Skip to content

Receiving a confirmation copy of the issued credential

This article explains how to configure your credential issuance service installation and your application to ensure that the issuance results are accessible in your application as depicted in step 9 of the sequence diagram.

Requirements

Before configuring your application to receive the credential issuance service callback with a copy of the issued credential you must:

  • Install the credential issuance service
  • Create a credential configuration

This suffices for your credential issuance service to issue custom credentials to wallets. The credential issuance service will carry out the OID4CI issuance protocol and output the result of the issuance.

Receiving the credential issuance service output

To integrate the credential issuance service output into your application you must:

  1. Set up your application to expose an endpoint capable of handling POST requests. The credential issuance service will push the copy of the issued credential to this endpoint.
  2. You must modify the targetUrl field in your credential issuance service's server.json configuration file to include your application's endpoint.
  3. If necessary, specify the bearer token in the bearerToken field.
Example configuration file:
server.json (truncated)
{
  "port": "...",
  "baseUrl": "...",
  "authorizationServer": {
    "..."
  },
  "sessionCallback": { // (1)!
    "targetUrl": "http://localhost:8090/issuance/issued-credential", // (2)!
    "bearerToken": "81952788-6321-412c-91b9-8f61ee2a1e52" // (3)!
  },
  "issuer": {
    "..."
  },
  "state": {
    "..."
  }
}
  1. Configures where the confirmation copy of issued credential should be pushed and the authentication method used (if any)
  2. The url where the confirmation copy of the issued credential are pushed to - this is the endpoint you must configure in your application
  3. Token to append in authorization header. Based on the example the header value is Bearer 81952788-6321-412c-91b9-8f61ee2a1e52

Here's an example a POST request sent by the credential issuance service:

curl -X 'POST' \
  'http://localhost:8090/issuance/issued-credential' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer 81952788-6321-412c-91b9-8f61ee2a1e52' \
  -d '{
  "issuance_successful": true,
  "session_id": "PVkBUlNFgccjeAMeBfi43g",
  "credential_response": {
    "credentials": [
      {
        "credential": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImlkIjoiaHR0cDovL2V4YW1wbGUuZWR1L2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9leGFtcGxlLmVkdS9pc3N1ZXJzLzU2NTA0OSIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX19LCJpc3MiOiJodHRwczovL2V4YW1wbGUuZWR1L2lzc3VlcnMvNTY1MDQ5IiwibmJmIjoxMjYyMzA0MDAwLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9.z5vgMTK1nfizNCg5N-niCOL3WUIAL7nXy-nGhDZYO_-PNGeE-0djCpWAMH8fD8eWSID5PfkPBYkx_dfLJnQ7NA"
      }
    ]
  }
}
}'

Updating your configuration

After updating your server.json file you must update your credential issuance service installation to use the updated configuration. To do this, stop any docker container using your specified port and run the following command:

docker run -d -p 9201:9201 -v PATH_TO_YOUR_SERVER.JSON:/conf/server.json registry.gitlab.com/secata/platform/did/did-issuer-backend:latest

Navigate to http://localhost:9201/openapi to start interacting with the credential issuance service.

You can interact with the credential issuance service by calling the different endpoints through the user interface. As an example you can start a new presentation by calling the issuance/oid4vci/new-session endpoint.

Now your credential issuance service is configured to push copies of issued credentials to your application. Whenever the issuance flow is completed the result is posted to your specified endpoint.