INJI Certify enables an issuer to connect with an existing database in order to issue verifiable credentials. It assumes the source database has a primary key for each data record and information required to authenticate a user (e.g. phone, email, or other personal information). Issuer can configure their respective credential schema for various types of certificates they wish to issue. Certificates are generated in JSON-LD as per W3C VC v1.1.
The following steps will help you to setup Sunbird RC and Esignet services using Docker compose.
- Docker (26.0.0)
- Docker Compose (2.25)
Execute installation script
-
Clone the repository and navigate to its directory:
cd inji-certify ./install.sh
-
During the execution of the
install.sh
script, user will be prompted to select the service to be installed:1. Sunbird RC 2. Certify 0. Exit Select:
-
Select "Sunbird RC" as the first step of the installation process.
-
The installation will encompass the following services:
-
Post Sunbird installation, proceed to create an issuer and credential schema. Refer to the API schemas available here.
- Set the hostname of the endpoints correctly as per your docker setup
- Now generate a DID, create a credential schema and create an issuance registry
- take note of
$.schema[0].author
and$.schema[0].id
from the create credential schema request
- take note of
-
Add the jar file of Digital Credential Stack(DCS) plugin implementations for eSignet and certify:
- For eSignet add the jar file here. The JAR can be built from source or downloaded directly.
- For certify add the jar file here. THE JAR can be built from source.
-
Modify the properties of the Esignet and Certify services located in the esignet-default.properties and certify-default.properties files respectively.
- Include Issuer ID and credential schema ID for the following properties:
- esignet-default-properties:
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId
.mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id
.
- certify-default.properties:
mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId
.mosip.certify.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id
.
- esignet-default-properties:
- The
$.schema[0].author
DID goes to the config ending in issuerId and$.schema[0].id
DID goes to the config ending incred-schema-id
.
- Include Issuer ID and credential schema ID for the following properties:
-
Once the Esignet and Certify properties are configured, proceed to select Certify from the option provided in the installation steps.
-
The installation of Certify will encompass the following services:
-
Download the postman collection and environment for sunbird use case from here.
-
Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001'.
-
Change
aud
variable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and setaudUrl
to http://localhost:8088 -
Perform a Knowledge based authentication(KBA) as specified in the Postman collection.
- perform the authorize callback request
- in the /authorization/authenticate request update the challenge to a URL-safe base64 encoded string with the KBA details such as
{"fullName":"Abhishek Gangwar","dob":"1967-10-24"}
, one can use an online base64 encoding service for the same. - in the /issuance/credential api inside pre-request script section change the aud env variable to -> "aud" : pm.environment.get('audUrl')
- Sample schemas for Insurance registry are provided here, change it according to use case.
- Change these properties for different use case
mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details
,mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field
- Add the Sunbird registry URL for these properties:
mosip.esignet.vciplugin.sunbird-rc.issue-credential-url
,mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.registry-search-url
. - Specify the list of supported credential types for these properties:
- esignet-default-properties:
mosip.esignet.vciplugin.sunbird-rc.supported-credential-types
.
- certify-default.properties:
mosip.certify.vciplugin.sunbird-rc.supported-credential-types
.
- esignet-default-properties:
- For each supported credential type change the below properties. Sample properties are provided in the eSignet default properties and Certify default properties.
- esignet-default-properties:
- Issuer id
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId
- Credential schema id
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id
- Registry Url
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url
- Template Url
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.template-url
- Credential schema version
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version
- Define the list of supported scopes using:
mosip.esignet.supported.credential.scopes
, and for each scope, map the resource accordingly atmosip.esignet.credential.scope-resource-mapping
. - Change these properties for different credential types supported
mosip.esignet.vci.key-values
based on OID4VCI version.
- Issuer id
- certify-default-properties:
- Issuer id
mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId
- Credential schema id
mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id
- Registry Url
mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url
- Template Url
mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.template-url
- Credential schema version
mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version
- Change these properties for different credential types supported
mosip.certify.key-values
based on OID4VCI version.
- Issuer id
- esignet-default-properties:
- Apple Silicon Mac users should export or set
DOCKER_DEFAULT_PLATFORM=linux/amd64
before running theinstall.sh
and use GNUsed
to run the script over BSDsed
. A simple way to do it would be to replace all instances ofsed
in the script withgsed
. The former change is required to bring-up Vault cleanly without any unsealing errors and the latter had to be done becausesed
scripts are usually not portable across platforms. - Windows users should run this script from
git bash
shell as-is. - All users should install postman utility lib to their Postman setup.
- The links for installation through helm can be found here