Setup OAuth 2.0 Device Authorization Grant Flow (RFC 8628)








Setup auth interaction and SSI OAuth on your dashboard.



To set up Device Authorization Grant Flow, you need to create an interaction on the ProofSpace dashboard, and then setup SSI OAuth flow on the “SSI OAuth“ tab of the main menu.


Create an interaction

Create an interaction on the ProofSpace dashboard with the following requirements:

  • Initiation media set to “QR“ (Screenshot 1);

  • Select the “SSI Authentication“ credential from ProofSpace as the required credential for this interaction (Screenshot 2);

  • Check the “Pre-filled from interaction QR-code” checkbox in the “Edit required credential“ pop-up window (Screenshot 3);

  • Set the webhook to (Screenshot 4);

More detains how to create an interaction see on the

Screenshot 1

Screenshot 2

Screenshot 3


Screenshot 4

Set up an OAuth authorization point

Click the “SSI OAuth“ tab of the main menu.

On the SSI OAuth page click “Edit.“

The new page will appear.

In the "Client ID" field, the authorization service identifier (service DID) is stored automatically.


On the “Edit SSI OAuth“ page:

  • Fill the “Name“ field with the service DID.

  • Select an interaction with above specified requirements from the drop-down list (if not selected);

  • Select “SSI Authentication” (from ProofSpace) in Credential Definition dropdown list (if not selected);

  • Select “Show JWT keys” checkbox and insert public and private keys that will be used to sign and verify JWT tokens;

  • Press “Done”



Examples and demo

Example can be found here: Javascript

Demo: visit and scan the provided QR with ProofSpace App. Android or iOS

OAuth request usage

1 2 3 4 5 6 7 8 9 10 11 12 ProofSpace.SSIAuth.start(    document.getElementById(<YOUR_ELEMENT_ID>),    {         authServiceUrl: '',         clientId: <YOUR_SERVICE_DID>,         size: 300    } ).then((tkn) => {       console.log("token", tkn);       localStorage.setItem('auth', tkn.access_token);       window.location.href = "/"; });

ProofSpace SSI Auth lib API: (For Vanilla JS)

Include library

1 <script src="<path_to_lib>/ssi.js"></script>

Now you can use library as

1 2 3 4 5 6 7 8 9 10 ProofSpace.SSIAuth.start(    htmlDivElement, ssiAuthConfig ).then((tkn) => {   // code to integrate jwt token });

htmlDivElement - element to show Auth QR code (for scan from ProofSpace Mobile App)

ssiAuthConfig - object in format:   

1 2 3 4 5 { authServiceUrl: <URL TO PROOFSPACE AUTH Server>, clientId: <YOUR_SERVICE_DID>, size: <QR code size in pixels> (optional) }

After auth flow Promise will return tkn object in format AccessTokenResponse:

1 2 3 4 5 6 7 { access_token: string; token_type: string; expires_in?: number; refresh_token?: string; scope?: string; }