Set up an OIDC Credential Verifier
The OIDC Bridge Extension requires setting up an OIDC Credential Verifier on your MATTR VII tenant so that an OIDC client can initiate a request that a digital wallet app can understand and respond to with a verifiable presentation.
Prerequisites
Access to MATTR VII APIs. If you’re experiencing any difficulties, contact us.
The DID associated with your MATTR VII tenant.
The
id
of a Presentation Request Template available on your tenant.
Request
Make a request of the following structure to create an OIDC Credential Verifier:
1POST https://YOUR_TENANT_URL/ext/oidc/v1/verifiers
1{
2 "verifierDid": "did:web:example.com",
3 "presentationTemplateId": "364b6a1b-3600-4927-a6ac-4d66aa6bbac3",
4 "claimMappings": [
5 {
6 "jsonLdFqn": "http://schema.org/givenName",
7 "oidcClaim": "given_name"
8 },
9 {
10 "jsonLdFqn": "http://schema.org/familyName",
11 "oidcClaim": "family_name"
12 },
13 {
14 "jsonLdFqn": "http://schema.org/educationalCredentialAwarded",
15 "oidcClaim": "https://tenant.vii.mattr.global/educationalCredentialAwarded"
16 }
17 ],
18 "includePresentation": true
19}
verifierDid
: Specifies the DID where the verifiable presenation will be sent to.presentationTemplateId
: References the unique idetnifier of a Presentation Request Template that will be used by this verifier to create presentation requests.claimMappings
: As part of verifying a credential, the OIDC client initiates the request expecting a standard OIDC ID Token. However, as the digital wallet provides the credential in JSON-LD terms, these mappings are required to map JSON-LD claims to OpenID Connect terms:jsonLdFqn
is the fully qualified JSON-LD term.oidcTerm
is the OIDC claim name.Currently the platform only supports schema.org for data vocabularies.
Make sure to use http:// and not https:// when entering jsonLdFqn values for schema.org. Otherwise you may not get the claims returned in your ID Token.
Standard OIDC claims are available on the Common Credential to OIDC Claim mappings page, so you can just copy & paste into your payload.
includePresentation
(optional): When set totrue
, the generatedid_token
will include the original presentation from the wallet.
Response
1{
2 "id": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
3//... rest of OIDC Verifier
4}
id
: Uniquely identifies this OIDC Verifier. You will need it to configure an OIDC Client on your OIDC Verifier. You can also use it to retrieve, update or remove this OIDC Verifier.
Once created, this OIDC Verifier is publicly available on its /.well-known/openid-configuration
path. The Authorization
header is not required as it is intended for OIDC Client applications to resolve:
1GET https://YOUR_TENANT_URL/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/.well-known/openid-configuration
What's next?
Now that your OIDC Verifier is setup, you can continue to configure an OIDC Client.