(1a) The Wallet-initiated flow begins as the End-User requests a Credential via the Wallet from the Credential Issuer. The End-User either selects a Credential from a pre-configured list of Credentials ready to be issued, or alternatively, the Wallet gives guidance to the End-User to select a Credential from a Credential Issuer based on the information it received in the presentation request from a Verifier.
An End-User comes across a Verifier app that is requesting the End-User to present a Credential, e.g., a driving license. The Wallet determines the requested Credential type(s) from the presentation request and notifies the End-User that there is currently no matching Credential in the Wallet. The Wallet selects a Credential Issuer capable of issuing the missing Credential and, upon End-User consent, sends the End-User to the Credential Issuer's End-User experience (Web site or app). Once authenticated and consent is provided for the issuance of the Credential into the Wallet, the End-User is redirected back to the Wallet. The Wallet informs the End-User that Credential was successfully issued into the Wallet and is ready to be presented to the Verifier app that originally requested presentation of that Credential.
Use case
Given the OID4VCI issuer is configured in the cloud-agent and the account for the user is created in the AIM (Keycloak)
And the edge agent SDK knows the CredentialIssuerMetadata endpoint
Then the edge agent fetches the metadata
And selects the credential for the issuance
And sends the Authorization Request to the OIDC Credential Issuer (cloud-agent)
Then the cloud-agent receives the Authorization Request
And replies with the redirect to the authentication web page
Then the user of the edge agent gets authenticated and receives the codeAnd the edge-agent exchange the code to the token
And the edge-agent make the Credential Request to the cloud-agent
Then the cloud-agent issues the requested VC
Proposed feature
The SDK should support the Authorization Code Flow 1a the Wallet-Initiated Issuance after Installation
Feature description
Story
(1a) The Wallet-initiated flow begins as the End-User requests a Credential via the Wallet from the Credential Issuer. The End-User either selects a Credential from a pre-configured list of Credentials ready to be issued, or alternatively, the Wallet gives guidance to the End-User to select a Credential from a Credential Issuer based on the information it received in the presentation request from a Verifier.
An End-User comes across a Verifier app that is requesting the End-User to present a Credential, e.g., a driving license. The Wallet determines the requested Credential type(s) from the presentation request and notifies the End-User that there is currently no matching Credential in the Wallet. The Wallet selects a Credential Issuer capable of issuing the missing Credential and, upon End-User consent, sends the End-User to the Credential Issuer's End-User experience (Web site or app). Once authenticated and consent is provided for the issuance of the Credential into the Wallet, the End-User is redirected back to the Wallet. The Wallet informs the End-User that Credential was successfully issued into the Wallet and is ready to be presented to the Verifier app that originally requested presentation of that Credential.
Use case
Giventhe OID4VCI issuer is configured in the cloud-agent and the account for the user is created in the AIM (Keycloak)Andthe edge agent SDK knows the CredentialIssuerMetadata endpointThenthe edge agent fetches the metadataAndselects the credential for the issuanceAndsends the Authorization Request to the OIDC Credential Issuer (cloud-agent)Thenthe cloud-agent receives the Authorization RequestAndreplies with the redirect to the authentication web pageThenthe user of the edge agent gets authenticated and receives the codeAndthe edge-agent exchange the code to the tokenAndthe edge-agent make the Credential Request to the cloud-agentThenthe cloud-agent issues the requested VC