Configuring pre-authorized settings

[This section is required. Add information about the task.]

About this task

The pre-authorized code grant type is introduced as part of OpenID for Verifiable Credential Issuance (VCI) specification. This flow is designed to transfer user session from the Credential Issuer to the Wallet application.

The flow starts when a user authenticates to the credential issuer. The user then make a request to acquire a credential. This request triggers generation of session transfer code, which is the pre-authorized_code. To prevent code misuse by unauthorized user, a transaction code can be generated and delivered to the user via email or SMS. The credential issuer then presents this pre-authorized_code as part of the credential offer and can render it as QR code.

The user, that is using the Wallet application, scansthe QR code. If a transaction code is expected, the Wallet application asks the user to enter the transaction code. After that, the pre-authorized_code (and the transaction code) are presented to the authorization server.

The authorization server validates the request and exchanges it for an access token. The Wallet application then use the access token to fetch the credential that the user requested.

Procedure

  1. Navigate to Applications > Applications settings > Pre-authorized settings.
  2. Provide the setting information
    Table 1. Pre-authorized settings
    Field Description
    Pre-authorized code lifetime The number of seconds that the code is valid. The minimum is 40 and the maximum is 1800
    String algorithm for pre-authorized code JWT The supported algorithms are RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, and ES512.
    Number of retries allowed for pre-authorized codes The number of times that the user can attempt to enter the code before it becomes invalid. The maximum number of retries is 5. A setting of 0 does not permit any retries.
    Allow credential issuer to override settings Select this checkbox if you want the credential issuer's settings to to take precedence over these settings.
    Require transaction code Select this checkbox if you want the transaction code sent to the user.
    Ordered list of transaction code delivery channels The ordered list of transaction code delivery channels. The supported channels are email or SMS. This list is used to determine the preferred delivery channel for the transaction code. If nothing is specified, email is the preferred delivery channel.
    Transaction code length The number of characters in the transaction code. The range is 4-10. The higher the number of characters, the more secure it is. However, the harder it is to remember. The typical number of characters is 6, which is the default.
    Transaction code charset The alphanumeric characters that can be used in the transaction code. Do not use any special characters, they are not supported.
  3. Click Save changes.