[INJICERT-976] Add Pre auth code md and update claim169 md file

[Piyush7034]

Summary by CodeRabbit

• Documentation
  • Revised QR code support: consolidated QR fields under a claim169 structure, updated signing and QR-generation flow (unsigned claim169 payload → signed CWT hex → Base45 QR), and clarified how QR codes are embedded in credentials.
  • Added Pre-Authorized Code Flow guide: end-to-end credential offer and issuance workflow, delivery options (QR/deep link), sequence diagrams, endpoints, limitations, and UX considerations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Reorganized Claim-169 QR documentation to nest QR fields under a claim169 map, revised the QR signing flow to produce CWT hex values and convert them to Base45 via PixelPass, and added a new Pre-Authorized Code Flow doc describing OpenID4VCI pre-authorized_code issuance endpoints and sequence.

Changes

Cohort / File(s)	Summary
Claim-169 QR Code Documentation docs/Claim-169-QR-Code-Support.md	Nested identityQRCode/faceQRCode under claim169; replaced Base64 payload keys with claim169-mapped keys; signing now uses signQRData(claim169Payload,...) producing hex CWTs; added PixelPass step converting CWT hex → Base45 QR and embedding under claim169; updated sequence diagram, extensibility notes, and Conclusion.
Pre-Authorized Code Flow Documentation docs/Pre-Authorized-Code.md	Added new documentation describing the Pre-Authorized Code Flow for OpenID4VCI: actors, endpoints (metadata, pre-authorized-data, offer data, token, credential), token exchange via pre-authorized_code, delivery channels (QR/deep link), optional transaction code, flow steps, and sequence diagram.

Sequence Diagram(s)

sequenceDiagram
    participant Certify
    participant IssuerPortal
    participant Wallet
    participant TokenEndpoint
    participant CredentialEndpoint

    Certify->>IssuerPortal: Prepare credential offer (pre-authorized-data)
    IssuerPortal-->>Certify: Expose issuer metadata (/.well-known/*)
    Wallet->>IssuerPortal: Retrieve credential-offer-data/{offer_id}
    Wallet->>TokenEndpoint: POST token (grant_type=pre-authorized_code, pre-authorized_code [+ optional PIN])
    TokenEndpoint-->>Wallet: Access token
    Wallet->>CredentialEndpoint: GET /credential (Authorization: Bearer)
    CredentialEndpoint-->>Wallet: Issued VC (may include claim169 QR entries)

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• [INJICERT-1227] Integrate pixelpass to get claim169 mapped data and generate qrcode data #563: PixelPass integration and claim169 mapping/QR generation implementation related to the documented PixelPass conversion and claim169 embedding.
• [INJICERT-1228] Add qr-signing methods with keymanager cose service #548: Adds signQRData usage and QR signing flow producing CWT hex values, matching the documented signing changes.
• [INJICERT-1224] Add readme, open-api and postman collection update for claim 169 #527: Earlier Claim-169 QR documentation edits and related changes to QR embedding/signing flow.

Suggested reviewers

• swatigoel
• Prafulrakhade

Poem

🐰 I hopped through docs with nibbling cheer,
claim169 tucked in, QR codes appear,
pre-auth offers ready to send,
PixelPass paints each QR to the end,
A carrot’d note — issuance is near. 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the two main changes: adding a new Pre-Authorized Code documentation file and updating the Claim 169 QR Code Support documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docs/Claim-169-QR-Code-Support.md (1)

25-33: Make JSON example valid (quote QR value).

The example uses identityQRCode: $claim_169_values[0] without quotes, which is invalid JSON and inconsistent with later examples. Use a quoted placeholder string.

✅ Suggested fix

-        "identityQRCode": $claim_169_values[0]
+        "identityQRCode": "$claim_169_values[0]"

🤖 Fix all issues with AI agents

In `@docs/Claim-169-QR-Code-Support.md`:
- Around line 180-181: The sentence contains a dangling inline code placeholder
``; update it to either the actual method name used for QR code signing in
com.mosip.certify.credential.Credential (for example Credential.signQRCode or
the exact method name) or remove the backticks and reword to read “the default
implementation in com.mosip.certify.credential.Credential” so the reference is
concrete and not empty.

In `@docs/Pre-Authorized-Code.md`:
- Line 10: The emphasis marker in the bullet "Interoperability" is malformed;
update the text that currently reads "**Interoperability:* Aligns with
OpenID4VCI standards, improving compatibility with other identity systems and
wallets." to properly close the bold markers—e.g., change "**Interoperability:*"
to "**Interoperability:**" so the line becomes "**Interoperability:** Aligns
with OpenID4VCI standards, improving compatibility with other identity systems
and wallets."

🧹 Nitpick comments (2)

docs/Pre-Authorized-Code.md (2)

4-4: Call out that this flow is optional/config-driven.

Given the service initializes even when pre-authorized flow is not configured, it’s worth noting in this doc that the flow is optional and depends on configuration (e.g., credential-offer URL). This avoids overstating it as mandatory behavior. Based on learnings, the feature is optional and defaults to empty config.

Based on learnings: “the pre-authorized code flow is optional… defaults to an empty string to allow the component to initialize even when this feature is not configured or used.”

---

48-48: Reduce repetitive sentence openings for readability.

Three consecutive sentences start with “Certify…”. Consider rephrasing one or two to improve flow.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@docs/Pre-Authorized-Code.md`:
- Around line 146-148: Change the British spelling "authorisation" to the
American spelling "authorization" in the "## Limitations" section sentence that
currently reads "Client authorisation is not supported." (look for the "##
Limitations" heading and the sentence about single issuance mode for an issuer)
so the document uses "authorization" consistently with the rest of the file.

🧹 Nitpick comments (1)

docs/Claim-169-QR-Code-Support.md (1)

180-180: Consider using proper heading syntax for "Extensibility".

The "Extensibility" line uses bold formatting instead of proper heading syntax. For better document structure, navigation, and accessibility, consider using a heading level (e.g., ### Extensibility).

📋 Suggested change

-**Extensibility**
+### Extensibility

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud