-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove W3C DC API examples #254
base: main
Are you sure you want to change the base?
Changes from all commits
ab70539
d9b6ad6
c6b83bf
1fb91d2
3b0d32c
b553f17
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -1593,36 +1593,28 @@ And lastly, as part of the request, the Wallet is provided with information abou | |||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
## Protocol | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
The value of the `protocol` parameter of the W3C Digital Credentials API MUST be set to `openid4vp` for this profile. | ||||||||||||||||||||||||||||||||||
For the profile defined in this section, the value of the exchange protocol used with the W3C Digital Credentials API [@!w3c.digital_credentials_api], is the `openid4vp`. | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
## Request {#browser_api_request} | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
The `request` member of the W3C Digital Credentials API [@!w3c.digital_credentials_api] contains an OpenID4VP Authorization Request, where every OpenID4VP Authorization Request parameter is represented as a top-level JavaScript object member. | ||||||||||||||||||||||||||||||||||
The W3C Digital Credentials API [@!w3c.digital_credentials_api] contains an OpenID4VP Authorization Request, where every OpenID4VP Authorization Request parameter is represented as a top-level JavaScript object member. | ||||||||||||||||||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Is this a new development in Digital Credentials API? How would this work for signed requests? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The change here is removing " There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. is there any risk of this changing in the future? wouldn't this prevent passing multiple requests in an array? Would really prefer a text like There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's best to say less. We don't know what the final API will look like. |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
The following is a non-normative example of how the W3C Digital Credentials API can be used with an unsigned OpenID4VP request when advanced security features of OpenID4VP are not used: | ||||||||||||||||||||||||||||||||||
The following is a non-normative example of an unsigned OpenID4VP request when advanced security features of OpenID4VP are not used: | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
```js | ||||||||||||||||||||||||||||||||||
try { | ||||||||||||||||||||||||||||||||||
const credential = await navigator.identity.get({ | ||||||||||||||||||||||||||||||||||
digital: { | ||||||||||||||||||||||||||||||||||
providers: [{ | ||||||||||||||||||||||||||||||||||
protocol: "openid4vp", | ||||||||||||||||||||||||||||||||||
request: { | ||||||||||||||||||||||||||||||||||
response_type: "vp_token", | ||||||||||||||||||||||||||||||||||
response_mode: "w3c_dc_api", | ||||||||||||||||||||||||||||||||||
nonce: "n-0S6_WzA2Mj", | ||||||||||||||||||||||||||||||||||
client_metadata: {...}, | ||||||||||||||||||||||||||||||||||
presentation_definition: {...} | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
}] | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
}); | ||||||||||||||||||||||||||||||||||
} catch (err) { | ||||||||||||||||||||||||||||||||||
// Handle errors and/or fallback to other invocation mechanisms | ||||||||||||||||||||||||||||||||||
{ | ||||||||||||||||||||||||||||||||||
protocol: "openid4vp", | ||||||||||||||||||||||||||||||||||
request: { | ||||||||||||||||||||||||||||||||||
response_type: "vp_token", | ||||||||||||||||||||||||||||||||||
response_mode: "w3c_dc_api", | ||||||||||||||||||||||||||||||||||
nonce: "n-0S6_WzA2Mj", | ||||||||||||||||||||||||||||||||||
client_metadata: {...}, | ||||||||||||||||||||||||||||||||||
presentation_definition: {...} | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
Comment on lines
+1605
to
+1613
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i think request is still there? https://wicg.github.io/digital-credentials/#the-digitalcredentialsrequest-dictionary There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
``` | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Out of the Authorization Request parameters defined in [@!RFC6749] and (#vp_token_request), the following are supported with this profile: | ||||||||||||||||||||||||||||||||||
Out of the Authorization Request parameters defined in [@!RFC6749] and (#vp_token_request), the following are supported with this profile: | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
* `client_id` | ||||||||||||||||||||||||||||||||||
* `response_type` | ||||||||||||||||||||||||||||||||||
|
@@ -1661,7 +1653,7 @@ The signed Request Object MAY contain all the parameters listed in (#browser_api | |||||||||||||||||||||||||||||||||
Below is a non-normative example of such a request: | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
```js | ||||||||||||||||||||||||||||||||||
const credential = await navigator.identity.get({ | ||||||||||||||||||||||||||||||||||
{ | ||||||||||||||||||||||||||||||||||
digital: { | ||||||||||||||||||||||||||||||||||
providers: [{ | ||||||||||||||||||||||||||||||||||
protocol: "openid4vp", | ||||||||||||||||||||||||||||||||||
|
@@ -1670,7 +1662,7 @@ const credential = await navigator.identity.get({ | |||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
}] | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
}); | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment as above re stripping this down to just:
but I can't get GitHub to let me make a suggestion. |
||||||||||||||||||||||||||||||||||
``` | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
This is an example of the payload of a signed OpenID4VP request used with the W3C Digital Credentials API: | ||||||||||||||||||||||||||||||||||
|
@@ -1683,29 +1675,6 @@ The signed request allows the Wallet to authenticate the Verifier using a trust | |||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Every OpenID4VP Authorization Request results in a response being provided through the W3C Digital Credentials API. The response is an instance of the `DigitalCredential` interface, as defined in [@!w3c.digital_credentials_api], and the OpenID4VP Authorization Response parameters as defined for the Response Type are represented as an object within the `data` attribute. | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
The following is a non-normative example of processing an unsigned OpenID4VP response that could be received from the W3C Digital Credentials API: | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
```js | ||||||||||||||||||||||||||||||||||
const credential = await navigator.identity.get(request); | ||||||||||||||||||||||||||||||||||
if (credential.protocol == "openid4vp") { | ||||||||||||||||||||||||||||||||||
// Extract relevant data members | ||||||||||||||||||||||||||||||||||
const { vp_token, presentation_submission } = credential.data; | ||||||||||||||||||||||||||||||||||
// presentation_submission is a javascript object | ||||||||||||||||||||||||||||||||||
// vp_token is a string or javascript object depending on the credential type | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
``` | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
The following is a non-normative example of processing an encrypted OpenID4VP response that could be received from the W3C Digital Credentials API: | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
```js | ||||||||||||||||||||||||||||||||||
const credential = await navigator.identity.get(request); | ||||||||||||||||||||||||||||||||||
if (credential.protocol == "openid4vp") { | ||||||||||||||||||||||||||||||||||
// Extract encrypted response | ||||||||||||||||||||||||||||||||||
const { response } = credential.data; | ||||||||||||||||||||||||||||||||||
// response is a string containing a JWE, now decrypt it | ||||||||||||||||||||||||||||||||||
} | ||||||||||||||||||||||||||||||||||
``` | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
# Credential Format Profiles {#alternative_credential_formats} | ||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
OpenID for Verifiable Presentations is Credential Format agnostic, i.e., it is designed to allow applications to request and receive Verifiable Presentations and Verifiable Credentials in any Credential Format. This section defines Credential Format Profiles for some of the known Credential Formats. Other specifications or deployments can define their own Credential Format Profiles. | ||||||||||||||||||||||||||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if there's a missing or extra word here but it doesn't read quite right: