Implementation of the OpenID4VC with the Zenroom stack
DIDroom microservices is a comprehensive open-source implementation of the OpenID4VC "OpenID for Verifiable Credential" protocols, designed to easily deploy the entire credential issuance process.This project is built using the Zenroom ecosystem, incorporating Zencode natural language smart contracts for secure, flexible, and human-readable protocol implementation.
The credential issuer is the component that implements the endpoint to issue
verifiable credentials in different formats (eg. w3c-vc, iso.18013-5 aka mDL)
actually it's agnostic to the format.
API for credential issuance is comprised of the following endpoints
Mandatory
POST /credential
GET /.well-known/openid-credential-issuer
GET /.well-known/openid-configurationOptionals
GET /credential_offer
GET /authorize
POST /batch_credential
POST /token
POST /op/par
POST /as/parCore concepts of the issuer:
- Wallets can request one OR batch requests for one OR multiple credentials with the same access token
- Credentials can be issued syncronously or deferred
- Multiple key proof types are supported
- The same OAuth 2.0 Authorization Server can protect one or more Credential Issuers. Wallets determine the Credential Issuer's Authorization Server using the Credential Issuer's metadata
Credential Issuers use OAuth 2.0 RFC6749 Authorization Server for access. A single server can protect multiple Issuers, identified via metadata (/.well-known/openid-credential-issuer). All OAuth 2.0 Grant Types and extensions work with the credential issuance API. Unspecified aspects follow [@!RFC6749]. Some tweaks and enhancements are needed although, this extensions include:
-
New Authorization Details Type -
openid_credential:- Conveys Credential details Wallet aims to obtain (see #authorization-details).
-
New Token Response Error Codes:
authorization_pendingandslow_downsupport deferred authorization for Pre-Authorized Code grant type.
-
Client Metadata:
- Uses client metadata, introducing
credential_offer_endpointfor Wallet to publish its Credential Offer Endpoint (see #client-metadata).
- Uses client metadata, introducing
-
Authorization Endpoint Enhancements:
- Adds
issuer_statefor issuer-initiated Credential Offer processing (see #credential-authz-request). - Introduces
wallet_issueranduser_hintfor Credential Issuers to request Verifiable Presentations during Authorization Request.
- Adds
-
Token Endpoint Enhancements:
- Adds optional response parameters -
c_nonceandc_nonce_expires_in- for nonce-based proof of possession of key material (see #token-response).
- Adds optional response parameters -
For details, refer to the full specification.
To start using all the components run the following command in the root folder
makeThen point your browser to the http://localhost:3000/docs to see all the exposed endpoints
📝 Documentation - Getting started and more.
🌱 Ecosystem - W3C-DID Dyne, Signroom, Zenroom, Didroom
🚩 Issues - Bugs end errors you encounter using {project_name}.
[] Matrix - Hanging out with the community.
🗣️ Discord - Hanging out with the community.
🪁 Telegram - Hanging out with the community.
You can start it using docker, just have to mount you static file directory
docker pull ghcr.io/forkbombeu/didroom_microservices:latest
docker run -p 3000:3000 -v public:/app/public ghcr.io/forkbombeu/didroom_microservices:latest
Please refer to DOCKER PACKAGES
Available endpoints, TBD
TBD
TBD
Availabe bugs are reported via GitHub issues.
Copyleft 🄯 2023 by Forkbomb BV, Amsterdam
Designed, written and maintained by Puria Nafisi Azizi, Andrea D'Intino, Alberto Lerda with contributions of Matteo Cristino.
Please first take a look at the our Contributor License Agreement then
- 🔀 FORK IT
- Create your feature branch
git checkout -b feature/branch - Commit your changes
git commit -am 'feat: New feature\ncloses #398' - Push to the branch
git push origin feature/branch - Create a new Pull Request
gh pr create -f - 🙏 Thank you
Didroom standalone microservices
Copyleft 🄯 2023 Forkbomb BV, Amsterdam
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.