Verification
This article provides a detailed overview of the OID4VP protocol steps managed by Partisia's Credential Verification Service (CVS). All these steps are entirely carried out by Partisia CVS, relieving the verifier of these tasks.
The following explanation, thus, expands on step number five in this diagram:
Wallet retrieves the request object
At this point in the flow, the wallet has received the request URI from your application.
After the holder approves the interaction, the wallet retrieves the request object from the credential verification service. This is done through a secure API call, signaling the CVS to proceed with the presentation process.
For example, the wallet might send the following:
curl -X 'GET' \
'https://verifier.example.org/request-object' \
-H 'accept: application/json'
CVS returns request object
The CVS responds to the wallet's request by sending the following key components:
- Nonce: A unique identifier to maintain the integrity of the interaction.
- Request ID: Identifies the specific session for tracking purposes.
- Presentation Definition URI: A link to the rules and requirements for the verifiable presentation.
- Presentation Result URI: The endpoint to which the wallet must later send the completed presentation.
For example, the response might look like this:
Header:
{
"typ": "oauth-authz-req+jwt",
"alg": "RS256",
"kid": "did:example:123#1"
}
Body:
{
"client_id": "redirect_uri:https://client.example.org/post",
"response_uri": "https://verifier.example.org/post/abcd1234",
"response_type": "vp_token",
"response_mode": "direct_post",
"presentation_definition_uri": https://verifier.example.org/definition/abcd1234,
"nonce": "n-0S6_WzA2Mj",
"state": "eyJhb...6-sVA"
}
Wallet retrieves the presentation definition
Using the presentation_definition_uri, the wallet requests the full Presentation Definition from the CVS.
This step provides the wallet with the exact requirements for generating the verifiable presentation.
An API GET request might look like this:
curl -X 'GET' \
'https://verifier.example.org/definition/abcd1234' \
-H 'accept: application/json'
CVS returns Presentation Definition to Wallet
In response to the wallet's request, the CVS sends the full presentation definition. This provides clear instructions on the information that the wallet needs to include in its presentation.
An example of the response might include:
{
"id": "vp token example",
"input_descriptors": [
{
"id": "id card credential",
"format": {
"ldp_vc": {
"proof_type": [
"Ed25519Signature2018"
]
}
},
"constraints": {
"fields": [
{
"path": [
"$.type"
],
"filter": {
"type": "string",
"pattern": "IDCardCredential"
}
}
]
}
}
]
}
The wallet uses this information to guide the holder in selecting and preparing the required credentials.
User Confirmation in the Wallet
The wallet prompts the user to confirm their intent to proceed. The user must swipe to confirm or approve the preparation and submission of the verifiable presentation.
Wallet submits the Verifiable Presentation
Once confirmed, the wallet prepares and submits the Verifiable Presentation to the CVS. This is typically done via
an HTTP POST request to the presentation_result_uri:
The verifiable presentation includes:
- The credentials requested in the presentation definition.
- Proofs to verify the wallet's and the credential issuer's authenticity.
CVS runs its verification
Upon receiving the Verifiable Presentation, the CVS processes the submission. It performs the following checks:
- Signature Verification: Ensures the presentation is signed by the wallet and the credentials by the respective issuers.
- Credential Validation: Confirms that the submitted credentials meet the rules specified in the presentation definition.
- Integrity Check: Validates the nonce and request ID to ensure no tampering occurred.
The CVS then returns the verification result to the customer application, completing the presentation flow.