Set up an OIDC Credential Verifier

Introduction

The OIDC Bridge Extension requires an OIDC Credential Verifier to be set up so that an OIDC client can initiate a request that the Mobile Wallet App can understand and respond to with credential data.

This guide will step through how that can be achieved by setting up the OIDC Credential Verifier.

Pre-Requisites

You need the following in order to proceed with this tutorial:

The OIDC Credential Verifier

The OIDC Credential Verifier is designed for an OIDC Client application to request a Credential.

Create an OIDC Credential Verifier

Create an OIDC Credential Verifier by providing a payload:

http
Copy to clipboard.
1POST https://YOUR_TENANT_SUBDOMAIN.vii.mattr.global/ext/oidc/v1/verifiers

Request

json
Copy to clipboard.
1{
2  "verifierDid": "did:key:z6MkrYVmyqSA93o4B1GwERM8kaQDMAUKAFV2TC3weQKeg9Gq",
3  "presentationTemplateId": "364b6a1b-3600-4927-a6ac-4d66aa6bbac3",
4  "claimMappings": [
5        {
6            "jsonLdFqn": "http://schema.org/givenName",
7            "oidcClaim": "given_name"
8        },
9        {
10            "jsonLdFqn": "http://schema.org/familyName",
11            "oidcClaim": "family_name"
12        },
13        {
14            "jsonLdFqn": "http://schema.org/educationalCredentialAwarded",
15            "oidcClaim": "https://tenant.vii.mattr.global/educationalCredentialAwarded"
16        }
17  ]
18}

The verifierDid specifies the DID where the Verifiable Presentation will be sent to.

The presentationTemplateId references the request template that defines what type of Credential is being requested.

The claimMappings defines the mapping for the presented Credential claims from JSON-LD terms to OpenID Connect terms. The JSON-LD claims defined in a JSON-LD Verifiable Credential can be mapped to OpenID Connect claims which are functionally equivalent.

As part of verifying a Credential, the OIDC client initiates the request expecting a standard OIDC ID Token, however as the Mobile Wallet provides the Credential to the platform in JSON-LD terms, the Platform translates the claims from the Verifiable Credential into OpenID Connect ID Token claims.

Currently the platform only supports schema.org for data vocabularies.

The Standard OIDC claims are already mapped for you on the Common Credential to OIDC Claim Mappings page, so you can copy & paste into your payload.

  • jsonLdFqn is the fully qualified JSON-LD term.

  • oidcTerm is the OIDC claim name.

Response

json
Copy to clipboard.
1{
2  "id": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
3  "verifierDid": "did:key:z6MkrYVmyqSA93o4B1GwERM8kaQDMAUKAFV2TC3weQKeg9Gq",
4  "presentationTemplateId": "364b6a1b-3600-4927-a6ac-4d66aa6bbac3",
5  "claimMappings": [
6        {
7            "jsonLdFqn": "http://schema.org/givenName",
8            "oidcClaim": "given_name"
9        },
10        {
11            "jsonLdFqn": "http://schema.org/familyName",
12            "oidcClaim": "family_name"
13        },
14        {
15            "jsonLdFqn": "http://schema.org/educationalCredentialAwarded",
16            "oidcClaim": "schema.org/educationalCredentialAwarded"
17        }
18  ]
19}

The Verifier can be resolved publicly from your tenant by the verifierId.

http
Copy to clipboard.
1GET https://YOUR_TENANT_SUBDOMAIN.vii.mattr.global/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/.well-known/openid-configuration

The Authorization header is not required as it is intended for OIDC Client applications to resolve.