Functionality
The IDP Kit makes it easy for you to build and launch your own OIDC compliant identity provider utilizing SSI, NFTs or Sign-In with Ethereum to obtain identity data.
Depending on your requirements the IDP Kit can be configured to map data from verifiable credentials or NFTs to standard OIDC claims (e.g. OIDC profile scope), or to deliver the presented credentials, NFTs or account addresses as they are via the custom vp_token
and nft_token
siwe
claims.
The following overview summarizes the basic features of the IDP Kit:
OIDC
Standard OIDC protocol support, when interfacing with end user applications
Support for OIDC scopes like
profile
,address
,email
, and standard claimsSupport for custom
vp_token
andnft_token
claims, to allow client applications to request credential or nft token data from the user
Support for various OIDC flows, including code flow, implicit flow and hybrid flows
Support for OIDC auto discovery via well-known endpoint for OpenID provider metadata
SSI
Credential presentation exchange with SSI wallets via the OIDC/SIOPv2 protocol
Verification of credential and presentation signatures, challenges and compliance with the presentation request
Pluggability of additional verification policies
Support for custom verification policies
NFTs
NFT metadata exchange with NFT wallets such as MetaMask
Verification of NFT collections and traits
Sign-In with Ethereum
Get account addresses from wallets such as MetaMask
Verify ownership of the address
Claims and claim mapping
Support for mapping credential and NFT data to standard OIDC claims and scopes
Custom
vp_token
claim to propagate the verified presentation including all required credentials to the end user application as user infoCustom
nft_token
claim to propagate verified NFT metadata, such as collection membership and token traits, to the end user application as user infoCustom
siwe
claim to propagate verified addresses to the end user application as user info
Client authentication
Configuration of client IDs, client secrets and redirect uri, to enforce client authentication (via client_secret_basic mode)
Dynamic client registration
Signature types
Support for RS256, EdDSA and ES256K key and signature types, for signing tokens
Publishing of public keys on standard OIDC JWK set endpoint, to enable clients to verify token signatures
Last updated