|Restful API for the Credential issuer of the Digital Democracy and Data Commons pilot project|
Credential issuer API is part of the DDDC. Digital Democracy and Data Commons is a pilot participatory process oriented to test a new technology to improve the digital democracy platform Decidim and to collectively imagine the data politics of the future. This pilot takes place in the context of the European project DECODE (Decentralized Citizen Owned Data Ecosystem) that aims to construct legal, technological, and socioeconomic tools that allow citizens to take back control over their data and technological sovereignty. Our effort is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles using algorithms that can be deployed in any situation without any change.
🚩 Table of Contents (click to expand)
🚀 Getting started
This requires docker to be installed
git clone --recursive https://github.com/DECODEproject/dddc-credential-issuer.git cd dddc-credential-issuer ./start.sh
This will clone the project and all submodules of the project (--recursive is important)
then by lunching the
start.sh will create a docker container with all the dependencies correctly
Head your browser to:
SWAGGER UI: http://0.0.0.0/docs/
for the authentication in the SWAGGER UI over the calls, that need the OAuth2 and JWT token please use the following credentials:
client_secret are not mandatory and should be empty
Assuming you are already cloned the project as described on Getting started with the
submodules and already
cd into your project directory
dddc-credential-issuer you need the following steps
- create a
- activate the virtualenv
- upgrade the pip
- install dependencies
- install the ASGI serve
- run locally the API
python3 -m venv venv . venv/bin/activate pip install --upgrade pip pip install -e . pip install uvicorn uvicorn app.main:api --debug
This API server is meant for the Credential Issuing of the DDDC Project part of the
This will handle both the credential issuing with Coconut (for the wallet) and the interaction with the DDDC Site as described here
docker build -t dddc-credential-issuer . docker run --rm -p 80:80 -e APP_MODULE="app.main:api" -e LOG_LEVEL="debug" -it dddc-credential-issuer
All the options are documented on here
All the parameters and format of the input are documented on the swagger, below you'll find a quick description of each endpoint
This returns a valid JWT to be used over OAuth2 covered calls in the
Creates an Authorizable Attibute as defined on here
it contains an
authorizable_attribute_id and a
authorizable_attribute_info in form of a list of objects
each one with a key and values
This will create the rules to allow people to obtain a credential. Each credential
will have it's own keypair (in form of a Credential Issuer Keypair, Coconut flow 03)
and the public
verification_key will be printed as a result
IoT vs. DDDC the real difference between the two use-cases is to allowing reissue the credentials
for the same user. To differenciate this behaviout each Authorizable Attibute has a boolean parameter
that should be passed. IoT want to pass it as
true to allow reissuing of the credentials.
This allows to retrieve the Authorizable Attibute by the
This will contain the ruleset and the verification_key
This will check that the information provided are a correct subset of the information of the Authorizable Attribute and if they are correct it will sign (add a sigma_tilde) and release a credential for the user (coconut flow 05)
Gives back the Credential Issuer
ci_unique_id a string that identifies the credential issue instance.
All the configuration should be available under an .ini file. By default the configuration file is config.ini
User defined config.ini
Define a environment variable DDDC_CREDENTIAL_ISSUER_CONFIGFILE with the absolute path of the file like:
You are encouraged to do this and edit the config file with your real data.
|debug||This should be off in production add some verbose logging||
|keypair||The secret keypair path of the Credential Issuer, if the file does not exists, it is created the first a request is run||
|contracts_path||The path of the Zencode smart contracts for now a submodule of dddc-pilot-contracts||
|ALGORITHM||The algorithm used for the
|ACCESS_TOKEN_EXPIRE_MINUTES||Minutes of validity of the JWT tokens||
|SQLALCHEMY_DATABASE_URI||The url of your relational database (sqlite is tested by now)||SQLAlchemy Database URL|
python3 setup.py test
🐛 Troubleshooting & debugging
To run the
credential-issuer in debug mode, please run it in local and activate
--debug when you launch the ASGI
LOG_LEVEL="debug" ENVIRONMENT VARIABLE that is used by
config.ini and set the
debug = true
Designed, written and maintained by Puria Nafisi Azizi Dyne.org.
With design contributions by Oleguer 'Ula' Sagarra dribia.com.
Special thanks to Denis 'Jaromil' Roio and Andrea D'Intino for their expert reviews.
This project is receiving funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement nr. 732546 (DECODE).
Please first take a look at the Dyne.org - Contributor License Agreement then
- Create your feature branch
git checkout -b feature/branch
- Commit your changes
git commit -am 'Add some fooBar'
- Push to the branch
git push origin feature/branch
- Create a new Pull Request
DDDC Credential Issuer API Copyright (c) 2019 Dyne.org foundation, Amsterdam This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.