Skip to content

Commit

Permalink
chore: Refactor of Wallet Instance Attestation token endpoint
Browse files Browse the repository at this point in the history
Refs: #94
Fixes #80 and #93
  • Loading branch information
grausof authored Aug 8, 2023
1 parent 5c79d76 commit d82d5aa
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 3 deletions.
25 changes: 24 additions & 1 deletion docs/en/wallet-instance-attestation.rst
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ request where the decoded JWS headers and payload are separated by a comma:
"aud": "https://wallet-provider.example.org",
"jti": "6ec69324-60a8-4e5b-a697-a766d85790ea",
"type": "WalletInstanceAttestationRequest",
"nonce" : "....."
"nonce" : ".....",
"cnf": {
"jwk": {
"crv": "P-256",
Expand Down Expand Up @@ -331,3 +331,26 @@ Below is an example of Wallet Instance Attestation:
"iat": 1687281195,
"exp": 1687288395
}
Obtain a Wallet Instance Attestation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To obtain the Wallet Instance Attestation it is necessary
to make a `POST <https://datatracker.ietf.org/doc/html/rfc6749#section-3.2>`__
request to the Wallet Solution `token endpoint`_.

Below a non-normative example of the request.

.. code-block:: http
POST /token HTTP/1.1
Host: wallet-provider.example.org
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
&assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMiLCJ0eXAiOiJ2YXIrand0In0.eyJpc3MiOiJ2YmVYSmtzTTQ1eHBodEFObkNpRzZtQ3l1VTRqZkdOem9wR3VLdm9nZzljIiwiYXVkIjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmciLCJqdGkiOiJmNTY1MjA3Mi1hYmVmLTQ1OTktYjg2My05YTY5MDYwNzMyY2MiLCJ0eXBlIjoiV2FsbGV0SW5zdGFuY2VBdHRlc3RhdGlvblJlcXVlc3QiLCJub25jZSI6Ii4uLi4uIiwiY25mIjp7Imp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCJ5IjoiTElablNCMzl2RkpoWWdTM2s3alhFNHIzLUNvR0ZRd1p0UEJJUnFwTmxyZyIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMifX0sImlhdCI6MTY5MTQ4ODk2MiwiZXhwIjoxNjkxNDk2MTYyfQ.Azg8zBzjCB2ms9XHVDCzP92kh3XcVR6dD4Z_aFZslBO-6i3xwGwDsk4W8uESr-ba84wXgyIzn_vKX3exVFfO6g
the assertion parameter is used as an authentication parameter
of the Wallet Instance.

.. _token endpoint: wallet-solution.html#wallet-instance-attestation
5 changes: 3 additions & 2 deletions docs/en/wallet-solution.rst
Original file line number Diff line number Diff line change
Expand Up @@ -260,10 +260,10 @@ Below a non-normative example of the Entity Configuration.
Wallet Instance Attestation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The **token** endpoint requires two parameters as input, in HTTP Post method:
The **token** endpoint (as defined in `RFC 7523 section 4`_) requires two parameters as input, in HTTP Post method:

``grant_type`` which in our case is a string:
``urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation``
``urn:ietf:params:oauth:grant-type:jwt-bearer``

``assertion`` which contains the signed JWT of the Wallet Instance Attestation
Request.
Expand All @@ -283,3 +283,4 @@ External references
.. _Wallet Instance Attestation section: wallet-instance-attestation.html
.. _Trusty: https://source.android.com/docs/security/features/trusty
.. _Secure Enclave: https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web
.. _RFC 7523 section 4: https://www.rfc-editor.org/rfc/rfc7523.html#section-4

0 comments on commit d82d5aa

Please sign in to comment.