Skip to content

benmoumen/vc-authn-oidc

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

404 Commits

.github

.github

 
 

database/config/postgresql-cfg

database/config/postgresql-cfg

 
 

demo

demo

 
 

docker

docker

 
 

docs

docs

 
 

oidc-controller/src

oidc-controller/src

 
 

openshift

openshift

 
 

.dockerignore

.dockerignore

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

COMPLIANCE.yaml

COMPLIANCE.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

img License

Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC)

This repository is the home of a project to achieve verifiable credential based authentication using OpenID Connect.

See here for background into how this integration is defined.

For configuration instructions, refer to the configuration guide.

Make sure to read the best practices to be used when protecting a web application using vc-authn-oidc.

A Quick Demo

Pre-requisites

You will need an instance of von-network running in Docker

Running the demo

The following demo starts up the VCAuthn-Service and its associated dependencies, along with an instance of keycloak.

To start the demo run the following commands from within the docker folder:

    ./manage build
    ./manage start

Once you have the service running, a presentation request configuration must be configured on the service. You can configure this through either browsing to the swagger interface here or running the following curl command with a valid request body

    curl -X POST "http://localhost:5001/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}"

The API is protected with an APIKey which defaults to Test in the demo

An example of a valid presentation request configuration is the following.

{
  "id": "test-request-config",
  "subject_identifier": "email",
  "configuration": {
    "name": "Basic Proof",
    "version": "1.0",
    "requested_attributes": [
      {
        "name": "email",
        "restrictions": []
      },
      {
        "name": "first_name",
        "restrictions": []
      },
      {
        "name": "last_name",
        "restrictions": []
      }
    ],
    "requested_predicates": []
  }
}

After configuring this, if you used the above presentation request configuration example, you can browse to keycloaks login page with this link

From here you can click the vc-authn option to try out the flow. Clicking this should redirect your browser to the VC-Authn service and display a QR-Code base challenge.

For more interactive demos, refer to the demo readme

Project Affiliation

This project was formed from the code with us opportunity executed by Mattr funded by BCGov.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 93.0%
  • Shell 4.5%
  • HTML 2.2%
  • Dockerfile 0.3%