/ZdVm5Bg/abn-logo.png", - "alt_text": "ABN Amro logo" - }, - "background_image": { - "uri": "https://i.ibb.co/kcb9XQ4/abncard-iban-lp.png", - "alt_text": "ABN Amro Card" + "scope": "IBANLegalPerson_scope", + "display": [ + { + "name": "Company IBAN", + "description": "IBAN", + "text_color": "#FBFBFB", + "text_color": "#FFFFFF", + "logo": { + "uri": "https://i.ibb.co/ZdVm5Bg/abn-logo.png", + "alt_text": "ABN Amro logo" + }, + "background_image": { + "uri": "https://i.ibb.co/kcb9XQ4/abncard-iban-lp.png", + "alt_text": "ABN Amro Card" + } } + ], + ...... + } +} ``` The `uri` can be either a link or a data uri scheme. `text_color` and `background_color` are fallbacks options if links are not provided. @@ -284,7 +289,7 @@ Wallets support the following specifications depending on the VC format: When the VC is received from the issuer or displayed, the wallet verifies the signature of the VC, the signature of the status list and the status of the VC. If any of these checked fails teh wallet display a red card status. These verification steps can by passed with an option in the wallet provider backed through a security low profile. -## Waltid integration +## Waltid issuer integration All `issuer.{..}`, `expirationDate`, `issuanceDate`and `credentialSubject.id` claims must be removed from the credential data as they are already provided in the json_jwt_vc as `iss`, `sub`, `iat`. Here is a correct configuration needed to make the waltid example running : @@ -323,6 +328,69 @@ All `issuer.{..}`, `expirationDate`, `issuanceDate`and `credentialSubject.id` cl } ``` +## Authlete issuer integration + +This is the configuration needed to run the Authlete [OIDC4VCI Demo](https://www.authlete.com/developers/oid4vci/#4-oid4vci-demo) in pre authorized code flow with a sd-jwt VC. + +The specific topics here are the client_id value to get the access token and the general use of jwk/cnf. + +You will need to have an access to the wallet provider backend to setup a custom profile and update the OIDC4VC options as follow: + +1. Go to the `SSI Data` page +2. SSI profile (4.1) choose `custom profile` +3. Key Identifier (4.5) choose `jwk thumbprint with P-256` +4. Client type (4.6) choose `confidential or other` +5. Client Authentication Method (4.9) choose `client id` and enter the example value `218232426` +6. OIDC4VCI Draft (4.10) select `Draft 13` +7. VC Format (4.13) choose `vc+sd-jwt` +8. Proof Type (4.14) select `jwt` +9. Proof of Possession Header (4.15) select `jwk` +10. Do not forget to save the configuration (bottom setup button) +11. Download the configuration to the wallet by scan or update it from the wallet if you already use it. + +Go to the [issuer URL](https://trial.authlete.net/api/offer/issue), select the Pre Authorised Code Grant in the form, if needed you can add transaction code data. Submit the issuer form, scan the QR code, choose the IndentityCredential proposed in the wallet, follow the process and consent. + +Use the developer mode to display the VC decoded inside the wallet or download it and use this [tool](https://www.sdjwt.co/) to decode it with all disclosures. + +```json +{ + "kid": "J1FwJP87C6-QN_WSIOmJAQc6n5CQ_bZdaFJ5GDnW1Rk", + "typ": "vc+sd-jwt", + "alg": "ES256" +} + +{ + "_sd": [ + "04le4bFu5-mavLr_ZiPP6cLyet2AoAEKN5SzbukwWi0", + "1VmLs3WfKoHcQb-MlrRWx0kKkC8lmpL164jeRV9aGOA", + "Mg5UREMN3elGQbOvcG9Mh6CaSTHyDgcMnzMLF21EEJw", + "Wx9xvfgee4AQ4a0fbWCwGyxr3LB7g1mQQx0Oq4hy8A4", + "eDlVzAalQrQavjMbSvGcppFhuFCuvZSy1RHliRy1xKs", + "jt0qxHtMYfLXYYm7rySaKXpBP1SMJk3vX0-FgFE-Oqk", + "k_r1tAt6TsnoqsNyrGOtyykCAFFD5pQCSNTuqFG9Xeg", + "lqre2R2Xrj8FEyTX_yauPS4KRUb5a4BZt9cIXwVmzqs", + "wrsr2ZuNmcy3-3l4-8pjQHMx7sq-sxbL0sVOiBT1tvY", + "xDRY5VC6STHnuAuHHc2j1pgX4pBKfX69yJEh1WpItl8" + ], + "vct": "https://credentials.example.com/identity_credential", + "_sd_alg": "sha-256", + "iss": "https://trial.authlete.net", + "cnf": { + "jwk": { + "kty": "EC", + "use": "sig", + "crv": "P-256", + "kid": "okKqec7q60xoZwwePMiEGaAXwvLCt-WqMaX2V3L1Lr4", + "x": "ptUUeO8I9lazDDBWKPTV-WZGedtQTt2gln2t0wKDjV8", + "y": "YklhBu0YC2p7OUKy2ZYSqzCcDvXVtH_qBMwGBf6NmTY", + "alg": "ES256" + } + }, + "iat": 