Skip to main content

Triveria Wallet Tool

Configuration

To completely override configuration options you can copy default.yaml to local.yaml and edit all to your needs.

Or you can only set the oAuth client id and secret to TRIVERIA_WALLET_CLIENT_ID and TRIVERIA_WALLET_CLIENT_SECRET environment variables.

Note that to interact with a specific wallet you can also use the TRIVERIA_WALLET_ID environment variable.

Installation

go install github.com/triveria-com/twt

Wallet management

Create (configure) wallet

A wallet needs to be created before being able to run any wallet specific actions. One client may create multiple wallets where the wallet role is controlled by the provided configuration.

A single wallet may provide functionality for all three roles of holder, issuer and verifier, but that isn't recommended. It is a good practice to keep the verifier and issuer separated, while holder capabilities are provided for each role by default. The reason for this is that either issuer and verifier will require to hold attestation credentials which will determine the scope of competences.

In the config/ directory you can find exampleIssuerConfig.json, exampleVerifierConfig.json and exampleHolderConfig.json which can be used to create wallets of a specific role.

twt wallet configure -i config/exampleIssuerConfig.yaml -n "My issuer wallet"

where -i flag is used to specify an issuer config file.

The command will output the wallet basic info:

wallet was successfuly created: {
    "name": "My issuer wallet",
    "walletId": "d2aa298b-baa9-11ee-8aab-0aa8a9feac02"
}

Setting the current wallet ID

For convenience the commands expect the wallet ID they are interacting with to be set in the TRIVERIA_WALLET_ID env variable. You have multiple options to set this variable:

  • prepend TRIVERIA_WALLET_ID=d2aa298b-baa9-11ee-8aab-0aa8a9feac02 to the command you are running
  • set the walletId in your config/local.yaml file
  • set the env var

List existing wallets

The client may list all the owned wallets running the following command:

twt wallet list

Get current wallet

Gets info for the current wallet.

twt wallet get

DID

The DID of the wallet can be retrieved with the following command:

twt did

Credential operations

Credential creation

New credentials can be created using the following command:

twt credential create -f config/example_credential.json -n "My Example ID"

where -f flag is used to specify the file in which the credential is stored and use the -n flag to set a human-readable name for the credential. The credential must have a specified schema and must be valid according to it.

Credential retrieval

Already existing credential can be retrieved using this command:

twt credential get --id urn:test_id

where id flag is used to specify the id of the credential to be retrieved.

Adding credential to issuance queue

If the wallet has a configured issuanceQueue credential issuer for the credential type to be issued, this command can be used to add it to the issuance queue:

twt issuer credAdd --id urn:test_id

where id flag is used to specify the id of the credential to be added to the issuance queue. This command will return an error if there is no credential issuer configured for the type of credential urn:test_id or if the configured issuer type is not equal to issuanceQueue.

Interactions

Holder

Holder wallets can either accept credential offers from issuers or initiate them. Holder wallet supports accepting credentials via the following flows:

  • Pre-authorised
  • In-time authorised
  • Deferred

Pre-authorised flow

In order to accept a pre-authorised offer, the following command is used:

twt holder offer accept --url openid-credential-offer://example_offer --pin 1234

where the url flag specifies the offer url, the scheme of which must be either https of openid-credential-offer. The pin flag specifies the pin code that is received from the credential issuer.

As a result of this interaction, a credential will be received. The command will output the id of the received credential.

In-time authorised flow

In order to accept an in-time authorized offer, this command is used:

twt holder offer accept --url openid-credential-offer://example_offer

where the url flag specifies the offer url, the scheme of which must be either https of openid-credential-offer.

As a result of this interaction, a credential will be received. The command will output the id of the received credential.

Deferred flow

The command used to accept a deferred offer is the same as in the previous flow. The difference here is in the output, because in a deferred flow, the holder won't receive a credential instantly after accepting it.

Because of this, the output provides a deferred transaction id, which can be used to check the transaction status with the following command:

twt credential deferredStatus --id deferres:example_id

where the id flag is used to specify the deferred transaction id.

Holder-initiated flow

VC exchange can also be initiated by the holder. In order to initiate the exchange, the holder must firstly check the credential types supported by the issuer. This is done with the following command:

twt issuer types --url https://issuer.example.com

where the url flag is used to specify the issuer from which the holder wants to request the credential. This command will return the issuer's metadata containing the supported credential types. Example response of this command can be seen below:

[
    {
        "format": "jwt_vc",
        "type": [
            "VerifiableCredential",
            "VerifiableAttestation",
            "CTWalletSamePreAuthorised"
        ]
    }
]

After checking the supported credential types, the holder initiated offer can be created with this command:

twt holder offer create --type intime --credentialType ExampleType --issuerUrl https://issuer.example.com

where the type flag is used to specify the type of flow which will be used (supported flows: in-time and deferred), the credentialType flag is used to specify the credential types which the issuer is requesting and the issuerUrl flag is used to specify the url of the issuer.

The command outputs a credential offer URL which can be accepted in the same way as in issuer initiated flows.

Issuer

Triveria wallet only supports issuer initiated credential issuance flows. In order to issue credentials, the wallet must have correctly configured credential issuers.

Triveria wallet supports all 3 types of credential issuance flows.

Pre-authorised flow

In order to create a pre-authorised offer, the following command is used:

twt issuer offer init --type preauth --credentialTypes ExampleType --holder did:123456

where the type flag is used to specify the offer type (right now preauth), the credentialTypes flag is used to specify the type of the credential that will be issued and holder flag is used to spoecify the did of the holder for whom the offer will be authorised.

The command outputs following values:

{
  "issuer_url": "https://wallet.dev.triveria.io/api/v1/issuer/test_wallet",
  "offer": "openid-credential-offer://example_offer",
  "pin": "1234",
  "preauth_code": "test_code"
}

where the offer key value is the credential offer url which can be used to accept the credential offer and the pin key value is the pin code used to authorise the holder upon accepting the offer.

In-time authorised flow

In order to create a pre-authorised offer, the following command is used:

twt issuer offer init --type intime --credentialTypes ExampleType

where the type flag is used to specify the offer type (right now intime) and the credentialTypes flag is used to specify the type of the credential that will be issued and

The command outputs following values:

{
  "issuer_url": "https://wallet.dev.triveria.io/api/v1/issuer/test_wallet",
  "offer": "openid-credential-offer://example_offer",
  "state": "example_state"
}

where the offer key value is the credential offer url which can be used to accept the credential offer.

Deferred flow

In order to create a deferred offer, the following command is used:

twt issuer offer init --type deferred --credentialTypes ExampleType

where the type flag is used to specify the offer type (right now deferred) and the credentialTypes flag is used to specify the type of the credential that will be issued.

The command output is the same as in the case of in-time authorised flow.