OID4VCI Authorization Code flow quickstart guide
This guide provides a quick overview of how to configure an OID4VCI Authorization Code flow using the MATTR Portal to issue an mDoc to a digital wallet.
Use this guide as a quick reference to get started. For detailed information and API examples, explore the tutorial and reference documentation.
User experience
This is the user experience you will build:
- User scans a QR code from an issuer.
- The wallet displays what credential is being offered.
- The user agrees to claim the offered credential.
- The user is redirected to complete authentication via Auth0.
- Upon successful authentication, the credential is issued to the wallet.
Prerequisites
- MATTR VII tenant access via the MATTR Portal.
- Install the MATTR GO Hold example app by following the getting started guide.
- Sign up with Auth0 for user authentication.
Configure an Auth0 application
Create the application
- Log into Auth0.
- Select Create Application.
- Enter a name for your application.
- Select Regular Web Application.
- Select Create and then Skip Integration.
Configure application settings
- Record your application Domain, Client ID, and Client Secret.
- Scroll to Application URIs and add this URL to Allowed Callback URLs:
https://{your_tenant_url}/core/v1/oauth/authentication/callback{your_tenant_url}with your MATTR VII tenant URL. - Select the Connections tab.
- Enable Username-Password-Authentication under Database.
- Disable all options under Social.
Create a test user
- Navigate to User Management > Users.
- Select Create User.
- Enter an Email (different from your Auth0 account email).
- Enter a Password.
- Select Username-Password-Authentication from the Connection dropdown.
- Select Create.
- Edit the user's Name to replace the default email value.
Configure MATTR VII
Configure Authentication provider
- In the MATTR Portal, expand Credential Issuance.
- Select Authentication provider.
- Enter your Auth0 Domain in the Base URL field (prefix with
https://). - Enter your Auth0 Client ID.
- Enter your Auth0 Client Secret.
- Select Create.
Create issuer certificate
- Expand Platform Management.
- Select Certificates.
- Select Create new.
- Select IACA - Issuing Authority Certificate Authority as the type.
- Select MATTR managed as the management method.
- Select Create.
- Set Status to Active.
- Select Update to activate the certificate.
Create mDoc credential configuration
-
Expand Credential Issuance.
-
Select Mobile credential.
-
Select Create new.
-
Enter a Name (e.g., "My First Credential").
-
Enter a Description (e.g., "Use For High Assurance Interactions").
-
Enter a Credential type (e.g.,
com.example.myfirstcredential). -
Paste the following JSON into Claim mappings:
Claim mappings object { "com.example.personaldetails.1": { "name": { "mapFrom": "claims.name", "type": "string" }, "email": { "mapFrom": "claims.email", "type": "string" } } } -
Enter "1" in the Months field under Validity for.
-
Select Create.
Generate Credential offer
- Expand Credential Issuance.
- Select Credential offer.
- Select Authorization code flow as the workflow.
- Select the Select button.
- Check the checkbox next to your credential configuration.
- Select Apply.
- Select Generate.
- Download and save the QR code.
Claim the credential
- Open the GO Hold example app.
- Select Scan.
- Scan the QR code you generated.
- Review the credential offer and select Accept.
- Complete the authentication flow via Auth0.
- The credential will be issued to your wallet.
Congratulations! You've successfully configured an OID4VCI Authorization Code flow and issued an mDoc to a digital wallet.
Next steps
- Try the OID4VCI Pre-authorized Code flow for a different issuance workflow.
- Explore the OID4VCI Authorization Code flow tutorial for detailed instructions and explanations.
- Configure a Claims source to retrieve data from compatible data sources and use it in the issued credential.
- Configure an Interaction hook to redirect the user to custom components as part of the issuance workflow.
- Apply branding to issued credentials as part of creating a Credential configuration.
How would you rate this page?