# Holder Wallet Conformance Flows (v3) - CTWalletCrossDeferred

# 0.0 Initial setup

## 0.1 Setup conformance

In [2]:
import uuid
import asyncio
from rich.console import Console

console = Console()

loop = asyncio.get_event_loop()

## 0.2 Create did:key:jwk_jcs-pub identifier using ES256 algorithm

In [3]:
from eudi_wallet.did_key import KeyDid, PublicKeyJWK
import uuid

# generate crypto seed
crypto_seed = b'ebsitests'

key_did = KeyDid(seed=crypto_seed)

# generate keypair
key_did.create_keypair()

# create public key jwk
public_key_jwk = PublicKeyJWK(
    kty=key_did.public_key_jwk['kty'],
    crv=key_did.public_key_jwk['crv'],
    x=key_did.public_key_jwk['x'],
    y=key_did.public_key_jwk['y']
)

# generate did
key_did.generate_did(public_key_jwk)

print("Decentralised identifier: ", key_did._did)

Decentralised identifier:  did:key:z2dmzD81cgPx8Vki7JbuuMmFYrWPgYoytykUZ3eyqht1j9Kbowo1MYpCJwNfzfFggXuWxdPAdAWhkp9XskU2cir7r21AxqN2TMvMTUS1FmaNWLm2esa8FLwZ35i5mRzUygDQdZRS1gC42Am9Doyh68Hp1Ksap9e9xzebDYFhhLgXTksgnG


## 1.1 Initiate Credential Issuance

In [4]:
from eudi_wallet.util import parse_query_string_parameters_from_url
from eudi_wallet.siop_auth.util import (
    accept_and_fetch_credential_offer, 
    fetch_openid_credential_issuer_configuration,
    fetch_openid_auth_server_configuration,
    fetch_credential_offer,
    CredentialTypes
)

credential_type =  "VerifiablePortableDocumentA1"
# qr_code_data = await fetch_credential_offer(key_did._did, credential_type)
qr_code_data = "openid-credential-offer://?credential_offer_uri=https://staging-eudi-wallet.igrant.io/credential-offer/10a6049f-8ad8-43a0-b1c5-a63b0dc30aaf"
qr_code_data = qr_code_data.replace("openid-credential-offer://", "")
credential_offer_uri = parse_query_string_parameters_from_url(
    qr_code_data).get("credential_offer_uri")[0]
console.log("Credential offer URI: ", credential_offer_uri)

credential_offer = await accept_and_fetch_credential_offer(credential_offer_uri)
console.log("Credential offer: ", credential_offer)

credential_issuer_configuration = await fetch_openid_credential_issuer_configuration(credential_offer.credential_issuer)
console.log("Credential issuer configuration: ", credential_issuer_configuration)

auth_server_configuration = await fetch_openid_auth_server_configuration(credential_issuer_configuration.authorization_server)
console.log("Authorization server configuration: ", auth_server_configuration)


{"credential_issuer": "https://staging-eudi-wallet.igrant.io", "credentials": [{"format": "jwt_vc", "types": ["VerifiableCredential", "VerifiableAttestation", "VerifiablePortableDocumentA1"], "trust_framework": {"name": "ebsi", "type": "Accreditation", "uri": "TIR link towards accreditation"}}], "grants": {"authorization_code": {"issuer_state": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDprZXk6ejJkbXpEODFjZ1B4OFZraTdKYnV1TW1GWXJXUGdZb3l0eWtVWjNleXFodDFqOUtic2NYYTF1R29lbnlmbVV5WUtkTVBWQ2dCUkpBd0VGaUgyQ1lqdHlmZmtMTDFzZFNTWm5Qckptb0dOZm16S1hGN202S0FxMVdjZXVLUlZTSkVxcXVvQkh6QWVpZm1zTW1GdmFIaVVacEhyRmZoa2hzeGZnUlZncWRSdjl3aWE3ZDVZOCN6MmRtekQ4MWNnUHg4VmtpN0pidXVNbUZZcldQZ1lveXR5a1VaM2V5cWh0MWo5S2JzY1hhMXVHb2VueWZtVXlZS2RNUFZDZ0JSSkF3RUZpSDJDWWp0eWZma0xMMXNkU1NablBySm1vR05mbXpLWEY3bTZLQXExV2NldUtSVlNKRXFxdW9CSHpBZWlmbXNNbUZ2YUhpVVpwSHJGZmhraHN4ZmdSVmdxZFJ2OXdpYTdkNVk4IiwidHlwIjoiSldUIn0.eyJhdWQiOiJkaWQ6a2V5OnoyZG16RDgxY2dQeDhWa2k3SmJ1dU1tRllyV1BnWW95dHlrVVozZXlxaHQxajlLYnNjWGExdUdvZW55Zm1VeVlLZE1QVkNn

