Skip to content

Verification

This article provides a detailed overview of the OID4VP protocol steps managed by Partisia's credential verification service. All these steps are entirely carried out by Partisia's credential verification service, relieving the verifier of these tasks.

The following explanation, thus, expands on step number five in this diagram:

verifier diagram

Wallet retrieves the request object

At this point in the flow, the wallet has received the request URI from your application.

After the holder approves the interaction, the wallet retrieves the request object from the credential verification service. This is done through a secure API call, signaling the credential verification service to proceed with the presentation process.

For example, the wallet might send the following:

curl -X 'GET' \
'https://verifier.example.org/request-object' \
-H 'accept: application/json'

Credential verification service returns request object

The credential verification service responds to the wallet's request by sending the following key components:

  • Nonce: A unique identifier to maintain the integrity of the interaction.
  • Request ID: Identifies the specific session for tracking purposes.
  • Presentation Definition URI: A link to the rules and requirements for the verifiable presentation.
  • Presentation Result URI: The endpoint to which the wallet must later send the completed presentation.

For example, the response might look like this:

{
    "typ": "oauth-authz-req+jwt",
    "alg": "RS256",
    "kid": "did:example:123#1"
}

Body:

{
  "client_id": "redirect_uri:https://client.example.org/post",
  "response_uri": "https://verifier.example.org/post/abcd1234",
  "response_type": "vp_token",
  "response_mode": "direct_post",
  "presentation_definition_uri": https://verifier.example.org/definition/abcd1234,
  "nonce": "n-0S6_WzA2Mj",
  "state": "eyJhb...6-sVA"
}

Wallet retrieves the presentation definition

Using the presentation_definition_uri, the wallet requests the full Presentation Definition from the credential verification service. This step provides the wallet with the exact requirements for generating the verifiable presentation.

An API GET request might look like this:

curl -X 'GET' \
'https://verifier.example.org/definition/abcd1234' \
-H 'accept: application/json'

Credential verification service returns Presentation Definition to Wallet

In response to the wallet's request, the credential verification service sends the full presentation definition. This provides clear instructions on the information that the wallet needs to include in its presentation.

An example of the response might include:

{
    "id": "vp token example",
    "input_descriptors": [
        {
            "id": "id card credential",
            "format": {
                "ldp_vc": {
                    "proof_type": ["Ed25519Signature2018"]
                }
            },
            "constraints": {
                "fields": [
                    {
                        "path": ["$.type"],
                        "filter": {
                            "type": "string",
                            "pattern": "IDCardCredential"
                        }
                    }
                ]
            }
        }
    ]
}

The wallet uses this information to guide the holder in selecting and preparing the required credentials.

User Confirmation in the Wallet

The wallet prompts the user to confirm their intent to proceed. The user must swipe to confirm or approve the preparation and submission of the verifiable presentation.

Wallet submits the Verifiable Presentation

Once confirmed, the wallet prepares and submits the Verifiable Presentation to the credential verification service. This is typically done via an HTTP POST request to the presentation_result_uri:

The verifiable presentation includes:

  • The credentials requested in the presentation definition.
  • Proofs to verify the wallet's and the credential issuer's authenticity.

Credential verification service runs its verification

Upon receiving the Verifiable Presentation, the credential verification service processes the submission. It performs the following checks:

  • Signature Verification: Ensures the presentation is signed by the wallet and the credentials by the respective issuers.
  • Credential Validation: Confirms that the submitted credentials meet the rules specified in the presentation definition.
  • Integrity Check: Validates the nonce and request ID to ensure no tampering occurred.

The credential verification service then returns the verification result to the customer application, completing the presentation flow.