Supposing we have an OIDC provider and a front end for the user to acquire his access token for us, we can fetch his userInfo and map it to a Verifiable Credential, which will then be issued.
Procedure:
- Endpoint:
- expect access token and userinfo URL
- fetch userinfo using token and url
- create connection (invitation url, connection id) by calling connection manager
- save userinfo and connection id to DB (temporarily)
- return invitation url and userInfo preview from endpoint (this will be displayed in the PORTAL)
- Listener:
- Listen for connectionStateChanged event
- when complete and matching some qualifier (contains userinfo or a tag in the db for this type of connections) map the userinfo from db to a VC
- create schema based on keys of userinfo
- create credDef
- issue VC by calling attestation manager
- delete record from DB
Possible issues:
- what happens when QR code is not scanned before connection is deleted and how do we let user know
- invalidation of access token possible