Assign Schema to Issuer
Configure which types of credentials an issuer is ready to issue.
Allow Issuer to issue credentials according to provided schema.
Extends the issuer with the ability to issue credentials according to a new credential schema supplied within the request.
One can provide any arbitrary schema, or use one of our predefined
credential schemas. Arbitrary schemas can be specified using the
customSchema parameter, and predefined schemas using the schemaId
parameter, where a unique identifier known to the Issuer Service needs
to be provided.
Currently, the Issuer Service supports the following well-known schemas:
- Mobile driving licence (mDL) — the ISO-compliant driving
license adhering to the ISO/IEC 18013-5:2021
standard. Credentials issued
according to this schema can only be issued in the
mso_mdoccredential format. The correspondingschemaIdis"org.iso.18013.5.1.mDL". - Personal Identification Data (PID) — the ARF-compliant PID according to the PID Rulebook. Credentials according to this standard can both be issued in the
sd-jwtandmso_mdoccredential format. More precisely:
Successfully adding a schema affects the content of the appropriate Credential Issuer Metadata. More precisely, it adds another entry in the credential_configurations_supported section.
Credential Metadata
Additionally, the caller may provide an optional credentialMetadata
object in order to further specify certain details of the newly added
credential
configuration.
More precisely, the user may supply the following fields:
credential_configuration_id— Unique identifier of the credential within thecredential_configurations_supportedmap. If omitted, the value will be the same asschemaId.display— array of objects, where each object contains the display properties of the supported credential for a certain language according to the specification. If omitted, thedisplayobject not be included in the Credential Issuer Metadata.
For more information see: specification
Example — defining a custom “Digital Diploma” schema
{
"customSchema": {
"schemaId": "com.fortid.digital-diploma",
"credentialType": "com.fortid.digital-diploma",
"schema": {
"dataFormat": "vc+sd-jwt",
"schema": {
"type": "object",
"properties": {
"diploma_id": {
"type": "string",
"display": [{ "name": "Diploma ID", "locale": "en" }]
},
"given_name": {
"type": "string",
"display": [{ "name": "Given Name", "locale": "en" }]
},
"family_name": {
"type": "string",
"display": [{ "name": "Family Name", "locale": "en" }]
},
"degree_title": {
"type": "string",
"display": [{ "name": "Degree Title", "locale": "en" }]
},
"field_of_study": {
"type": "string",
"display": [{ "name": "Field of Study", "locale": "en" }]
},
"ects_credits": {
"type": "integer",
"display": [{ "name": "ECTS Credits", "locale": "en" }]
},
"graduation_date": {
"type": "string",
"display": [{ "name": "Date of Graduation", "locale": "en" }]
},
"honors": {
"type": "string",
"display": [{ "name": "Honors/Distinction", "locale": "en" }]
},
"university": {
"type": "object",
"display": [{ "name": "University", "locale": "en" }],
"properties": {
"name": {
"type": "string",
"display": [{ "name": "University", "locale": "en" }]
},
"country": {
"type": "string",
"display": [{ "name": "Country", "locale": "en" }]
}
}
},
"student_id": {
"type": "string",
"display": [{ "name": "Student ID", "locale": "en" }]
}
}
}
}
}
}The example above defines a credential type named Digital Diploma that can be issued
in vc+sd-jwt format. It includes both simple string fields and nested
objects (like university) with localized display names.
Once added, this custom schema becomes available for issuance just like any well-known schema.
Authorization Server
An additional parameter, authorizationServer, can be defined for the Authorization Code Flow.
This parameter has the following effects:
- Enables credential issuance via the Authorization Code Flow, where the Authorization Server is specified by the defined URL.
- Adds an optional
authorization_serversfield (as a JSON array) to the Credential Issuer Metadata. - Adds an optional
authorization_serverfield to the Credential Offer for both the Authorization Code Flow and the Pre-Authorized Code Flow. - Introduces an implicit Authorization Server (the Credential Issuer server itself) in both the metadata and the Credential Offer for the Pre-Authorized Code Flow.
It also provides instructions field which defines how Authorization
Server can inject claims into credential. The keys of authorization
method (e.g. Google) represent path expected in JWT Access Token, while
values are paths representing what path will be used for credential
issuance. This way claims can be partially defined at
/control/issuer/{issuerId}/initiate endpoint. If claim
is already set, the Access Token will overwrite it.
Path Parameters
An ID of the Issuer to be extended with the new credential schema support.
Header Parameters
API key for authenticating requests to the Issuer Service.
Request Body
application/json
object specifying configurable credential metadata details.
URL of the authorization server that issues tokens for credentials based on this schema.
uriInstructions how to map claims per Authorization Server for each Identity Provider.
A unique identifier of the credential schema that the issuer will be able to issue.
"org.iso.18013.5.1.mDL" | "eu.europa.ec.eudi.pid_vc_sd_jwt" | "eu.europa.ec.eudi.pid_mdoc"Response Body
application/json
application/json
curl -X POST "https://eis.fortid.com/control/issuer/fortid_issuer/add-schema" \ -H "X-API-KEY: HCLN4ZKnWYJAfyNkDnQ57gEAHuejD6MN" \ -H "Content-Type: application/json" \ -d '{ "schemaId": "org.iso.18013.5.1.mDL" }'{
"message": "Unknown schemaId (university-diploma)"
}{
"message": "The issuer with ID `3fa85f64-5717-4562-b3fc-2c963f66afa6` does not exist"
}