Wallet Gateway Reference Implementation #109 Milestone 4: Decentralized Identity (OIDC)

OPENIssue
by pedrodneves21-05-2026
View on GitHub ↗← All Proposals

Milestone 4: Decentralized Identity (OIDC)

Upgrading the baseline authentication established in Milestone 1 by removing reliance on centralized Identity Providers (IDPs), enabling trustless, decentralized Ledger API connectivity.

  • Self-Signed Token Issuance (Auth): Replacing the Auth0/Entra dependency from Milestone 1 through the implementation of an internal Identity Provider (IDP). This engine generates Self-Signed OIDC tokens using the user's primary cryptographic signing key.

Acceptance:* E2E integration logs demonstrating a successful transaction submission to the Ledger API where the authentication token is generated and signed locally by the user's Keystore, operating entirely without routing through or requiring uptime from a 3rd-party IDP.

  • Cryptographic Validation Logic: Implementation of the logic enabling the Gateway to authenticate directly with the Ledger API using these self-generated credentials.

Acceptance:* Automated test execution confirming the Gateway correctly validates the self-signed OIDC token's signature against the user's public key prior to Ledger API submission.

| Milestone | Target deadline | Funding Request | | :--- | :--- | :--- | | Milestone 4: Decentralized Identity (OIDC) | September 30th 2026 | 1.600.000 CC |

_Originally posted by @pedrodneves in https://github.com/canton-foundation/canton-dev-fund/issues/109#issuecomment-4512204418_