{"credential_issuer": "https://staging-eudi-wallet.igrant.io", "authorization_server": "https://staging-eudi-wallet.igrant.io", "credential_endpoint": "https://staging-eudi-wallet.igrant.io/credential", "deferred_credential_endpoint": "https://staging-eudi-wallet.igrant.io/credential_deferred", "display": {"name": "iGrant.io - EBSI Wallet", "locale": "en-GB", "logo": {"url": "https://demo-api.igrant.io/v1/organizations/5c1509c75430460001af6232/image/5c150a315430460001af6234/web", "alt_text": "iGrant.io - EBSI Wallet"}, "description": "iGrant.io is a data exchange platform that helps organisations to access personal data in a sustainable and human-centric manner."}, "credentials_supported": [{"format": "jwt_vc", "types": ["VerifiableCredential", "VerifiableAttestation", "CTWalletSameDeferred"], "trust_framework": {"name": "ebsi", "type": "Accreditation", "uri": "TIR link towards accreditation"}, "display": [{"name": "Conformance tests deferred", "locale": "en-GB"}]}, {"format": "jwt_vc"

{"redirect_uris": ["https://staging-eudi-wallet.igrant.io/direct_post"], "issuer": "https://staging-eudi-wallet.igrant.io", "authorization_endpoint": "https://staging-eudi-wallet.igrant.io/authorize", "token_endpoint": "https://staging-eudi-wallet.igrant.io/token", "jwks_uri": "https://staging-eudi-wallet.igrant.io/jwks", "scopes_supported": ["openid"], "response_types_supported": ["vp_token", "id_token"], "response_modes_supported": ["query"], "grant_types_supported": ["authorization_code"], "subject_types_supported": ["public"], "id_token_signing_alg_values_supported": ["ES256"], "request_object_signing_alg_values_supported": ["ES256"], "request_parameter_supported": true, "request_uri_parameter_supported": true, "token_endpoint_auth_methods_supported": ["private_key_jwt"], "request_authentication_methods_supported": {"authorization_endpoint": ["request_object"]}, "vp_formats_supported": {"jwt_vp": {"alg_values_supported": ["ES256"]}, "jwt_vc": {"alg_values_supported": ["ES256"]}}, "

## 1.2 Perform authorization request and obtain ID token request

In [5]:
from eudi_wallet.siop_auth.util import (
    perform_authorization, 
    AuthorizationRequestQueryParams,
    get_authorization_response_query_params,
    generate_code_challenge,
    generate_code_verifier
)
import uuid
import json

state = str(uuid.uuid4())
nonce = str(uuid.uuid4())
code_verifier = generate_code_verifier()

authorization_details = [{"type":"openid_credential","format":"jwt_vc","types":credential_offer.credentials[0].get("types"),"locations": ["https://api-conformance.ebsi.eu/conformance/v3/issuer-mock"]}]
redirect_uri = "http://localhost:8080"
client_metadata = {"vp_formats_supported":{"jwt_vp":{"alg":["ES256"]},"jwt_vc":{"alg":["ES256"]}},"response_types_supported":["vp_token","id_token"],"authorization_endpoint":redirect_uri}
authorization_request_query_params = AuthorizationRequestQueryParams(
    response_type="code",
    scope="openid",
    state=state,
    client_id=key_did._did,
    authorization_details=json.dumps(authorization_details, separators=(',', ':')),
    redirect_uri=redirect_uri,
    nonce=nonce,
    code_challenge=generate_code_challenge(code_verifier),
    code_challenge_method="S256",
    client_metadata=json.dumps(client_metadata, separators=(',', ':')),
    issuer_state=credential_offer.grants.get("authorization_code").get("issuer_state")
)

auth_resp = await perform_authorization(auth_server_configuration.authorization_endpoint, authorization_request_query_params)
auth_resp_uri = str(auth_resp).split("Location': '")[1].split("'")[0]
console.log("Authorization response URI: ", auth_resp_uri)
auth_resp_query_params = get_authorization_response_query_params(auth_resp_uri)
console.log("Authorization response query params: ", auth_resp_query_params)




