You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After the wallet delivers a verified presentation via `direct_post`, a one-time `response_code` bridges the
104
+
OpenID4VP step to your OAuth 2.0 token endpoint.
105
+
106
+
**Flow**
107
+
108
+
1. The wallet POSTs `vp_token` and `state` to your `response_uri`.
109
+
2. You call `oid4Vp.processDirectPost(vpToken, state, handler)`; the library verifies presentations and invokes your handler.
110
+
3. For login flows, return `DirectPostResult.issueResponseCode()` from the handler. The library stores the verified session and issues a single-use `response_code`.
111
+
4. The frontend obtains that code in one of two ways:
112
+
-**Wallet redirect** (`redirect(true)`): the wallet redirects the user agent to `redirect_uri#response_code=…`.
113
+
-**QR / poll** (`redirect(false)`): the frontend polls `GET …/response/{state}` until it receives `{ "response_code": "…" }` (204 while pending).
114
+
5. The frontend exchanges `state` + `response_code` at your OAuth 2.0 token endpoint (for example `POST …/token`).
115
+
6. You resolve the stored presentation by `response_code`, validate it matches `state`, extract claims, issue access/refresh tokens, and call `oid4Vp.invalidateResponseCode(request)` so the code cannot be reused.
116
+
117
+
Non-login flows (for example “add credential without signing in”) can return `DirectPostResult.complete()` instead; polling then returns `{ "completed": true }` with no `response_code`.
118
+
119
+
**Server-side example** (adapt paths and token issuance to your application):
120
+
121
+
```java
122
+
importcom.fasterxml.jackson.databind.JsonNode;
123
+
importde.eecc.oid4vc.oid4vp.PresentationClaims;
124
+
importde.eecc.oid4vc.oid4vp.VpTokenResponse;
125
+
importde.eecc.oid4vc.oid4vp.api.DirectPostResult;
126
+
127
+
importjava.util.Optional;
128
+
129
+
// Wallet direct_post → POST /api/auth/oid4vp/response
0 commit comments