Multitenancy support for OID4VC plugin

[pradeepp88]

Currently, the OID4VC plugin doesn't support multitenancy, and all operations are saved in the base wallet. When we secure the admin API, the supported credentials data is not passed on to the .well-known endpoint for the OID4VCI server.

We have reviewed the initial design options and have started work on enabling multitenancy for the OID4VC plugin.

The following changes are proposed:

• Pass wallet information to the OID4VC server. This can be done by:
  • Creating a separate sub-path for each wallet and hosting all endpoints within that sub-path, e.g., <OID4VCI-Endpoint>/<wallet-id>, using it for identification; or
  • Passing the wallet ID as a request parameter, e.g., <OID4VCI-Endpoint>/.well-known/openid-credential-issuer?<wallet-id>.
• Use the sub-path or request parameter to pass wallet information when issuing the credential offer.

We’re opening this issue to gather feedback from maintainers and other OID4VC developers to finalize the design and continue the work. cc: @dbluhm, @jamshale

[dbluhm]

https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID1.html#section-11.2.2

Credential Issuers publishing metadata MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-credential-issuer to the Credential Issuer Identifier. If the Credential Issuer value contains a path component, any terminating / MUST be removed before appending /.well-known/openid-credential-issuer.

Any tenant information must be passed as a path parameter and be included in the issuer url. To obtain the openid configuration, the well know path is appended to the issuer value.

[dbluhm]

@pradeepp88 please keep us posted on your progress. We have some issues in the plugin that need to be addressed; keeping us up on your status will hopefully help ensure a clean merge.