How to configure and use a Claims source
As part of an OpenID4VCI issuance workflow, you can configure your tenant to fetch claims directly from a compatible Claims source and use these claims when issuing verifiable credentials.
You can also configure your Claims source via the MATTR Self Service Portal.
Prerequisites
- Database configured with an interface layer to support incoming requests:
- Must be accessible from the internet via HTTPS (e.g.
https://example.com). - Must expose an endpoint supporting a HTTPS request using either GET or POST methods. This endpoint is what MATTR VII will call when querying the data source.
- Must conform to the following response criteria:
- Return a response within three seconds to avoid request timeout.
- Return a 2XX HTTP status code when the request was successful.
- Response body must be a valid JSON, denoted by the application/json MIME type.
- Each key in the JSON object must be a claim name and each value must be a claim value.
- If no claims are found, an empty object should be returned in the response body.
- Respond with error codes only when something exceptional happens. MATTR VII will log the error, but issuance will only fail when it does not meet an explicit credential configuration requirement (e.g., when no value for a required claim is available).
- MATTR VII connects to claims sources using IPv4 only. All requests explicitly use IPv4 to avoid connection failures with unsupported IPv6 traffic.
Overview
Configure and using a Claims source as part of an OID4VCI workflow comprises the following steps:
Configure a MATTR VII Claims source
The request structure would vary based on your preferred authorization method.
Query the Claims source
Once the Claims source is configured, MATTR VII will query it using the configured authentication method as part of the OID4VCI workflow.
This query is performed automatically by MATTR VII. It is only described here to provide clarity.
Last updated on