This repository is an example implementation of an OIDC server that also supports OID4VC, OID4VCI and OID4VP. It implements all the endpoints needed so that ID Wallets can interact with it.
WARNING! This service is not meant to be used in production as it is not implementing the security checks and validations required. Use it only for reference and learning purposes
These endpoints are mandatory as per OpenID Connect protocol, otherwise clients of this server would not be able to work properly.
All endpoints under /.well-known are expected to exist at the domain root and under those specific paths. In other words, clients will request those endpoints at those paths.
Endpoints under /oauth2 must be present but it is not mandatory to have them strictly under those paths, however it is recommended. Those endpoints are listed at /.well-known/openid-configuration.
GET /.well-known/openid-configuration(official documentation)
GET /.well-known/did-configuration(official documentation)GET /.well-known/openid-credential-issuer(official documentation.)GET /oauth2/jwksPOST /oauth2/tokenGET /oauth2/authorizeGET /oauth2/userinfo
These set of endpoints are the ones used to exchange Credentials, Verifiable Presentations and Presentation Definitions between the Issuer, the Relaying Party and the User Agent (Wallet App). Additionally, we are including some endpoints needed for Issuer FE to poll status of authentication processes. These endpoints are not normative.
GET /credential-offer/requests/{transactionId}GET /credential-offer/status/{transactionId}GET /openid-vc/requests/{transactionId}POST /openid-vc/responses/{transactionId}GET /openid-vc/status/{transactionId}GET /siop/requests/{transactionId}POST /siop/responses/{transactionId}GET /siop/status/{transactionId}
Request endpoints are used by User Agents (e.g. ID Wallet apps) to request by reference payloads from the Issuer. Response endpoints are used by User Agents to send payloads to the issuer. Status endpoints are used by Issuer's FE to detect when the current in-progrees flow has completed. This could also be implemented using Web Sockets.
- Install NodeJS (See instructions here)
- Install MongoDB (See instructions here)
- Install dependencies by running
npm install - Run the server by executing
npm run dev
- OIDC Authorization Flow compliant
- Well-Known endpoint
- JWKs endpoint
- Authorize endpoint
- Token endpoint
- UserInfo endpoint
- DID Configuration endpoint
- OIDC Credential Issuer endpoint
- Test integration with Cognito
- SIOP flow
- OIDC4VCI
- OIDC4VC
- OIDC4VP
- Flows
- Regular Sign Up issuing a VC once email has been verified
- Sign up with VC without email verification
- Sign up with VC with email verification
- Sign up with KYC