light-mode-image
Learn
Authorization Code flow

OID4VCI Authorization Code flow quickstart guide

This quickstart is for evaluating MATTR’s OID4VCI Authorization Code flow issuance capabilities. In about 10-15 minutes you will configure an OID4VCI Authorization Code flow in the MATTR Portal, generate a credential offer, and claim an mDoc into the GO Hold example app.

Estimated time: 10-15 minutes.

Use this guide as a fast evaluation path to see the flow working end-to-end. For detailed information and API examples, explore the tutorial and reference documentation.

User experience

In this quickstart you will perform this exact flow yourself using the MATTR Portal, a mock authentication provider, and the GO Hold example app:

OID4VCI Tutorial Workflow

  1. User scans a QR code from an issuer.
  2. The wallet displays what credential is being offered.
  3. The user agrees to claim the offered credential.
  4. The user is redirected to complete authentication.
  5. Upon successful authentication, the credential is issued to the wallet.

Prerequisites

Steps

Configure mock Authentication provider (3 minutes)

This quickstart uses a MATTR-hosted mock authentication provider to keep setup simple. In production you will configure your own IdP (for example Auth0) and real users. See the full tutorial for a detailed Auth0 example.

  1. Log into the MATTR Portal.
  2. Switch to your tenant if you have access to multiple tenants, or create a new tenant if needed.
  3. Expand Credential Issuance.
  4. Select Authentication provider.
  5. Enter https://learn.au.auth.mattrlabs.com/ in the Base URL field.
  6. Enter any string in the Client ID and Client Secret fields (these are ignored by the mock Authentication provider).
  7. Select Create.

Create issuer certificate (2 minutes)

This allows your tenant to act as an issuing authority for mDocs in this demo. This step is only required if you haven't already set up an issuer certificate for your tenant. If you already have an active IACA, skip to the next step.

  1. Expand Platform Management.
  2. Select Certificates.
  3. Select Create new.
  4. Select IACA - Issuing Authority Certificate Authority as the type.
  5. Select MATTR managed as the management method.
  6. Select Create.
  7. Set Status to Active.
  8. Select Update to activate the certificate.

Create mDoc credential configuration (3 minutes)

In this quickstart you’ll use a simple, pre-defined credential configuration with default claim values so you can issue a credential without integrating any external data sources:

  1. Expand Credential Issuance.

  2. Select mDocs.

  3. Select Create new.

  4. Enter a Name (e.g., "My First Credential").

  5. Enter a Description (e.g., "Claimed via Authorization Code flow").

  6. Enter a unique Credential type (e.g., com.example.authcodecredential).

  7. Paste the following JSON into Claim mappings:

    Claim mappings object
    {
  "com.example.personaldetails.1": {
    "name": {
      "defaultValue": "Emma Tasma",
      "type": "string"
    },
    "email": {
      "defaultValue": "emma.tasma@example.com",
      "type": "string"
    }
  }
}

  8. Enter "1" in the Months field under Validity for.

  9. Select Create.

Generate a credential offer (2 minutes)

This creates the OID4VCI offer that wallets can use to start the Authorization Code flow.

  1. Expand Credential Issuance.
  2. Select Credential offer.
  3. Select Authorization code flow as the workflow.
  4. Select the Select button.
  5. Check the checkbox next to your credential configuration.
  6. Select Apply.
  7. Select Generate.
  8. Download and save the QR code (or just leave it on the screen for scanning in the next step).

Claim the credential (2 minutes)

Now use the GO Hold example wallet to experience the end-to-end flow from QR scan to credential in the wallet:

  1. Open the GO Hold example app.
  2. Select Share on the home screen.
  3. Select Respond or Collect (You may need to allow the app to access your camera).
  4. Scan the QR code you generated in the previous step.
  5. Review the credential offer and select Proceed.
  6. When prompted to open the authentication page, select Continue.
  7. Select Sign in to complete the authentication flow (you do not need to change any of the login details).
  8. You will be redirected back to the GO Hold app where you can see the issued credential.

Behind the scenes, MATTR handled the OID4VCI Authorization Code flow, including redirecting to the mock authentication provider, validating the user, and issuing the mDoc to your GO Hold example app.

Congratulations! You've successfully configured an OID4VCI Authorization Code flow and issued an mDoc to a digital wallet using only MATTR Portal configuration and the GO Hold example app.

Next steps

How would you rate this page?

Last updated on

Journey pattern

Previous Page

Tutorial

Next Page

On this page

User experience
Prerequisites
Steps
Configure mock Authentication provider (3 minutes)
Create issuer certificate (2 minutes)
Create mDoc credential configuration (3 minutes)
Generate a credential offer (2 minutes)
Claim the credential (2 minutes)
Next steps