OpenID for Verifiable Credentials
The OpenID4VC module provides support for the OpenID for Verifiable Credentials group of protocols defined under the OpenID Foundation. Currently this includes the OpenID for Verifiable Credential Issuance, Self-Issued OpenID Provider v2, and OpenID for Verifiable Presentations.
For the current supported versions for any of the OpenID4VC protocols, please refer to the OpenID4VC Feature page.
The OpenID4VC Module in Credo currently exposes three modules, one for each role in the triangle trust: OpenId4VcIssuerModule
, OpenId4VcHolderModule
, and OpenId4VcVerifierModule
. The issuer and verifier modules are expected to run in a cloud environment, as they require several endpoints to be exposed to the public internet. The holder module can run in a cloud environment or on a mobile device.
Installing OpenID4VC Module
When using Credo with OpenID4VC you need to install the @credo-ts/openid4vc
module:
yarn add @credo-ts/openid4vc@0.5.3
Adding OpenID4VC Modules to the Agent
After installing the dependencies, we can register the the different modules on the agent.
Issuer and Verifier
If you want to issue or verify credentials using OpenID for Verifiable Credentials, you can add the OpenId4VcIssuerModule
and the OpenId4VcVerifierModule
. These modules can only run on the server, in Node.js and don't work in a React Native environment. These modules can be added separately, it's not required to use both modules. The set up for the issuer and verifier module can be combined with the set up for the holder module below to support issuance, holding, and verification OpenID4VC flows within the same agent.
In the example we haven't implemented the credentialRequestToCredentialMapper
method for the issuer module yet, this is covered in the OpenID4VC Guides.
import { Agent } from '@credo-ts/core'
// OpenID4VC issuer and verifier modules only work in Node.js
import { agentDependencies } from '@credo-ts/node'
import express, { Router } from 'express'
import { OpenId4VcIssuerModule, OpenId4VcVerifierModule } from '@credo-ts/openid4vc'
// Create two express routers, all endpoints for the
// issuer and verifier will be added to these routers
const verifierRouter = Router()
const issuerRouter = Router()
// Register the routers on the express server. The path should match
// with the baseUrl you configure in the modules below.
const app = express()
app.use('/oid4vci', issuerRouter)
app.use('/siop', verifierRouter)
const agent = new Agent({
config,
dependencies: agentDependencies,
modules: {
openId4VcIssuer: new OpenId4VcIssuerModule({
baseUrl: 'http://127.0.0.1:3000/oid4vci',
// If no router is passed, one will be created.
// you still have to register the router on your express server
// but you can access it on agent.modules.openId4VcIssuer.config.router
// It works the same for verifier: agent.modules.openId4VcVerifier.config.router
router: issuerRouter,
// Each of the endpoints can have configuration associated with it, such as the
// path (under the baseUrl) to use for the endpoints.
endpoints: {
// The credentialRequestToCredentialMapper is the only required endpoint
// configuration that must be provided. This method is called whenever a
// credential request has been received for an offer we created. The callback should
// return the issued credential to return in the credential response to the holder.
credential: {
credentialRequestToCredentialMapper: async () => {
throw new Error('Not implemented')
},
},
},
}),
// openId4VcVerifier module can only be used in Node.js
openId4VcVerifier: new OpenId4VcVerifierModule({
baseUrl: 'http://127.0.0.1:3000/siop',
router: verifierRouter,
}),
},
})
// listen on port 3000 for the openid4vc app.
app.listen(3000)
Holder
If you want to receive and present credentials using OpenID for Verifiable Credentials, you can add the OpenId4VcHolderModule
. This module can run in both Node.js and React Native.
import { Agent } from '@credo-ts/core'
// or import from '@credo-ts/react-native' for React Native
import { agentDependencies } from '@credo-ts/node'
import { OpenId4VcHolderModule } from '@credo-ts/openid4vc'
const agent = new Agent({
config,
dependencies: agentDependencies,
modules: {
// no configuration required for holder module
openId4VcHolderModule: new OpenId4VcHolderModule(),
},
})