Verify a Credential - Manual Steps

Introduction

Once you have set up a Presentation Request template, you can initiate a Presentation Request to obtain and verify information from a credential that's being held in a Mobile Wallet. This can be used as a basic authentication mechanism in addition to more advanced use-cases like granular validation of specific information in the context of another application.

Pre-Requisites

You need access to the MATTR Platform APIs. If you're experiencing difficulty, contact us.

Complete the setup of a Presentation Request Template.

Receive the Credential Claims

Use the Presentation Request template id to create an OpenID Connect Authentication Request. Construct the following URL where users will go to obtain the presentation request QR code.

Authentication Request

https://tenant.platform.mattr.global/v1/oauth/authorize
?client_id=BumzBH9-EGGJfZHwkg7mq
&scope=openid%20vc_authn%23f95e71b0-9bdf-11ea-aec9-3b5c35fc28c8
&response_type=code
&redirect_uri=https%3A%2F%2Fexample.com

Provide the client_id as obtained from the Configure a Client step.

Set the scope to openid vc_authn#{templateId} where the template id points to the Request Template.

Point redirect_uri to the encoded URL that will carry on to obtain the Credential from the token.

Scan the QR code

Use the Mobile Wallet to process the Presentation Request and provide a Verifiable Credential.

Obtain claims from token

The browser will redirect to the redirect_uri provided in the authorize request, with a code query parameter added.

https://example.com?code=oGRCuRMt44-ty8cw

Obtain the credential information by requesting the token from the OpenID Provider as follows.

POST https://tenant.platform.mattr.global/v1/oauth/token

Request

client_id=BumzBH9-EGGJfZHwkg7mq
&client_secret=njsF2zIk_5ie9tV5S6JZ8mYPwySVUVDuawv-CQQWKQINLlpttoVKUPI8Zpu14Xb5q61xc-AsCslJBcWjlwf-GR
&grant_type=authorization_code
&redirect_uri=https://example.com
&code=oGRCuRMt44-ty8cw

Provide the client_id and client_secret as obtained from the Configure a Client step.

Set the redirect_uri the same as was used in the Authorization Request.

The code is the code as provided to the redirected url.

Response

{
"access_token": "KrrFP8GUeddJJtj7EF-4ugdvCl-dDdWwOqvAbvYsmfy",
"expires_in": 3600,
"id_token": "...",
"scope": "openid",
"token_type": "Bearer"
}

Obtain the claim values from the id_token JWT by using for instance https://jwt.io/ to parse the JWT.