-
Notifications
You must be signed in to change notification settings - Fork 141
/
vc_demo_issuer.did
135 lines (119 loc) · 5.11 KB
/
vc_demo_issuer.did
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
// Candid interface of the example VC issuer canister.
// The interface contains both the functionality required by the VC-spec
// (https://github.com/dfinity/internet-identity/blob/main/docs/vc-spec.md)
// and additional APIs for configuring the canister and using it for testing.
// Specification of a requested credential.
type CredentialSpec = record {
credential_type : text;
// arguments are optional, and specific to the credential_name
arguments : opt vec record { text; ArgumentValue };
};
type ArgumentValue = variant { "Int" : int32; String : text };
// Types for ICRC-21 consent message, cf.
// https://github.com/dfinity/wg-identity-authentication/blob/main/topics/icrc_21_consent_msg.md
type Icrc21ConsentInfo = record { consent_message : text; language : text };
type Icrc21ConsentPreferences = record { language : text };
type Icrc21Error = variant {
GenericError : record { description : text; error_code : nat };
UnsupportedCanisterCall : Icrc21ErrorInfo;
ConsentMessageUnavailable : Icrc21ErrorInfo;
};
type Icrc21ErrorInfo = record { description : text };
type Icrc21VcConsentMessageRequest = record {
preferences : Icrc21ConsentPreferences;
credential_spec : CredentialSpec;
};
// Types for requesting issuance of a credential.
// The issuance proceeds in two steps:
// - `prepare_credential`, and
// - `get_credential`
// where the split of work between the two steps depends on the specifics of the issuer,
// and the second second step returns the actual credential (if any).
// The two steps can use `prepared_context`-value to transfer information between them.
// Types for `prepare_credential`.
type PrepareCredentialRequest = record {
signed_id_alias : SignedIdAlias;
credential_spec : CredentialSpec;
};
type PreparedCredentialData = record { prepared_context : opt vec nat8 };
// Types for `get_credential`.
type GetCredentialRequest = record {
signed_id_alias : SignedIdAlias;
credential_spec : CredentialSpec;
prepared_context : opt vec nat8;
};
type SignedIdAlias = record {
credential_jws : text;
};
type IssuedCredentialData = record { vc_jws : text };
type IssueCredentialError = variant {
// The caller is not known to the issuer. Caller should register first with the issuer before retrying.
UnknownSubject : text;
// The caller is not authorized to obtain the requested credential. Caller requested a credential
// for a different principal, or the issuer does not have sufficient knowledge about the caller
// to issue the requested credential.
UnauthorizedSubject : text;
// The id_alias credential provided by the identity provider is invalid.
InvalidIdAlias : text;
// The issuer does not issue credentials described in the credential spec.
UnsupportedCredentialSpec : text;
// Internal errors, indicate malfunctioning of the issuer.
SignatureNotFound : text;
Internal : text;
};
// Types for `derivation_origin`.
type DerivationOriginRequest = record {
frontend_hostname : text;
};
type DerivationOriginData = record { origin : text };
type DerivationOriginError = variant {
Internal : text;
UnsupportedOrigin : text;
};
// Configuration specific to this issuer.
type IssuerConfig = record {
// Root of trust for checking canister signatures.
ic_root_key_der : opt blob;
// List of canister ids that are allowed to provide id alias credentials.
idp_canister_ids : vec principal;
// The derivation origin to be used by the issuer.
derivation_origin : text;
// Frontend hostname be used by the issuer.
frontend_hostname : text;
};
// Options related to HTTP handling
type HeaderField = record {
text;
text;
};
type HttpRequest = record {
method: text;
url: text;
headers: vec HeaderField;
body: blob;
certificate_version: opt nat16;
};
type HttpResponse = record {
status_code: nat16;
headers: vec HeaderField;
body: blob;
};
service: (opt IssuerConfig) -> {
// VC-flow API.
vc_consent_message : (Icrc21VcConsentMessageRequest) -> (variant { Ok : Icrc21ConsentInfo; Err : Icrc21Error;});
prepare_credential : (PrepareCredentialRequest) -> (variant { Ok : PreparedCredentialData; Err : IssueCredentialError;});
get_credential : (GetCredentialRequest) -> (variant { Ok : IssuedCredentialData; Err : IssueCredentialError;}) query;
derivation_origin : (DerivationOriginRequest) -> (variant {Ok: DerivationOriginData; Err: DerivationOriginError});
// Configure the issuer (e.g. set the root key), used for deployment/testing.
configure: (IssuerConfig) -> ();
set_derivation_origin: (frontend_hostname: text, derivation_origin: text) -> ();
// Sets the content of the alternative origins file.
set_alternative_origins: (alternative_origins: text) -> ();
// API for obtaining information about users, for testing only.
// In a real-world issuer the data acquisition functionality should be more elaborate and authenticated.
add_employee : (principal) -> (text);
add_graduate : (principal) -> (text);
add_adult : (principal) -> (text);
// Serve the app
http_request: (request: HttpRequest) -> (HttpResponse) query;
}