Configuring pre-authorized settings
[This section is required. Add information about the task.]
About this task
The pre-authorized code grant type is introduced as part of OpenID for Verifiable Credential Issuance (VCI) specification. This flow is designed to transfer user session from the Credential Issuer to the Wallet application.
The flow starts when a user authenticates to the credential issuer. The user then make a request to acquire a credential. This request triggers generation of session transfer code, which is the pre-authorized_code. To prevent code misuse by unauthorized user, a transaction code can be generated and delivered to the user via email or SMS. The credential issuer then presents this pre-authorized_code as part of the credential offer and can render it as QR code.
The user, that is using the Wallet application, scansthe QR code. If a transaction code is expected, the Wallet application asks the user to enter the transaction code. After that, the pre-authorized_code (and the transaction code) are presented to the authorization server.
The authorization server validates the request and exchanges it for an access token. The Wallet application then use the access token to fetch the credential that the user requested.