You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Credential Offers can be pre-authorized and/or bound to a specific target user.
Credential Offer Validity Matrix for the supported request parameters "pre_authorized", "username" combinations.
Pre-Auth
Username
Valid
Notes
no
no
yes
Anonymous offer; any logged-in user may redeem.
no
yes
yes
Offer restricted to a specific user.
yes
no
yes
Self issued pre-auth offer.
yes
yes
yes
Pre-auth offer restricted to a specific target user.
Pre-Authorized Offer
A pre-authorized offer is authorized for the clientId from the current login session
If targetUser is null or empty, it defaults to the user from the current login session
If targetUser is equal to the current login, the generated offer is "self issued"
To create an offer for another user, the issuing user must hold the code credential_offer_create role
A pre-authorized offer can optionally have an associated tx_code
An offer can optionally have a predefined expiry date
Non Pre-Authorized Offer
If targetUser is null or empty, the generated offer is "anonymous"
If targetUser is equal to the current login, the offer is "self issued"
If targetUser is none of the above, the offer is "targeted"
For a targeted offer, the issuing user must hold the code credential_offer_create role
An offer can optionally have a predefined expiry date
Response Type
The response type parameter supports "Same Device" and "Cross Device" use cases.
Type
Mime-Type
Notes
uri
application/json
JSON document that contains the offer uri
uri+qr
application/json
Same as 'uri' plus url encoded qr-code
qr
image/png
Credential offer encoded as qr-code image
This endpoint creates an internal credential offer state, which can then be accessed via a uniquely generated credential offer uri. It is the responsibility of the caller to communicate the credential offer to the target user in a secure manner.
If the response contains a generated tx_code, which protects a pre-auth offer with a second layer of security, this tx_code must be sent over an alternative communication channel (i.e. not together with the offer itself).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
This discussion describes a proposal for the revised
/credential-offer-uriendpointRelated issue: #45005
The proposed endpoint signature looks like this ...
Credential Offers can be pre-authorized and/or bound to a specific target user.
Credential Offer Validity Matrix for the supported request parameters "pre_authorized", "username" combinations.
Pre-Authorized Offer
code credential_offer_createroleNon Pre-Authorized Offer
code credential_offer_createroleResponse Type
The response type parameter supports "Same Device" and "Cross Device" use cases.
This endpoint creates an internal credential offer state, which can then be accessed via a uniquely generated credential offer uri. It is the responsibility of the caller to communicate the credential offer to the target user in a secure manner.
If the response contains a generated tx_code, which protects a pre-auth offer with a second layer of security, this tx_code must be sent over an alternative communication channel (i.e. not together with the offer itself).
Beta Was this translation helpful? Give feedback.
All reactions