Skip to content

Repository hosts the source code, documentation, and other related files for the Inji Certify project

License

Notifications You must be signed in to change notification settings

mosip/inji-certify

This branch is 19 commits ahead of, 50 commits behind master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

9e2eadc · Jun 3, 2024

History

23 Commits
Jun 3, 2024
May 31, 2024
May 31, 2024
May 31, 2024
Jun 3, 2024
Jun 3, 2024
May 30, 2024
Apr 1, 2024
May 31, 2024
May 30, 2024
May 30, 2024
May 31, 2024

Repository files navigation

inji-certify

INJI Certify enables an issuer to connect with an existing database in order to issue verifiable credentials. It assumes the source database has a primary key for each data record and information required to authenticate a user (e.g. phone, email, or other personal information). Issuer can configure their respective credential schema for various types of certificates they wish to issue. Certificates are generated in JSON-LD as per W3C VC v1.1.

Installation Guide

The following steps will help you to setup Sunbird RC and Esignet services using Docker compose.

Requirements

  • Docker (26.0.0)
  • Docker Compose (2.25)

Installation

Steps to setup Insurance credential use case

Execute installation script

  1. Clone the repository and navigate to its directory:

    cd inji-certify
    ./install.sh
  2. During the execution of the install.sh script, user will be prompted to select the service to be installed:

    1. Sunbird RC
    2. Certify
    0. Exit
    Select:
    
  3. Select "Sunbird RC" as the first step of the installation process.

  4. The installation will encompass the following services:

  5. Post Sunbird installation, proceed to create an issuer and credential schema. Refer to the API schemas available here.

    • Set the hostname of the endpoints correctly as per your docker setup
    • Now generate a DID, create a credential schema and create an issuance registry
      • take note of $.schema[0].author and $.schema[0].id from the create credential schema request
  6. Add the jar file of Digital Credential Stack(DCS) plugin implementations for eSignet and certify:

  7. Modify the properties of the Esignet and Certify services located in the esignet-default.properties and certify-default.properties files respectively.

    • Include Issuer ID and credential schema ID for the following properties:
      • esignet-default-properties:
        • mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId.
        • mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id.
      • certify-default.properties:
        • mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId.
        • mosip.certify.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id.
    • The $.schema[0].author DID goes to the config ending in issuerId and $.schema[0].id DID goes to the config ending in cred-schema-id.
  8. Once the Esignet and Certify properties are configured, proceed to select Certify from the option provided in the installation steps.

  9. The installation of Certify will encompass the following services:

  10. Download the postman collection and environment for sunbird use case from here.

  11. Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001'.

  12. Change aud variable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and set audUrl to http://localhost:8088

  13. Perform a Knowledge based authentication(KBA) as specified in the Postman collection.

    • perform the authorize callback request
    • in the /authorization/authenticate request update the challenge to a URL-safe base64 encoded string with the KBA details such as {"fullName":"Abhishek Gangwar","dob":"1967-10-24"}, one can use an online base64 encoding service for the same.
    • in the /issuance/credential api inside pre-request script section change the aud env variable to -> "aud" : pm.environment.get('audUrl')

Properties for custom use case

  • Sample schemas for Insurance registry are provided here, change it according to use case.
  • Change these properties for different use case mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details,mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field
  • Add the Sunbird registry URL for these properties: mosip.esignet.vciplugin.sunbird-rc.issue-credential-url,mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.registry-search-url.
  • Specify the list of supported credential types for these properties:
    • esignet-default-properties:
      • mosip.esignet.vciplugin.sunbird-rc.supported-credential-types.
    • certify-default.properties:
      • mosip.certify.vciplugin.sunbird-rc.supported-credential-types.
  • For each supported credential type change the below properties. Sample properties are provided in the eSignet default properties and Certify default properties.
    • esignet-default-properties:
      • Issuer id mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId
      • Credential schema id mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id
      • Registry Url mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url
      • Template Url mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.template-url
      • Credential schema version mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version
      • Define the list of supported scopes using: mosip.esignet.supported.credential.scopes, and for each scope, map the resource accordingly at mosip.esignet.credential.scope-resource-mapping.
      • Change these properties for different credential types supported mosip.esignet.vci.key-values based on OID4VCI version.
    • certify-default-properties:
      • Issuer id mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId
      • Credential schema id mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id
      • Registry Url mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url
      • Template Url mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.template-url
      • Credential schema version mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version
      • Change these properties for different credential types supported mosip.certify.key-values based on OID4VCI version.

Troubleshooting

  • Apple Silicon Mac users should export or set DOCKER_DEFAULT_PLATFORM=linux/amd64 before running the install.sh and use GNU sed to run the script over BSD sed. A simple way to do it would be to replace all instances of sed in the script with gsed. The former change is required to bring-up Vault cleanly without any unsealing errors and the latter had to be done because sed scripts are usually not portable across platforms.
  • Windows users should run this script from git bash shell as-is.
  • All users should install postman utility lib to their Postman setup.

Helm Deployments

About

Repository hosts the source code, documentation, and other related files for the Inji Certify project

Resources

License

Stars

Watchers

Forks

Packages

No packages published