# Phase 1- Retrieve an existing a Verifiable Credential (VC) from a VCIssuer (Keycloak in this use case)


In [1]:
from IPython.display import Markdown, display

def print_md(text):
    display(Markdown(text))
def color_md(text, color="blue"):
    return f"<span style='color:{color}'>{text}</span>"

In [2]:
## Define the required variables
URL_VCISSUER="https://fiwaredsc-consumer.ita.es/realms/consumerRealm"
ADMIN_CLI="admin-cli"
USER_01="oc-user"
USER_01_PASSWORD="test"
CREDENTIAL_TYPE="user-credential"

In [3]:
import json
import requests
print_md("## 1.1- Get the URL from the well known openid configuration to retrieve the Token to access the VC")
url=f"{URL_VCISSUER}/.well-known/openid-configuration"
try:
    response = requests.get(url)
    response.raise_for_status()
    jsonResponse=response.json()
    URL_VCISSUER_TOKEN=jsonResponse["token_endpoint"]
    print_md (f"{color_md('# **URL_VCISSUER_TOKEN**', 'green')}=*{URL_VCISSUER_TOKEN}*")
except requests.exceptions.RequestException as e:
    print(f"Error during request: {e}")


## 1.1- Get the URL from the well known openid configuration to retrieve the Token to access the VC

<span style='color:green'># **URL_VCISSUER_TOKEN**</span>=*https://fiwaredsc-consumer.ita.es/realms/consumerRealm/protocol/openid-connect/token*

In [4]:
print_md("## 1.2- Get Token to access the credential's offer URI")
url=URL_VCISSUER_TOKEN
data={"grant_type": "password",
      "client_id": ADMIN_CLI,
      "username": USER_01,
      "password": USER_01_PASSWORD
}
headers={'Content-Type': 'application/x-www-form-urlencoded'}
try:
    response = requests.post(url, data=data, headers=headers)
    jsonResponse=response.json()
    # print(json.dumps(jsonResponse, indent=4))  # Print the JSON response if it"s in JSON format
    response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
    ACCESS_TOKEN=jsonResponse["access_token"]
    print_md (f"{color_md('# **ACCESS_TOKEN**', 'green')}=*{ACCESS_TOKEN}*")
except requests.exceptions.RequestException as e:
    print(f"Error during request: {e}\n- ErrorResponse:{jsonResponse}\nURL: {url}\n- Data: {json.dumps(data, indent=4)}\n- Headers: {json.dumps(headers, indent=4)}")

## 1.2- Get Token to access the credential's offer URI

<span style='color:green'># **ACCESS_TOKEN**</span>=*eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBUVE3bEFrQ2lZam10OUdxQ1N1c2ZtM19wQ3VqVTVCMUNJeHZvZzRNaUw4In0.eyJleHAiOjE3MzE5MzI3MjIsImlhdCI6MTczMTkzMjQyMiwianRpIjoiY2YyYTBjZGYtMDkyNy00YWJhLTkxYTItZGI5YTBmZDNkMGEyIiwiaXNzIjoiaHR0cHM6Ly9maXdhcmVkc2MtY29uc3VtZXIuaXRhLmVzL3JlYWxtcy9jb25zdW1lclJlYWxtIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwic2lkIjoiOTI3ZTgzMTQtYmVlNi00OTQyLWI0OTItYzI2NTNlMTAzYjJiIiwic2NvcGUiOiIifQ.Os1F38HGhsf1dk9mV6dr1xD14vhcW1PH7tB8iua1985d_fS7e80x_QK_9Ok0FU7TBoPXwbUbxbrKhflhJiElLLjLWQwRnnHeDIg0tczvAMqFLujRx1VBB6hgQ8S1dciuFbdiQmIt1peILCZnU1E9YV3yEkG2JCJwbKdM57_411W9vkgTjjU87pWzrC87iJcBwOibT1RbK-2X9x2qCBudJocyXD0ORaOsFEHEHFXoJEnduvEWsXHHFRHZxKOxW2SoW8YDzG5GreNUQXUzkzFYI7rGaJizWmm-jR3lqVr8OLSqveOJZC8PRgyDSP0SR8dp566ib41iClv2jJjwVj3zwg*

In [5]:

print_md("## 1.3- Get a credential offer uri, using the retrieved AccessToken")

URL_CREDENTIAL_OFFER=f"{URL_VCISSUER}/protocol/oid4vc/credential-offer-uri"
url=URL_CREDENTIAL_OFFER
params={"credential_configuration_id": CREDENTIAL_TYPE}
headers={'Authorization': f"Bearer {ACCESS_TOKEN}"}
try:
    response = requests.get(url, params=params, headers=headers)
    jsonResponse=response.json()
    # print(json.dumps(jsonResponse, indent=4))  # Print the JSON response if it"s in JSON format
    response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
    OFFER_URI=f'{jsonResponse["issuer"]}{jsonResponse["nonce"]}'
    print_md (f"{color_md('# **OFFER_URI**', 'green')}=*{OFFER_URI}*")
except requests.exceptions.RequestException as e:
    print(f"Error during request: {e}\n- ErrorResponse:{jsonResponse}\nURL: {url}\n- Params: {json.dumps(params, indent=4)}\n- Headers: {json.dumps(headers, indent=4)}")

