Interacting with Wallets

Wallets are integral to the SSI ecosystem, enabling end-users to:

Authenticate and Retrieve Credentials: Wallets scan QR codes or follow secure links to claim credentials. For targeted offerings, wallets must present cryptographic proofs (Verifiable Presentations) to prove DID ownership.
Authorization Code Flow: The Issuer Service uses an OAuth2-like pattern:
1. POST /api/v1/authorize
  Creates an authorization request.
2. POST /api/v1/authorize/verify
  Verifies the submitted Verifiable Presentation.
3. On success, a code is issued and exchanged at:
  POST /api/v1/connect/token
Retrieving the Credential: With a valid access token, wallets call:
```
POST /api/v1/issue-credential/{id}
Authorization: Bearer JWTAccessToken
```
to obtain the Verifiable Credential.
Storage and Presentation: Once obtained, the wallet stores the credential locally and can present it to verifiers as needed.

Example Token Exchange:

POST /api/v1/connect/token
Content-Type: application/json

{
  "authorization_code": "validAuthorizationCode"
}

Response:

{
  "access_token": "JWTAccessToken",
  "token_type": "Bearer",
  "expires_in": 3600
}

Retrieving Credential:

GET /api/v1/issue-credential/{id}
Authorization: Bearer JWTAccessToken

Example Response:

{
  "id": "credential-id",
  "type": "ProofOfPurchase",
  "recipient": "did:empe:123456789",
  "credentialSubject": {
    "ticket": "ticket123",
    "seat": "A12",
    "description": "Concert ticket"
  },
  "vc": {...}
}

This sequence provides a secure, user-friendly experience aligned with SSI standards, preserving user privacy and control.

PreviousIssuing Credentials NextSecurity Considerations

Last updated 1 month ago