Setup OAuth 2.0 Code Authorisation Grant Flow (RFC 6749)

 

Feature

Description

Screenshots

Feature

Description

Screenshots

Create an interaction for SSI OAuth authorisation (RFC 6749)

To set up an OAuth authorisation, create an interaction on the ProofSpace dashboard with the following requirements:

  • Initiation media set to “QR“ (Screenshot 1);

  • Select the “SSI Authentication“ credential from ProofSpace as the required credential for this interaction (Screenshot 2);

  • Check the “Pre-filled from interaction QR-code” checkbox in the “Edit required credential“ pop-up window (Screenshot 3);

  • Set the webhook to https://platform.proofspace.id/oauth (Screenshot 4);

More detains how to create an interaction see on the https://zaka.atlassian.net/wiki/spaces/ZAKA/pages/2032271394/SSI+Interaction+Page.

 

 

Screenshot 1:

Screenshot 2

 

Screenshot 3

 

Screenshot 4

Set up an OAuth authorisation point

Click the “SSI OAuth“ tab of the main menu.

On the SSI OAuth page click “Edit.“

The new page will appear.

In the "Client ID" field, the authorisation service identifier (service DID) is stored automatically.

 

On the “Edit SSI OAuth“ page:

  • Fill the “Name“ field with the service DID.

  • Select an interaction with above specified requirements from the drop-down list;

  • Add redirect URLs that are allowed in OAuth requests.

  • Set a “Secret“ value (can be any string).

 

 

Examples and demo

Examples can be found here: Javascript, Scala

Demo: visit https://platform.proofspace.id/auth-demo/ and scan the provided QR with ProofSpace App. Android or iOS

OAuth request usage

 

  • Login url should have form:

http://platform.proofspace.id/oauth/authorization?client_id=${serviceDid}&redirect_uri=${redirectUri}&response_type=code

  • Access endpoint url should have form:

http://platform.proofspace.id/oauth/token

After redirecting to redirectUrl,  OAuthClient should call this endpoint in 'x-www-form-urlencoded' format and pass:

  • client_id  – public service DID

  • client_secret – client secret (which is set in OAuth tab)  

  • code  –  query string parameter 'code' to redirect url 

  • client_secret – client secret (which is set in OAuth tab)   

  • redirect_uri – redirect_uri itself.

  • grant_type - always 'authorization_code'

  On answer client will receive access_token which can be repackaged into jwt.