## 1.3- Get a credential offer uri, using the retrieved AccessToken

<span style='color:green'># **OFFER_URI**</span>=*https://fiwaredsc-consumer.ita.es/realms/consumerRealm/protocol/oid4vc/credential-offer/6VXk2aMs4sQqTF8mVb24u0jfgeoEnLyP.927e8314-bee6-4942-b492-c2653e103b2b.2dc4cc01-3961-43ab-a030-358ad748026b*

In [6]:
print_md("## 1.4- Use the offer uri(e.g. the issuer and nonce fields), to retrieve a preauthorized code")

url=OFFER_URI
headers={'Authorization': f"Bearer {ACCESS_TOKEN}"}
try:
    response = requests.get(url, headers=headers)
    jsonResponse=response.json()
    # print(json.dumps(jsonResponse, indent=4))  # Print the JSON response if it"s in JSON format
    response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
    PRE_AUTHORIZED_CODE=jsonResponse["grants"]["urn:ietf:params:oauth:grant-type:pre-authorized_code"]["pre-authorized_code"]
    print_md (f"{color_md('# **PRE_AUTHORIZED_CODE**', 'green')}=*{PRE_AUTHORIZED_CODE}*")
except requests.exceptions.RequestException as e:
    print(f"Error during request: {e}\n- ErrorResponse:{jsonResponse}\nURL: {url}\n- Headers: {json.dumps(headers, indent=4)}")

## 1.4- Use the offer uri(e.g. the issuer and nonce fields), to retrieve a preauthorized code

<span style='color:green'># **PRE_AUTHORIZED_CODE**</span>=*4553c25d-ff00-424f-a63f-b6a6e2e12bd9.927e8314-bee6-4942-b492-c2653e103b2b.2dc4cc01-3961-43ab-a030-358ad748026b*

In [7]:
# MSG="---\n1.5- Uses the pre-authorized code from the offer to get a credential AccessToken at the authorization server"
# CMD="curl -s -X POST $URL_VCISSUER_TOKEN \
#       --header 'Accept: */*' \
#       --header 'Content-Type: application/x-www-form-urlencoded' \
#       --data grant_type=urn:ietf:params:oauth:grant-type:pre-authorized_code \
#       --data pre-authorized_code=${PRE_AUTHORIZED_CODE} \
#       --data code=${PRE_AUTHORIZED_CODE} | jq '.access_token' -r;"
# export CREDENTIAL_ACCESS_TOKEN=$(runCommand "$CMD" "$MSG")
# echo -e "\nCREDENTIAL_ACCESS_TOKEN=$CREDENTIAL_ACCESS_TOKEN"

print_md("## 1.5- Uses the pre-authorized code from the offer to get a credential AccessToken at the authorization serve")
url=URL_VCISSUER_TOKEN
data={"grant_type": "urn:ietf:params:oauth:grant-type:pre-authorized_code",
      "pre-authorized_code": PRE_AUTHORIZED_CODE,
      "code": PRE_AUTHORIZED_CODE
}
headers={'Content-Type': 'application/x-www-form-urlencoded'}
try:
    response = requests.post(url, data=data, headers=headers)
    jsonResponse=response.json()
    # print(json.dumps(jsonResponse, indent=4))  # Print the JSON response if it"s in JSON format
    response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
    CREDENTIAL_ACCESS_TOKEN=jsonResponse["access_token"]
    print_md (f"{color_md('# **CREDENTIAL_ACCESS_TOKEN**', 'green')}=*{CREDENTIAL_ACCESS_TOKEN}*")
except requests.exceptions.RequestException as e:
    print(f"Error during request: {e}\n- ErrorResponse:{jsonResponse}\nURL: {url}\n- Data: {json.dumps(data, indent=4)}\n- Headers: {json.dumps(headers, indent=4)}")

## 1.5- Uses the pre-authorized code from the offer to get a credential AccessToken at the authorization serve

<span style='color:green'># **CREDENTIAL_ACCESS_TOKEN**</span>=*eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJBUVE3bEFrQ2lZam10OUdxQ1N1c2ZtM19wQ3VqVTVCMUNJeHZvZzRNaUw4In0.eyJleHAiOjE3MzE5MzI3MzUsImlhdCI6MTczMTkzMjQzNSwianRpIjoiOWU3ZWY5YTAtZjcwMy00ZGEzLTljMzAtYzZjYjAzOWJmNTY1IiwiaXNzIjoiaHR0cHM6Ly9maXdhcmVkc2MtY29uc3VtZXIuaXRhLmVzL3JlYWxtcy9jb25zdW1lclJlYWxtIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwic2lkIjoiOTI3ZTgzMTQtYmVlNi00OTQyLWI0OTItYzI2NTNlMTAzYjJiIiwic2NvcGUiOiIifQ.FNWTER6Es19BI48i4HQ9KqXDhz6RzjMjZ4sH4cKQO2xbA-TPG5CYlY64wGrWl97ClC8_ydhnt2LKDCR-NV6qYio7mq8OqDGFne5tevyaQy-sNrT_S2nWi0XEWyxhc7MOwWMcvEr5mZjgS2U0dbqMKINTffaEVNa1ysDF3YE_UNOw9k-hNKXQk15YMVs8CwCeqnLnXNX1vIK9XNAK9xegWqA50hm46AQbLHM1Y1y8f-SDQMKzYblRTCxHUfZNa0hrVQHJC9xG5XilKFi3_cn2WJ6NRrAPRUL1qkQpLkLjsV7btxfMsNy2Ju2RqZxjUdnaI4MSANgWbpzeZb7FZCU3JQ*

