Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Comments

[OID4VCI] Add support for credential issuance policies#46466

Open
tdiesler wants to merge 10 commits intokeycloak:mainfrom
tdiesler:ghi46262
Open

[OID4VCI] Add support for credential issuance policies#46466
tdiesler wants to merge 10 commits intokeycloak:mainfrom
tdiesler:ghi46262

Conversation

@tdiesler
Copy link
Contributor

@tdiesler tdiesler commented Feb 19, 2026
edited
Loading

closes #46262

discussion: #46467

depends on
#46261

@tdiesler tdiesler requested review from a team as code owners February 19, 2026 12:23
@tdiesler tdiesler mentioned this pull request Feb 19, 2026
Open
@tdiesler tdiesler changed the title Ghi46262 [OID4VCI] Add support for credential issuance policies Feb 19, 2026
@tdiesler
Copy link
Contributor Author

tdiesler commented Feb 19, 2026

Wit this PR you get basic policy definitions like this

    /**
     * Credential Policy that governs whether the given `credential_configuration_id` requires a Credential Offer
     */
    VC_POLICY_CREDENTIAL_OFFER_REQUIRED = new CredentialPredicatePolicy("vc.policy.offer.required", true, false);

    /**
     * Credential Policy that governs whether Credential Offers with `pre-authorized_code` grant are allowed
     */
    VC_POLICY_CREDENTIAL_OFFER_PRE_AUTH_ALLOWED = new CredentialPredicatePolicy("vc.policy.offer.pre-auth.allowed", true, true);

    /**
     * Credential Policy that governs whether Credential Offers with `pre-authorized_code` grant require a `tx_code`
     */
    VC_POLICY_CREDENTIAL_OFFER_TX_CODE_REQUIRED = new CredentialPredicatePolicy("vc.policy.offer.tx-code.required", true, false);

which are enforced by the new CredentialOfferProvider. This is the single (java) entry point for all clients that want to create a credential offer.

@tdiesler tdiesler force-pushed the ghi46262 branch 3 times, most recently from fc9e385 to ff796cc Compare February 19, 2026 18:31
@tdiesler tdiesler mentioned this pull request Feb 20, 2026
Open
@tdiesler tdiesler force-pushed the ghi46262 branch 4 times, most recently from faf7ac0 to 8e06141 Compare February 20, 2026 12:14
keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Feb 20, 2026
View reviewed changes
Copy link

@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

keycloak-github-bot bot commented Feb 20, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.model.infinispan.EmbeddedInfinispanSplitBrainTest#testLocalCacheClearedOnMergeEvent

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at [email protected]/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at [email protected]/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at [email protected]/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

java.lang.AssertionError
	at org.junit.Assert.fail(Assert.java:87)
	at org.junit.Assert.assertTrue(Assert.java:42)
	at org.junit.Assert.assertTrue(Assert.java:53)
	at org.keycloak.testsuite.model.infinispan.EmbeddedInfinispanSplitBrainTest.awaitLatch(EmbeddedInfinispanSplitBrainTest.java:112)
...

Report flaky test

@tdiesler
[OID4VCI] Add support for CredentialScopeRepresentation
6b9e183 
Signed-off-by: Thomas Diesler <[email protected]>
@tdiesler
Merge branch 'ghi45979' into ghi46261
18df382 
* ghi45979:
  [OID4VCI] Revisit and fix OAuthClient.authorizationRequest()
@tdiesler
Merge branch 'ghi46355' into ghi46261
e4189c6 
* ghi46355:
  [OID4VCI] Add support for CredentialScopeRepresentation
@tdiesler
Merge branch 'ghi45005' into ghi46261
7f67358 
* ghi45005:
  Redact the TxCode in response to /credential-offer-create
  [OID4VCI] Revisit and fix /credential_offer_uri endpoint
@tdiesler
[OID4VCI] Add support for issuer_state on credential offer
837fe90 
Signed-off-by: Thomas Diesler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

flaky-test team/cloud-native team/core-clients team/core-iam team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OID4VCI] Add support for credential issuance policies

1 participant

@tdiesler