multipaz/org.multipaz.provisioning/ProvisioningClient

ProvisioningClient

interface ProvisioningClient

Interface to provision credentials, typically from a server (such as OpenId4Vci server).

An instance of this interface provisions credentials for a single document.

Provisioning is generally performed in this sequence of steps:

  • create appropriate ProvisioningClient using externally-supplied data, e.g. provisioning server and the protocol, or OpenId4Vci credential offer,

  • examine provisioning metadata returned by getMetadata to ensure that provisioning is feasible and to configure local systems, e.g. SecureArea,

  • get a list of AuthorizationChallenge objects, each of which describes a particular way to authorize the user; once the list is empty, the user is fully authorized

  • select a supported/desirable way of authorization and supply necessary information using authorize method,

  • once user is fully authorized, obtain key binding challenge and create device binding key(s) to which credentials will be bound (this step is not needed for keyless credentials),

  • obtain credentials using obtainCredentials call.

Functions

Link copied to clipboard
abstract suspend fun authorize(response: AuthorizationResponse)

Sends response to an authorization challenge from the list previously obtained using getAuthorizationChallenges.

Link copied to clipboard
abstract suspend fun getAuthorizationChallenges(): List<AuthorizationChallenge>

Returns the list of authorization challenges.

Link copied to clipboard
abstract suspend fun getKeyBindingChallenge(): String

Returns a challenge for the key(s) to which the credential(s) will be bound.

Link copied to clipboard
abstract suspend fun getMetadata(): ProvisioningMetadata

Reads provisioning server metadata

Link copied to clipboard
abstract suspend fun obtainCredentials(keyInfo: KeyBindingInfo): List<ByteString>

Obtains credentials using key binding information.