Skip to main content

2. Overview

2.1 High‑level architecture

embedded-image-j2eCv6RV.png

  1. Client requests access token from Verifier Token Endpoint using client_credentials grant and client_assertion = VP (containing LEARCredentialMachine).

  2. Verifier authenticates client, validates VP and LEARCredentialMachine.

  3. Verifier issues access token with 1h lifetime.

  4. Client uses access token to call protected resources.

2.2 High-level flow

embedded-image-mGqKJU4g.png

  1. The client requests an access token by authenticating with the authorization server (VCVerifier) and presenting the authorization grant. Since the client authentication is used as the authorization grant, no previous authorization request is needed.

  2. The authorization server authenticates the client and validates the authorization grant, and if valid, issues an access token.

  3. The client requests the protected resource from the resource server and authenticates by presenting the access token.

  4. The resource server validates the access token presented and if valid, returns the resource requested.

Back to top