## 1.3 Send ID token

In [6]:
from eudi_wallet.siop_auth.util import send_id_token_response

id_token = key_did.generate_id_token(auth_server_uri=auth_resp_query_params.client_id, nonce=auth_resp_query_params.nonce)
auth_code_response = await send_id_token_response(auth_resp_query_params.redirect_uri, id_token, auth_resp_query_params.state)
auth_code_response = str(auth_code_response).split("Location': '")[1].split("'")[0]
state = parse_query_string_parameters_from_url(auth_code_response).get("state")[0]
auth_code = parse_query_string_parameters_from_url(auth_code_response).get("code")[0]
console.log("Authorization code: ", auth_code)




## 1.4 Exchange code for access token

In [7]:
from eudi_wallet.siop_auth.util import exchange_auth_code_for_access_token

token_uri = auth_resp_query_params.client_id + "/token"
access_token_response = await exchange_auth_code_for_access_token(token_uri, key_did._did, auth_code, code_verifier)
console.log("Access token response: ", access_token_response)

{"access_token": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImM0Z3EtZ28xY3dVbFRxOWY5cG1Oa1hPNzhqX2R6dXlyLXE4YTZmYnBZUWMiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJkaWQ6a2V5OnoyZG16RDgxY2dQeDhWa2k3SmJ1dU1tRllyV1BnWW95dHlrVVozZXlxaHQxajlLYnNjWGExdUdvZW55Zm1VeVlLZE1QVkNnQlJKQXdFRmlIMkNZanR5ZmZrTEwxc2RTU1puUHJKbW9HTmZtektYRjdtNktBcTFXY2V1S1JWU0pFcXF1b0JIekFlaWZtc01tRnZhSGlVWnBIckZmaGtoc3hmZ1JWZ3FkUnY5d2lhN2Q1WTgiLCJjcmVkZW50aWFsX29mZmVyX2lkIjoiMTBhNjA0OWYtOGFkOC00M2EwLWIxYzUtYTYzYjBkYzMwYWFmIiwiZXhwIjoxNjk0NDIwMTM2LCJpYXQiOjE2OTQzMzM3MzYsImlzcyI6ImRpZDprZXk6ejJkbXpEODFjZ1B4OFZraTdKYnV1TW1GWXJXUGdZb3l0eWtVWjNleXFodDFqOUtic2NYYTF1R29lbnlmbVV5WUtkTVBWQ2dCUkpBd0VGaUgyQ1lqdHlmZmtMTDFzZFNTWm5Qckptb0dOZm16S1hGN202S0FxMVdjZXVLUlZTSkVxcXVvQkh6QWVpZm1zTW1GdmFIaVVacEhyRmZoa2hzeGZnUlZncWRSdjl3aWE3ZDVZOCIsIm5iZiI6MTY5NDMzMzczNiwibm9uY2UiOiI2OGI2M2YxNi1jNjVhLTRkYTYtOThhOC0zZjk3YTA2NjEzYTAiLCJzdWIiOiJkaWQ6a2V5OnoyZG16RDgxY2dQeDhWa2k3SmJ1dU1tRllyV1BnWW95dHlrVVozZXlxaHQxajlLYm93bzFNWXBDSndOZnpmRmdnWHVXeGRQQWRBV2hrcDlYc2tVMmNpcjdyMjF

## 1.5 Request credential to get acceptance token to initiate deferred flow 

In [8]:
from eudi_wallet.siop_auth.util import send_credential_request

credential_request_jwt = key_did.generate_credential_request(credential_issuer_configuration.credential_issuer, access_token_response.c_nonce)
console.log("Credential request JWT: ", credential_request_jwt)
acceptance_token_response = await send_credential_request(credential_issuer_configuration.credential_endpoint, access_token_response.access_token, credential_request_jwt, credential_offer.credentials[0].get("types"))
console.log("Acceptance token response: ", acceptance_token_response)## 1.6 Request credential using deferred endpoint

{"acceptance_token": "3e434931-fc71-4e13-ab94-65584ab36902", "c_nonce": null, "c_nonce_expires_in": null}


## 1.6 Request credential using deferred endpoint

In [9]:
from eudi_wallet.siop_auth.util import send_deferred_credential_request
from time import sleep

console.log("Waiting for 5 seconds...")
sleep(5)
console.log("Sending deferred credential request...")
credential_response = await send_deferred_credential_request(credential_issuer_configuration.deferred_credential_endpoint, acceptance_token_response.get("acceptance_token"))
print("Credential response: ", credential_response)

400: Credential is not available yet


ContentTypeError: 0, message='Attempt to decode JSON with unexpected mimetype: text/plain; charset=utf-8', url=URL('https://staging-eudi-wallet.igrant.io/credential_deferred')