Here are the two simple steps that the ShopSphere OIDC Provider, which takes the Data Issuer client role, must implement:

Providing the user data retrieval API

The ShopSphere OIDC Provider is required to expose a RESTful API that facilitates secure user data retrieval. The API should be designed to authenticate the user robustly, ensuring that only the legitimate owner can access the data. zkPass does not dictate the actual authentication mechanisms, API semantics, or response formats, providing developers the flexibility to implement the API. The API will be typically called by the Data Holder to download the user data needed by the query specified in the DVR.

Signing the user data

To ensure seamless integration with the zkPass framework, the ShopSphere must sign this sensitive information into a JWS (JSON Web Signature) token to ensure the authenticity of the data. To this end, the zkpass-client SDK library provides a function that will simplify the signing process.

Additionally, the ShopSphere OIDC Provider must also distribute the public key needed to verify the signed user data. This can be done via manual or out-of-band public key distribution, or via a programmatic API call as defined by the JSON Web Key Set (JWKS) protocol.