In [8]:
# URL_CREDENTIAL_ENDPOINT="$URL_VCISSUER/protocol/oid4vc/credential"
# MSG="---\n1.6- Finally Use the returned access token to get the actual credential"
# CMD="curl -s -X POST \"$URL_CREDENTIAL_ENDPOINT\" \
#       --header 'Accept: */*' \
#       --header 'Content-Type: application/json' \
#       --header \"Authorization: Bearer ${CREDENTIAL_ACCESS_TOKEN}\" \
#   --data \"{\\\"credential_identifier\\\":\\\"$CREDENTIAL_IDENTIFIER\\\", \\\"format\\\":\\\"jwt_vc\\\"}\" | jq '.credential' -r;"
# export VERIFIABLE_CREDENTIAL=$(runCommand "$CMD" "$MSG")
# echo -e "\nVERIFIABLE_CREDENTIAL=$VERIFIABLE_CREDENTIAL"
URL_CREDENTIAL_ENDPOINT=f"{URL_VCISSUER}/protocol/oid4vc/credential"
print_md(f"## 1.6- Finally Use the returned access token to get your goal, the Verifiable Credential")
print_md(f"### Verifiable Credential {color_md(CREDENTIAL_TYPE, 'orange')} For user {color_md(USER_01, 'green')}")
url=URL_CREDENTIAL_ENDPOINT
data={"credential_identifier": CREDENTIAL_TYPE,
      "format": "jwt_vc" }
headers={'Accept': '*/*',
         'Content-Type': 'application/json',
         'Authorization': f'Bearer {CREDENTIAL_ACCESS_TOKEN}'}
try:
    response = requests.post(url, json=data, headers=headers)
    jsonResponse=response.json()
    # print(json.dumps(jsonResponse, indent=4))  # Print the JSON response if it"s in JSON format
    response.raise_for_status()  # Raise an exception for bad status codes (4xx or 5xx)
    VERIFIABLE_CREDENTIAL=jsonResponse["credential"]
    print_md (f"{color_md('# **VERIFIABLE_CREDENTIAL**', 'green')}=*{VERIFIABLE_CREDENTIAL}*")
except requests.exceptions.RequestException as e:
    print(f"Error during request: {e}\n- ErrorResponse:{jsonResponse}\nURL: {url}\n- Data: {json.dumps(data, indent=4)}\n- Headers: {json.dumps(headers, indent=4)}")

## 1.6- Finally Use the returned access token to get your goal, the Verifiable Credential

### Verifiable Credential <span style='color:orange'>user-credential</span> For user <span style='color:green'>oc-user</span>

<span style='color:green'># **VERIFIABLE_CREDENTIAL**</span>=*eyJhbGciOiJFUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkaWQ6d2ViOmZpd2FyZWRzYy1jb25zdW1lci5pdGEuZXMifQ.eyJuYmYiOjE3MzE5MzI0NDMsImp0aSI6InVybjp1dWlkOmUwZDhjNmNhLTFjMDgtNDE2OC04ZjhhLTg0MDBkM2VkNmNiOSIsImlzcyI6ImRpZDp3ZWI6Zml3YXJlZHNjLWNvbnN1bWVyLml0YS5lcyIsInZjIjp7InR5cGUiOlsiVXNlckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpmaXdhcmVkc2MtY29uc3VtZXIuaXRhLmVzIiwiaXNzdWFuY2VEYXRlIjoxNzMxOTMyNDQzLjYwNDAwMDAwMCwiY3JlZGVudGlhbFN1YmplY3QiOnsibGFzdE5hbWUiOiJVc2VyIiwiZmlyc3ROYW1lIjoiT3JkZXJDb25zdW1lciIsInJvbGVzIjpbeyJuYW1lcyI6WyJPUkRFUl9DT05TVU1FUiJdLCJ0YXJnZXQiOiJkaWQ6d2ViOmZpd2FyZWRzYy1jb25zdW1lci5pdGEuZXMifV0sImVtYWlsIjoib3JkZXJjb25zdW1lcnVzZXJAY29uc3VtZXIub3JnIn0sIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2NyZWRlbnRpYWxzL3YxIl19fQ.ogaIKtEyfPLDuXhSpWzmt-htYZ3iO2CWPdRKIL3P3if27HGq12k8vrnLPoi7dDAW45sJkuXI11fuSsYGLaoUCA*