The Authorisation API is a core EBSI service responsible for managing access to protected EBSI services. Legal Entities must present a valid Verifiable Authorisation or Verifiable Accreditation in the form of a Verifiable Presentation to obtain a short-lived access token, which is valid for two hours. The scope of these access tokens is limited according to the authorisations held by the Legal Entity.
Users receive access tokens by presenting a valid EBSI Verifiable Credential and proving ownership of their decentralised identifier (DID). There is one exception during the onboarding process: since the user does not yet have ownership of a DID, they are only required to present a VerifiableAuthorisationToOnboard
.
The Authorisation API supports the following capabilities:
- Authorisation Server discovery the /.well-known/openid-configuration
- OpenID for Verifiable Presentation capabilities (v 0.14)
- OIDC capabilities (v1.0)
The EBSI Platform distinguishes between two types of users:
- Identified Users: Legal Entities who already use the trusted registries (DID registry and Trusted Issuer Registry).
- Anonymous Users: Users who can only read public information through REST endpoints but cannot access JSON-RPC endpoints.
For more information see:
- CLI Tool page: Test the capabilities using the EBSI CLI tool