Functionality

The IDP Kit makes it easy for you to build and launch your own OIDC compliant identity provider utilizing SSI, NFTs or Sign-In with Ethereum to obtain identity data.

Depending on your requirements the IDP Kit can be configured to map data from verifiable credentials or NFTs to standard OIDC claims (e.g. OIDC profile scope), or to deliver the presented credentials, NFTs or account addresses as they are via the custom vp_token and nft_token siwe claims.

The following overview summarizes the basic features of the IDP Kit:

  • OIDC

    • Standard OIDC protocol support, when interfacing with end user applications

    • Support for OIDC scopes like profile, address, email, and standard claims

      • Support for custom vp_token and nft_token claims, to allow client applications to request credential or nft token data from the user

    • Support for various OIDC flows, including code flow, implicit flow and hybrid flows

    • Support for OIDC auto discovery via well-known endpoint for OpenID provider metadata

  • SSI

    • Credential presentation exchange with SSI wallets via the OIDC/SIOPv2 protocol

    • Verification of credential and presentation signatures, challenges and compliance with the presentation request

      • Pluggability of additional verification policies

      • Support for custom verification policies

  • NFTs

    • NFT metadata exchange with NFT wallets such as MetaMask

    • Verification of NFT collections and traits

  • Sign-In with Ethereum

    • Get account addresses from wallets such as MetaMask

    • Verify ownership of the address

  • Claims and claim mapping

    • Support for mapping credential and NFT data to standard OIDC claims and scopes

    • Custom vp_token claim to propagate the verified presentation including all required credentials to the end user application as user info

    • Custom nft_token claim to propagate verified NFT metadata, such as collection membership and token traits, to the end user application as user info

    • Custom siwe claim to propagate verified addresses to the end user application as user info

  • Client authentication

    • Configuration of client IDs, client secrets and redirect uri, to enforce client authentication (via client_secret_basic mode)

    • Dynamic client registration

  • Signature types

    • Support for RS256, EdDSA and ES256K key and signature types, for signing tokens

    • Publishing of public keys on standard OIDC JWK set endpoint, to enable clients to verify token signatures

Last updated