Migration from 2.X to 3.X
View SourceVersion 3 of Boruta brings decentralized identity, several additions were made in order to stick to the according specifications:
Resource owners
Boruta.Oauth.ResourceOwner
schema come with several attributes additions to support OID4VC protocols:
authorization_details
help to have the associated credential issuance information that is later on stored atBoruta.Aotuh.Token
level to enable credentials restriction in provided credential offers.credential_configuration
help to define the resource owner accessible credentials configurations used in credential issuance process to provide credential information to the wallet.presentation_configuration
help to define the resource owner, may it be represented by a wallet or not, to access the presentations provided by the server.
Authorize requests
Authorization controller, part of the application layer, Boruta.Oauth.AuthorizeApplication.authorize_success
callback manage, on top of already existing responses, Boruta.Openid.CredentialOfferResponse
, Boruta.Openid.SiopV2Response
and Boruta.Openid.VerifiablePresentationResponse
. Those responses may be handled by the controller
Direct post
Boruta.Openid.DirectPostApplication
behaviour may be implemented to handle direct post requests, helping to manage the client/server requesting inversion for the wallet to interface with the issuer and verifier. Both the endpoint exposition and the callbacks are to be implemented.
Credentials controller
OpenID 4 Verifiable Credentials Issuance expose a credential endpoint that is to be implemented in order to issue credentials provided an access token with the right privileges. Boruta.Openid.CredentialApplication
gives the callbacks to be implemented when Boruta.Openid.credential
function is called.
Token response
Boruta.Oauth.TokenResponse
has added attributes to support decentralized identity additions:
c_nonce
is the credential nonce that is access token bounded to ensure credentials are the ones that correspond to the request.agent_token
is from a custom protocol enabling to bind data to tokens to be used later on.authorization_details
is the credential restriction the access token have access to.
Pushed authorization requests
Boruta.Oauth.PushedAuthorizationRequestApplication
behaviour is to be implemented to expose pushed authorization requests endpoint in application layer. Both the Boruta.Oauth.pushed_authorization_request
function call and given callbacks are to be implemented.