Create a presentation request

Once you have set up an OIDC Client, you can create a presentation request to obtain and verify information from a credential that’s being held in a mobile wallet. This can be used as a basic authentication mechanism in addition to more advanced use-cases like granular validation of specific information in the context of another application.

Prerequisites

You need the following in order to proceed with this tutorial:

Access to Sovrin APIs. If you’re experiencing any difficulties, contact us.
Setup an OIDC Verifier.
Configure an OIDC Client.
Download the MATTR Wallet app and have it set up with a PIN.
A signed Web Credential that matches the type and the Issuer’s identifier (DID) as per the presentation request template.

Receive the credential claims

Use the OIDC Credential Verifier id to create an OpenID Connect Authentication Request.

Construct the following URL to open the presentation request screen, it will present either a QR code (on desktop) or a deep link (mobile view-ports):

https://api.sovrin.one/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/authorize
  ?client_id=BumzBH9-EGGJfZHwkg7mq
  &scope=openid openid_credential_presentation
  &response_type=code
  &redirect_uri=https://localhost:9000/callback

Provide the client_id as obtained from the Configure a Client step.

Set the scope to openid openid_credential_presentation.

Point redirect_uri to the encoded URL that will carry on to obtain the Credential claims from the token.

Scan the QR code

Use the Mobile Wallet to process the Presentation Request. The wallet app will step you through how to select a matching Credential and provide a Credential Presentation.

tip

If the wallet cannot find a matching credential ensure you have issued one and the Presentation Request Template references the Issuer DID and type of that Credential.

Obtain claims

Upon successful presentation, the browser will redirect to the redirect_uri provided in the authorisation request, with a code query parameter added:

https://localhost:9000/callback/?code=oGRCuRMt44-ty8cw

Obtain the credential information by requesting the token from the OpenID Provider as follows.

POST https://api.sovrin.one/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/token

Request

client_id=BumzBH9-EGGJfZHwkg7mq
  &client_secret=njsF2zIk_5ie9tV5S6JZ8mYPwySVUVDuawv-CQQWKQINLlpttoVKUPI8Zpu14Xb5q61xc-AsCslJBcWjlwf-GR
  &grant_type=authorization_code
  &redirect_uri=https://localhost:9000/callback
  &code=oGRCuRMt44-ty8cw

Provide the client_id and client_secret as obtained from the Configure a Client step.

Set the redirect_uri the same as was used in the Authorization Request.

The code is the code as provided to the redirected url.

Response

{
  "access_token": "KrrFP8GUeddJJtj7EF-4ugdvCl-dDdWwOqvAbvYsmfy",
  "expires_in": 3600,
  "id_token": "...",
  "scope": "openid",
  "token_type": "Bearer"
}

Obtain the claim values from the id_token JWT. Using a service like https://jwt.io/ to view the JWT is the easiest way to do this.

Revoked credentials

If an Issuer has revoked the credential the OIDC Credential Verifier will return an OpenID Connect/OAuth2 error response in the redirect url:

?error=access_denied
&error_description=Failed%20to%20verify%20presentation

Create a presentation request

Prerequisites​

Receive the credential claims​

Scan the QR code​

Obtain claims​

Request​

Response​

Revoked credentials​