Closed dlongley closed 1 year ago
Some protocol message examples below:
static async fromAuthorizationCode({/*url, agent*/} = {}) { /* First get access token from AS: POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &code=SplxlOBeZQQYbYS6WxSbIA &code_verifier=dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk &redirect_uri=https%3A%2F%2FWallet.example.org%2Fcb */ // FIXME: token response (success); note `c_nonce*` should probably // be ignored here as future versions of the OIDC4VCI may address better // separating the authorization server and the credential delivery server /* HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ikp..sHQ", "token_type": "bearer", "expires_in": 86400, "c_nonce": "tZignsnFbp", "c_nonce_expires_in": 86400 } */ // FIXME: token response (failure) /* HTTP/1.1 400 Bad Request Content-Type: application/json Cache-Control: no-store { "error": "invalid_request" } */ const client = new OIDC4VCIClient(); client.accessToken = 'FIXME'; return client; }
Closing as creation should be done via a credential offer now regardless of grant type.
Some protocol message examples below: