Skip to content
/ oid4vc Public
generated from lukasjhan/monorepo-template

Simple and Easy Client & Server Frameworks for OpenID4VCI and OpenID4VP

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lukasjhan/oid4vc

BranchesTags

Repository files navigation

OID4VC 🔐

Simple, batteries-included Typescript implementation of OpenID4VCI and OpenID4VP server and client.

TypeScript Express NestJS Axios

⭐️ Features

  • 🔋 Batteries Included: Everything you need to implement OpenID4VCI and OpenID4VP standards
  • 🚀 Zero Protocol Knowledge Required: Focus on your business logic, we handle the protocol details
  • 💪 Type-Safe: Written in TypeScript with comprehensive type definitions
  • 🛡️ Secure by Design: Implements all security best practices out of the box
  • 🎯 Wide Framework Support: Express.js, NestJS and etc
  • 📦 Modern Stack: Built with TypeScript, Express, NestJS, and Axios

📦 Packages

Package Description Version
@oid4vc/oid4vci Express.js middleware for OpenID4VCI npm
@oid4vc/oid4vci-nestjs NestJS module for OpenID4VCI npm
@oid4vc/oid4vci-client OpenID4VCI Client npm
@oid4vc/oid4vp Express.js middleware for OpenID4VP npm
@oid4vc/oid4vp-nestjs NestJS module for OpenID4VP npm
@oid4vc/oid4vp-client OpenID4VP Client npm

🚀 Quick Start

Express Middleware

import { Oid4VciMiddleware } from '@oid4vc/express-oid4vci';

const middleware = new Oid4VciMiddleware({
  credential_issuer: 'https://issuer.example.com',
  credential_handler: async (request) => {
    // Your credential issuance logic here
    return {
      /* credential response */
    };
  },
});

app.use(middleware.getRouter());

NestJS Module

// Define your service
@Injectable()
export class CustomOid4VciService extends Oid4VciService {
  async handleCredentialRequest(request: CredentialRequestDto) {
    // Your credential issuance logic here
    return {
      /* credential response */
    };
  }
}

// Use in your module
@Module({
  imports: [
    Oid4VciModule.register(
      {
        credential_issuer: 'https://issuer.example.com',
      },
      CustomOid4VciService,
    ),
  ],
})
export class AppModule {}

Client Usage

import { Oid4vciClient } from '@oid4vc/client';

const client = new Oid4vciClient();
const credential = await client.getCredential({
  credential_issuer: 'https://issuer.example.com',
  // ...other options
});

Security Considerations

OpenID4VCI Security

  • Trust establishment between Wallet and Issuer
    • Key attestation support for validating key management policies
    • Client authentication support using standard OAuth methods
    • Wallet attestation support for client authenticity verification
  • Credential Offer Security
    • Parameter validation and trust verification
    • Protection against phishing and injection attacks
    • Legal compliance for privacy-sensitive data
  • Pre-Authorized Code Flow Protection
    • Transaction code implementation for replay prevention
    • Protection against transaction code phishing
    • Trusted issuer validation
  • Credential Management
    • Proper credential lifecycle management
    • Fraud detection and invalidation mechanisms
    • Device integrity checks
  • Proof Security
    • Nonce-based replay attack prevention
    • Key proof lifetime management
    • Private key protection verification
  • Access Token Protection
    • Proper token lifetime management
    • Sender-constrained access tokens for long-lived tokens
    • Secure token storage implementation

OpenID4VP Security

  • VP Token Replay Prevention
    • Cryptographic proof of possession
    • Audience binding (client_id)
    • Transaction binding (nonce)
    • Multi-presentation validation
  • Session Security
    • Protection against session fixation attacks
    • Response mode security considerations
    • Cross-device security measures
  • Response URI Protection
    • URI validation and verification
    • State parameter validation
    • Response data access control
  • Authentication Security
    • Stable and unique identifier validation
    • Global uniqueness verification
    • Credential issuer binding
  • Response Encryption
    • Integrity protection for encrypted responses
    • Protection against tampering
  • Presentation Exchange Security
    • Trusted source validation for definitions
    • JSONPath security measures
    • Filter property bounds checking

📈 Project Goals

  • Simplicity First: Make it easy to implement OpenID4VCI/VP without deep protocol knowledge
  • Developer Experience: Focus on making the API intuitive and well-documented
  • Production Ready: Built for real-world usage with security and scalability in mind
  • Framework Flexibility: Support multiple frameworks while maintaining consistent API
  • Type Safety: Leverage TypeScript for better development experience and error prevention
  • Test Coverage: Ensure code quality and robustness

📚 Documentation

For detailed documentation, please visit our documentation site.

📄 License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details.

About

Simple and Easy Client & Server Frameworks for OpenID4VCI and OpenID4VP

Topics

openid openid4vp openid4vci openid4vc

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Contributors 2

  •  
  •  

Languages