Support OpenID Connect for Verifiable Presentations (SIOP)

[rolsonquadras]

Wallet should support OpenID Connect for Verifiable Presentations spec. The spec uses DIF Presentation Exchange specification, which is already supported by TrustBloc wallet. As part of the implementation, the PEx should be wrapped in OIDC SIOP request/response.

Tasks:

• [x] Handle Auth request
  • Add Authentication request endpoint in wallet-web
  • Extract PEx from claims query param
  • Run a search through existing VCs in Wallet
  • Show preview/consent screen
  • Construct Authentication Response (including vp_token)
• [x] https://github.com/trustbloc/wallet/issues/1529
• [x] https://github.com/trustbloc/wallet/issues/1530
• [x] https://github.com/trustbloc/wallet/issues/1563
• [x] https://github.com/trustbloc/wallet/issues/1560
• [x] https://github.com/trustbloc/wallet/issues/1585
• [ ] https://github.com/trustbloc/wallet/issues/1558
  • [ ] #1627
  • [ ] #1628
• [ ] https://github.com/trustbloc/wallet/issues/1559
• [x] https://github.com/trustbloc/wallet/issues/1582
• [ ] https://github.com/trustbloc/wallet/issues/1652

Additional Tasks:

• [ ] SIOP authorization request claims as URL encoded string (and base64URL support if required)
• [ ] currently wallet is reading and validating only presentation definition from claims vp_token & redirect URL
• [ ] validating VP formats from vp_token against RP metadata vp_formats.
• [ ] id token from wallet has to be upgraded to match specifications. Currently fake empty JWT is being used.
• [ ] preventing replay attacks (using nonce)
• [ ] fetching presentation definition by reference
• [ ] Support for Federations/Trust Schemes
• [ ] Need story for authorization token flow

[sudeshrshetty]

Reference for how to perform presentation definition query in wallet: https://github.com/trustbloc/agent-sdk/blob/51b612b6a37ab5b44824078b00420d7cd6e3c737/cmd/wallet-js-sdk/test/specs/credential/credential-manager.spec.js#L455-L472