1730468137 +} + +``` + ## Issuance flow example This example is based on the flow of [this issuer](https://talao.co/sandbox/issuer/test_2). diff --git a/docs/wallet/wallet-profiles.md b/docs/wallet/wallet-profiles.md index 9c1f906..d8359e8 100644 --- a/docs/wallet/wallet-profiles.md +++ b/docs/wallet/wallet-profiles.md @@ -1,6 +1,6 @@ # Wallet profiles -Updated the 28th of October 2024. +Updated the 31th of October 2024. Users can access to wallet profiles through Settings/Wallet Profiles. This feature feature can be hidden in case of a specific wallet configuration through the Wallet Provider Backend. @@ -11,17 +11,16 @@ Talao and Altme wallets can be directly downloaded from the Google or Apple stor As any smartphone app users can download either Altme or Talao wallet for their Apple smartphone or Android device. In this case users can only access the predefined embedded configurations. Right now there are 5 predefined configuration named "Profiles" and one named "Custom" to allow manual settings. Below the main features of the 5 embedded profiles of the wallet: -| Profiles | VC format | OIDC4VCI | OIDC4VP | -| :---------- | ------------------------ | ---------- | --------- | -| Default | ldp_vc | 11 | 13 | -| EBSI V3.x | jwt_vc | 11 | 18 | -| EBSI V4.0 | jwt_vc_json, sd-jwt vc | 13 | 20 | -| DIIP V2.1 | jwt_vc_json | 13 | 18 | -| DIIP V3.0 | sd-jwt vc | 13 | 20 | +| Profiles | VC format | OIDC4VCI | OIDC4VP | +| :---------- | -------------------------------- | ---------- | --------- | +| Default | ldp_vc | 11 | 13 | +| EBSI V3.x | jwt_vc | 11 | 18 | +| EBSI V4.0 | jwt_vc_json, sd-jwt vc, ldp_vc | 13 | 20 | +| DIIP V2.1 | jwt_vc_json | 13 | 18 | +| DIIP V3.0 | sd-jwt vc, sd-jwt, ldp_vc | 13 | 20 | In that scenario users can switch between the different profiles and even create their own very specific profile. The wallets propose a lots of technical options for advanced users and developers. - ## Custom profile To define a custom profile of the wallet: @@ -37,8 +36,6 @@ This section allows an advanced user to specify manually the SSI profile of his ### Download the wallet and configure it with a QR code to get a specific configuration - - In this case users must first download the wallet from the store then scan the QR code provided to install the wallet to your device with a specific configuration defined in the wallet provider backend. The QR code could be displayed on website or could be sent by email or SMS as a deeplink. There are 2 types of users: * standard users : they have a login/password and they are managed through the wallet provider backend. They can be suspended or even revoked if needed. They also have a personal access to the wallet provider backend to manage their own account, @@ -48,8 +45,6 @@ In this case users must first download the wallet from the store then scan the Q ### Download and configure the wallet in one step with an installation link - - In this case the link allowed your users to install the wallet to their device with a specific configuration defined in the wallet provider backend. The installation link is in the form of: * `https://app.talao.co/install?password=guest&login=guest@identinet&wallet-provider=https://wallet-provider.talao.co `or @@ -58,4 +53,3 @@ In this case the link allowed your users to install the wallet to their device w The installation link is only available for guests. **It is the best solution to deploy your wallet to a wide public**. - diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 4dabe8b..3ebdfac 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -60,7 +60,7 @@ const config: Config = { type: 'docSidebar', sidebarId: 'documentationSidebar', position: 'left', - label: 'Documentation v0.1.0', + label: 'Documentation v0.1.1', }, { href: 'https://github.com/TalaoDAO',