multipaz/org.multipaz.provisioning/DocumentProvisioningHandler

DocumentProvisioningHandler

open class DocumentProvisioningHandler(val secureArea: SecureArea, val documentStore: DocumentStore, val metadataHandler: DocumentProvisioningHandler.AbstractDocumentMetadataHandler? = null, val defaultDocumentProvisioningSettings: DocumentProvisioningSettings = DocumentProvisioningSettings()) : AbstractDocumentProvisioningHandler

Implementation of AbstractDocumentMetadataHandler suitable for most uses.

This implementation uses DocumentUtil.managedCredentialHelper with per-document settings obtained using getDocumentProvisioningSettings.

Applications can fine-tune what kind of credentials to retrieve for a particular document and/or issuer by overriding getDocumentProvisioningSettings if the default DocumentProvisioningSettings is not suitable.

The default settings are to request two domains of credentials, one with user authentication required and a domain for without. This is to enable an optional "pre-consent" experience, with this setup a wallet app can simply check if it has credentials in the no-auth-required domain and if so offer a setting for the user to present the credential to e.g. select RPs without any consent or authentication.

However, some issuers will not want to mint credentials without user authentication and will enforce this by e.g. checking the Android Keystore key attestation for whether the key is configured to require user authentication. For such issuers, the application can disable requesting such credentials by tweaking the settings for that particular issuer and/or credential type.

Parameters

secureArea

credentials will be bound to keys from this SecureArea

documentStore

new Document will be created in this DocumentStore

metadataHandler

interface that initializes and updates document metadata; it may be provided if DocumentStore uses an AbstractDocumentMetadata factory (see DocumentStore.Builder.setDocumentMetadataFactory).

defaultDocumentProvisioningSettings

the default DocumentProvisioningSettings to use.

Constructors

Link copied to clipboard
constructor(secureArea: SecureArea, documentStore: DocumentStore, metadataHandler: DocumentProvisioningHandler.AbstractDocumentMetadataHandler? = null, defaultDocumentProvisioningSettings: DocumentProvisioningSettings = DocumentProvisioningSettings())

Types

Link copied to clipboard
interface AbstractDocumentMetadataHandler

Manager document metadata when the document is created and when the metadata is updated from the server.

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
open suspend override fun cleanupCredentialsOnError(pendingCredentials: List<Credential>, err: Throwable)

Clean up after failed not-initial (e.g. credential refresh) provisioning.

Link copied to clipboard
open suspend override fun cleanupDocumentOnError(document: Document, err: Throwable)

Clean up after failed initial provisioning (e.g. by deleting the document)

Link copied to clipboard
open suspend override fun createDocument(credentialMetadata: CredentialMetadata, issuerMetadata: ProvisioningMetadata, documentAuthorizationData: ByteString?): Document

Creates a new Document to do initial credential provisioning.

Link copied to clipboard
open suspend fun getDocumentProvisioningSettings(document: Document, credentialMetadata: CredentialMetadata, issuerMetadata: ProvisioningMetadata): DocumentProvisioningSettings

Function to select which DocumentProvisioningSettings to use when provisioning.

Link copied to clipboard
open suspend override fun getPendingKeyBoundCredentials(document: Document, credentialMetadata: CredentialMetadata, issuerMetadata: ProvisioningMetadata, createKeySettings: CreateKeySettings): List<SecureAreaBoundCredential>

Gets the pending key-bound credentials for a document.

Link copied to clipboard
open suspend override fun getPendingKeylessCredentials(document: Document, credentialMetadata: CredentialMetadata, issuerMetadata: ProvisioningMetadata): List<Credential>

Gets the pending keyless credentials.

Link copied to clipboard
open suspend override fun updateDocument(document: Document, display: Display?, documentAuthorizationData: ByteString?)

Update the Document data.

Generated by Dokka
© 2026 Copyright