# Issuer to holder qualification Conformance Flows (v3) - CTIssueQualificationCredential

# 0.0 Initial setup

## 0.1 Setup conformance

In [1]:
import uuid
import asyncio
from rich.console import Console

console = Console()

loop = asyncio.get_event_loop()

## 0.2 Create did:key:jwk_jcs-pub identifier using ES256 algorithm

In [2]:
from eudi_wallet.did_key import KeyDid, PublicKeyJWK
import uuid

# generate crypto seed
crypto_seed = b'1691239391'

key_did = KeyDid(seed=crypto_seed)

# generate keypair
key_did.create_keypair()

# create public key jwk
public_key_jwk = PublicKeyJWK(
    kty=key_did.public_key_jwk['kty'],
    crv=key_did.public_key_jwk['crv'],
    x=key_did.public_key_jwk['x'],
    y=key_did.public_key_jwk['y']
)

# generate did
key_did.generate_did(public_key_jwk)

print("Decentralised identifier: ", key_did._did)

Decentralised identifier:  did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9KbrzXb2Gk7e3H8eybm7GVTziv9VZhSkHxDpnnApFuRNuwXbKq7XzAtLGr4rTpSdhk1aGdpYnAqiKZWN3B8uzZ9eNXc2bgJom1MJd8GVU4jyePtX8VnsUf87eW9sAnhGGwQ12


## 1.1 Initiate Credential Issuance

In [3]:
from eudi_wallet.util import parse_query_string_parameters_from_url
from eudi_wallet.siop_auth.util import (
    accept_and_fetch_credential_offer, 
    fetch_openid_credential_issuer_configuration,
    fetch_openid_auth_server_configuration,
    fetch_credential_offer,
    CredentialTypes
)

credential_type = CredentialTypes.CTAAQualificationCredential

credential_issuer_configuration = await fetch_openid_credential_issuer_configuration("https://api-conformance.ebsi.eu/conformance/v3/issuer-mock")
console.log("Credential issuer configuration: ", credential_issuer_configuration)

auth_server_configuration = await fetch_openid_auth_server_configuration(credential_issuer_configuration.authorization_server)
console.log("Authorization server configuration: ", auth_server_configuration)

## 1.2 Perform authorization request and obtain ID token request

In [4]:
from eudi_wallet.siop_auth.util import (
    perform_authorization, 
    AuthorizationRequestQueryParams,
    get_authorization_response_query_params,
    generate_code_challenge,
    generate_code_verifier
)
import uuid
import json

state = str(uuid.uuid4())
nonce = str(uuid.uuid4())
code_verifier = generate_code_verifier()

did = "did:ebsi:zfZhGRvg7S5KQd7doRi8GnJ"
authorization_details = [{"type":"openid_credential","format":"jwt_vc","types":["VerifiableCredential","VerifiableAttestation","CTAAQualificationCredential"],"locations": ["https://api-conformance.ebsi.eu/conformance/v3/issuer-mock"]}]
redirect_uri = "http://localhost:8080"
client_metadata = {"vp_formats_supported":{"jwt_vp":{"alg":["ES256"]},"jwt_vc":{"alg":["ES256"]}},"response_types_supported":["vp_token","id_token"],"authorization_endpoint":redirect_uri}
authorization_request_query_params = AuthorizationRequestQueryParams(
    response_type="code",
    scope="openid",
    state=state,
    client_id=key_did._did,
    authorization_details=json.dumps(authorization_details, separators=(',', ':')),
    redirect_uri=redirect_uri,
    nonce=nonce,
    code_challenge=generate_code_challenge(code_verifier),
    code_challenge_method="S256",
    client_metadata=json.dumps(client_metadata, separators=(',', ':')),
    issuer_state=""
)

auth_resp = await perform_authorization(auth_server_configuration.authorization_endpoint, authorization_request_query_params)
auth_resp_uri = str(auth_resp).split("Location': '")[1].split("'")[0]

auth_resp_query_params = get_authorization_response_query_params(auth_resp_uri)
console.log("Authorization response query params: ", auth_resp_query_params)




## 1.3 Send ID token

In [5]:
from eudi_wallet.siop_auth.util import send_id_token_response

did = "did:ebsi:zfZhGRvg7S5KQd7doRi8GnJ"
id_token = key_did.generate_id_token(did=did, auth_server_uri=auth_resp_query_params.client_id, nonce=auth_resp_query_params.nonce)
auth_code_response = await send_id_token_response(auth_resp_query_params.redirect_uri, id_token, auth_resp_query_params.state)
print("auth_code_response: ", auth_code_response)
auth_code_response = str(auth_code_response).split("Location': '")[1].split("'")[0]
state = parse_query_string_parameters_from_url(auth_code_response).get("state")[0]
auth_code = parse_query_string_parameters_from_url(auth_code_response).get("code")[0]
console.log("Authorization code: ", auth_code)


auth_code_response:  <ClientResponse(https://api-conformance.ebsi.eu/conformance/v3/auth-mock/direct_post) [302 Found]>
<CIMultiDictProxy('Access-Control-Allow-Origin': '*', 'Content-Length': '0', 'Content-Security-Policy': "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests", 'Cross-Origin-Embedder-Policy': 'require-corp', 'Cross-Origin-Opener-Policy': 'same-origin', 'Cross-Origin-Resource-Policy': 'same-origin', 'Date': 'Sat, 05 Aug 2023 13:12:36 GMT', 'Location': 'http://localhost:8080?code=c30048cb-1735-41d7-82f2-36c69b5841c9&state=25581d56-1f3b-4fdd-8850-81878eb769ae', 'Origin-Agent-Cluster': '?1', 'Referrer-Policy': 'no-referrer', 'Strict-Transport-Security': 'max-age=15552000; includeSubDomains', 'Vary': 'Origin', 'X-Content-Type-Options': 'nosniff', 'X-Dns-Prefetch-Control': 'off

