Create a presentation request

Once you have set up an OIDC Client, you can create a presentation request to obtain and verify information from a credential that’s being held in a mobile wallet. This can be used as a basic authentication mechanism in addition to more advanced use-cases like granular validation of specific information in the context of another application.

Prerequisites

You need the following in order to proceed with this tutorial:

Receive the credential claims

Use the OIDC Credential Verifier id to create an OpenID Connect Authentication Request.

Construct the following URL to open the presentation request screen, it will present either a QR code (on desktop) or a deep link (mobile view-ports):

http
Copy to clipboard.
1https://YOUR_TENANT_URL/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/authorize
2  ?client_id=BumzBH9-EGGJfZHwkg7mq
3  &scope=openid openid_credential_presentation
4  &response_type=code
5  &redirect_uri=https://localhost:9000/callback

Provide the client_id obtained from the Configure a Client step.

Set the scope to openid openid_credential_presentation.

Set redirect_uri to the encoded URL that will obtain the Credential claims from the token.

Scan the QR code

Use the wallet to process the Presentation Request. The wallet app will step you through how to select a matching credential and respond with a Credential Presentation.

If the wallet cannot find a matching credential ensure you have issued one and the Presentation Request Template references the Issuer DID and type of that Credential.

Obtain claims

Upon successful presentation, the browser will redirect to the redirect_uri provided in the authorisation request, with a code query parameter:

http
Copy to clipboard.
1https://localhost:9000/callback/?code=oGRCuRMt44-ty8cw

Obtain the credential information by requesting the token from the OpenID Provider as follows.

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/token

Request

http
Copy to clipboard.
1client_id=BumzBH9-EGGJfZHwkg7mq
2  &client_secret=njsF2zIk_5ie9tV5S6JZ8mYPwySVUVDuawv-CQQWKQINLlpttoVKUPI8Zpu14Xb5q61xc-AsCslJBcWjlwf-GR
3  &grant_type=authorization_code
4  &redirect_uri=https://localhost:9000/callback
5  &code=oGRCuRMt44-ty8cw

Provide the client_id and client_secret as obtained from the Configure a Client step.

Set the redirect_uri the same as was used in the Authorization Request.

The code is the code as provided to the redirected url.

Response

json
Copy to clipboard.
1{
2  "access_token": "KrrFP8GUeddJJtj7EF-4ugdvCl-dDdWwOqvAbvYsmfy",
3  "expires_in": 3600,
4  "id_token": "...",
5  "scope": "openid",
6  "token_type": "Bearer"
7}

Obtain the claim values from the id_token JWT. Using a service like https://jwt.io/ to view the JWT is the easiest way to do this.

Revoked credentials

If an Issuer has revoked the credential the OIDC Credential Verifier will return an OpenID Connect/OAuth2 error response in the redirect url:

http
Copy to clipboard.
1?error=access_denied
2&error_description=Failed%20to%20verify%20presentation