Skip to content

[OID4VP] Provide the endpoints required for the OID4VP protocol #48591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
tdiesler wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

[OID4VP] Provide the endpoints required for the OID4VP protocol #48591

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
65fe47b
[OID4VP] Provide the endpoints required for the OID4VP protocol
tdiesler Apr 27, 2026
5641105
[OID4VP] Initial oid4vp identity provider
dominikschlosser Apr 24, 2026
370ba66
-- fix compile issue with ClientBuilder
tdiesler Apr 29, 2026
325efbd
[OID4VP] Fix build / rename packages and classes
dominikschlosser Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions common/src/main/java/org/keycloak/common/Profile.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ public enum Feature {

OID4VC_VCI("Support for the OID4VCI protocol as part of OID4VC.", Type.EXPERIMENTAL),
OID4VC_VCI_PREAUTH_CODE("Support for credential offers with `pre-authorized_code` grant.", Type.EXPERIMENTAL, OID4VC_VCI),
OID4VC_VP("Support for the OID4VP verifier identity provider as part of OID4VC.", Type.EXPERIMENTAL),

OPENTELEMETRY("OpenTelemetry support", Type.DEFAULT),
OPENTELEMETRY_LOGS("OpenTelemetry Logs support", Type.PREVIEW, OPENTELEMETRY),
Expand Down
2 changes: 1 addition & 1 deletion integration/admin-client/src/main/java/org/keycloak/admin/client/Keycloak.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
import static org.keycloak.OAuth2Constants.PASSWORD;

/**
* Provides a Keycloak client. By default, this implementation uses a the default RestEasy client builder settings.
* Provides a Keycloak client. By default, this implementation uses the default RestEasy client builder settings.
* To customize the underling client, use a {@link KeycloakBuilder} to create a Keycloak client.
*
* To read Responses, you can use {@link CreatedResponseUtil} for objects created
Expand Down
8 changes: 8 additions & 0 deletions services/src/main/java/org/keycloak/protocol/oid4vc/model/CredentialResponse.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,12 @@
import java.util.ArrayList;
import java.util.List;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;

import static org.keycloak.OID4VCConstants.SDJWT_DELIMITER;

/**
* Represents a CredentialResponse according to the OID4VCI Spec
* {@see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-response}
Expand Down Expand Up @@ -80,5 +83,10 @@ public Credential setCredential(Object credential) {
this.credential = credential;
return this;
}

@JsonIgnore
public boolean isSdJwt() {
return String.valueOf(credential).indexOf(SDJWT_DELIMITER) > 0;
}
}
}
170 changes: 170 additions & 0 deletions ...s/src/main/java/org/keycloak/protocol/oid4vc/model/presentation/AuthorizationRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
/*
* Copyright 2026 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.protocol.oid4vc.model.presentation;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
public class AuthorizationRequest {

@JsonProperty("jti")
private String jti;

@JsonProperty("iss")
private String issuer;

@JsonProperty("aud")
private String audience;

@JsonProperty("iat")
private Long issuedAt;

@JsonProperty("exp")
private Long expiration;

@JsonProperty("client_id")
private String clientId;

@JsonProperty("response_type")
private String responseType;

@JsonProperty("response_mode")
private String responseMode;

@JsonProperty("response_uri")
private String responseUri;

@JsonProperty("state")
private String state;

@JsonProperty("nonce")
private String nonce;

@JsonProperty("dcql_query")
private DcqlQuery dcqlQuery;

public String getJti() {
return jti;
}

public AuthorizationRequest setJti(String jti) {
this.jti = jti;
return this;
}

public String getIssuer() {
return issuer;
}

public AuthorizationRequest setIssuer(String issuer) {
this.issuer = issuer;
return this;
}

public String getAudience() {
return audience;
}

public AuthorizationRequest setAudience(String audience) {
this.audience = audience;
return this;
}

public Long getIssuedAt() {
return issuedAt;
}

public AuthorizationRequest setIssuedAt(Long issuedAt) {
this.issuedAt = issuedAt;
return this;
}

public Long getExpiration() {
return expiration;
}

public AuthorizationRequest setExpiration(Long expiration) {
this.expiration = expiration;
return this;
}

public String getClientId() {
return clientId;
}

public AuthorizationRequest setClientId(String clientId) {
this.clientId = clientId;
return this;
}

public String getResponseType() {
return responseType;
}

public AuthorizationRequest setResponseType(String responseType) {
this.responseType = responseType;
return this;
}

public String getResponseMode() {
return responseMode;
}

public AuthorizationRequest setResponseMode(String responseMode) {
this.responseMode = responseMode;
return this;
}

public String getResponseUri() {
return responseUri;
}

public AuthorizationRequest setResponseUri(String responseUri) {
this.responseUri = responseUri;
return this;
}

public String getState() {
return state;
}

public AuthorizationRequest setState(String state) {
this.state = state;
return this;
}

public String getNonce() {
return nonce;
}

public AuthorizationRequest setNonce(String nonce) {
this.nonce = nonce;
return this;
}

public DcqlQuery getDcqlQuery() {
return dcqlQuery;
}

public AuthorizationRequest setDcqlQuery(DcqlQuery dcqlQuery) {
this.dcqlQuery = dcqlQuery;
return this;
}
}
38 changes: 38 additions & 0 deletions services/src/main/java/org/keycloak/protocol/oid4vc/model/presentation/DcqlClaimQuery.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
* Copyright 2026 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.protocol.oid4vc.model.presentation;

import java.util.List;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonInclude(JsonInclude.Include.NON_NULL)
public class DcqlClaimQuery {

@JsonProperty("path")
private List<String> path;

public List<String> getPath() {
return path;
}

public DcqlClaimQuery setPath(List<String> path) {
this.path = path;
return this;
}
}
38 changes: 38 additions & 0 deletions ...ces/src/main/java/org/keycloak/protocol/oid4vc/model/presentation/DcqlCredentialMeta.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
* Copyright 2026 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.protocol.oid4vc.model.presentation;

import java.util.List;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonInclude(JsonInclude.Include.NON_NULL)
public class DcqlCredentialMeta {

@JsonProperty("vct_values")
private List<String> vctValues;

public List<String> getVctValues() {
return vctValues;
}

public DcqlCredentialMeta setVctValues(List<String> vctValues) {
this.vctValues = vctValues;
return this;
}
}
74 changes: 74 additions & 0 deletions ...es/src/main/java/org/keycloak/protocol/oid4vc/model/presentation/DcqlCredentialQuery.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/*
* Copyright 2026 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.protocol.oid4vc.model.presentation;

import java.util.List;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonInclude(JsonInclude.Include.NON_NULL)
public class DcqlCredentialQuery {

@JsonProperty("id")
private String id;

@JsonProperty("format")
private String format;

@JsonProperty("meta")
private DcqlCredentialMeta meta;

@JsonProperty("claims")
private List<DcqlClaimQuery> claims;

public String getId() {
return id;
}

public DcqlCredentialQuery setId(String id) {
this.id = id;
return this;
}

public String getFormat() {
return format;
}

public DcqlCredentialQuery setFormat(String format) {
this.format = format;
return this;
}

public DcqlCredentialMeta getMeta() {
return meta;
}

public DcqlCredentialQuery setMeta(DcqlCredentialMeta meta) {
this.meta = meta;
return this;
}

public List<DcqlClaimQuery> getClaims() {
return claims;
}

public DcqlCredentialQuery setClaims(List<DcqlClaimQuery> claims) {
this.claims = claims;
return this;
}
}
Loading
Loading