## 1.4 Exchange code for access token

In [6]:
from eudi_wallet.siop_auth.util import exchange_auth_code_for_access_token

did = key_did._did
token_uri = auth_resp_query_params.client_id + "/token"
access_token_response = await exchange_auth_code_for_access_token(token_uri, did, auth_code, code_verifier)
console.log("Access token response: ", access_token_response)

{'access_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IkJKeTViQ1Mta1dGRUhmekczYWVZUWlGbmVOYnFDWHRkLVlaVmk3cmxpRGsifQ.eyJub25jZSI6IjA2ZTI2YThiLWM5N2MtNDhkOC05YTBhLTRlYWUzNDg3Y2NlZiIsImNsYWltcyI6eyJhdXRob3JpemF0aW9uX2RldGFpbHMiOlt7InR5cGUiOiJvcGVuaWRfY3JlZGVudGlhbCIsImZvcm1hdCI6Imp3dF92YyIsImxvY2F0aW9ucyI6WyJodHRwczovL2FwaS1jb25mb3JtYW5jZS5lYnNpLmV1L2NvbmZvcm1hbmNlL3YzL2lzc3Vlci1tb2NrIl0sInR5cGVzIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiQ1RBQVF1YWxpZmljYXRpb25DcmVkZW50aWFsIl19XSwiY19ub25jZSI6ImY4ZDg0YzlkLWJkY2EtNGUyYy04NDM1LWY2MzkxZGJiNWMyZiIsImNfbm9uY2VfZXhwaXJlc19pbiI6ODY0MDAsImNsaWVudF9pZCI6ImRpZDprZXk6ejJkbXpEODFjZ1B4OFZraTdKYnV1TW1GWXJXUGdZb3l0eWtVWjNleXFodDFqOUticnpYYjJHazdlM0g4ZXlibTdHVlR6aXY5VlpoU2tIeERwbm5BcEZ1Uk51d1hiS3E3WHpBdExHcjRyVHBTZGhrMWFHZHBZbkFxaUtaV04zQjh1elo5ZU5YYzJiZ0pvbTFNSmQ4R1ZVNGp5ZVB0WDhWbnNVZjg3ZVc5c0FuaEdHd1ExMiJ9LCJpc3MiOiJodHRwczovL2FwaS1jb25mb3JtYW5jZS5lYnNpLmV1L2NvbmZvcm1hbmNlL3YzL2F1dGgtbW9jayIsImF1ZCI6WyJodHRwczovL2FwaS1

## 1.5 Request credential (same device)

In [7]:
from eudi_wallet.siop_auth.util import send_credential_request

did = "did:ebsi:zfZhGRvg7S5KQd7doRi8GnJ"
credential_request_jwt = key_did.generate_credential_request(did, credential_issuer_configuration.credential_issuer, access_token_response.c_nonce)
console.log("Credential request JWT: ", credential_request_jwt)
credential_response = await send_credential_request(credential_issuer_configuration.credential_endpoint, access_token_response.access_token, credential_request_jwt, ["VerifiableCredential","VerifiableAttestation","CTAAQualificationCredential"])
print("Credential response: ", credential_response)

Credential response:  {'format': 'jwt_vc', 'credential': 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDplYnNpOnpoSkFSalBONjljRXRnUHhIZW4xTWlkI3VPa3Y1TE9pbzlYQnE2a1JRaHNaMHpOTVZ1czBjNFZqcFB0cDY1dTVjWXcifQ.eyJqdGkiOiJ2YzplYnNpOmNvbmZvcm1hbmNlIzlhNjAyNjQzLThhZDQtNDVkYy1hNmYxLWM3YWFmM2Q3ODkwMiIsInN1YiI6ImRpZDplYnNpOnpmWmhHUnZnN1M1S1FkN2RvUmk4R25KIiwiaXNzIjoiZGlkOmVic2k6emhKQVJqUE42OWNFdGdQeEhlbjFNaWQiLCJuYmYiOjE2OTEyNDExNjUsImV4cCI6MTY5MTMyNzU2NSwiaWF0IjoxNjkxMjQxMTY1LCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6InZjOmVic2k6Y29uZm9ybWFuY2UjOWE2MDI2NDMtOGFkNC00NWRjLWE2ZjEtYzdhYWYzZDc4OTAyIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlZlcmlmaWFibGVBdHRlc3RhdGlvbiIsIkNUQUFRdWFsaWZpY2F0aW9uQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aEpBUmpQTjY5Y0V0Z1B4SGVuMU1pZCIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMDVUMTM6MTI6NDVaIiwiaXNzdWVkIjoiMjAyMy0wOC0wNVQxMzoxMjo0NVoiLCJ2YWxpZEZyb20iOiIyMDIzLTA4LTA1VDEzOjEyOjQ1WiIsImV4cGlyYXRpb25EYXRlIjoiMjAyMy0wOC0wNlQxMzoxMjo