Skip to main content

Set up an OIDC Credential Verifier

The OIDC Bridge Extension requires setting up an OIDC Credential Verifier on your Sovrin tenant so that an OIDC client can initiate a request that a digital wallet app can understand and respond to with a verifiable presentation.

Prerequisites

  • Access to Sovrin APIs. If you’re experiencing any difficulties, contact us.

  • The DID associated with your Sovrin tenant.

  • The id of a Presentation Request Template available on your tenant.

Request

Make a request of the following structure to create an OIDC Credential Verifier:


POST https://api.sovrin.one/ext/oidc/v1/verifiers


{
    "verifierDid": "did:web:example.com",
    "presentationTemplateId": "364b6a1b-3600-4927-a6ac-4d66aa6bbac3",
    "claimMappings": [
        {
            "jsonLdFqn": "http://schema.org/givenName",
            "oidcClaim": "given_name"
        },
        {
            "jsonLdFqn": "http://schema.org/familyName",
            "oidcClaim": "family_name"
        },
        {
            "jsonLdFqn": "http://schema.org/educationalCredentialAwarded",
            "oidcClaim": "https://tenant.vii.mattr.global/educationalCredentialAwarded"
        }
    ],
    "includePresentation": true
}

  • verifierDid: Specifies the DID where the verifiable presenation will be sent to.

  • presentationTemplateId: References the unique idetnifier of a Presentation Request Template that will be used by this verifier to create presentation requests.

  • claimMappings: As part of verifying a credential, the OIDC client initiates the request expecting a standard OIDC ID Token. However, as the digital wallet provides the credential in JSON-LD terms, these mappings are required to map JSON-LD claims to OpenID Connect terms:

    • jsonLdFqn is the fully qualified JSON-LD term.

    • oidcTerm is the OIDC claim name.

      Currently the platform only supports schema.org for data vocabularies.

    • Make sure to use http:// and not https:// when entering jsonLdFqn values for schema.org. Otherwise you may not get the claims returned in your ID Token.

    • Standard OIDC claims are available on the Common Credential to OIDC Claim mappings page, so you can just copy & paste into your payload.

  • includePresentation (optional): When set to true, the generated id_token will include the original presentation from the wallet.

Response


{
    "id": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
//... rest of OIDC Verifier
}

  • id: Uniquely identifies this OIDC Verifier. You will need it to configure an OIDC Client on your OIDC Verifier. You can also use it to retrieve, update or remove this OIDC Verifier.

Once created, this OIDC Verifier is publicly available on its /.well-known/openid-configuration path. The Authorization header is not required as it is intended for OIDC Client applications to resolve:


GET https://api.sovrin.one/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/.well-known/openid-configuration

What's next?

Now that your OIDC Verifier is setup, you can continue to configure an OIDC Client.