Skip to content
No description, website, or topics provided.
C# Shell HTML Dockerfile
Branch: master
Clone or download
Pull request Compare This branch is 38 commits behind bcgov:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docker
docs
oidc-controller/src
src/VCAuthn/obj
.gitattributes
LICENSE
README.md

README.md

Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC)

This repository is the home of a project to achieve verifiable credential based authentication using OpenID Connect.

See here for background into how this integration is defined.

Debug

The VCAuthn-Service has two main dependencies

  1. A backend database, postgres is used as the provider
  2. An instance of ACA-Py for handling the interactions with verifiable credentials

To run the OIDC-Controller in debug, first you must run these dependencies with the following command

    docker-compose -f ./docker/docker-compose.local-debug.yml

Following this you can either launch the VCAuthn-Service in debug via an IDE like VS Code or Visual Studio or run the following command

    dotnet run ./src/VCAuthn

A Quick Demo

The following demo starts up the VCAuthn-Service and its associated dependencies, along with an instance of keycloak.

To start the demo run the following commands from within the docker folder:

    ./manage build
    ./manage start

Once you have the service running, a presentation request configuration must be configured on the service. You can configure this through either browsing to the swagger interface here or running the following curl command with a valid request body

    curl -X POST "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "Authorization: Test" -H "Content-Type: application/json" -d "{ \"id\" : \"test-request-config\", \"subject_identifier\" : \"attribute1\", \"configuration\" : { \"name\" : \"test\", \"version\" : 1.0, \"requested_attributes\" : { \"attribute1\": { \"name\" : \"attribute1\", \"restrictions\" : [ { \"schema_id\": \"123\", \"schema_issuer_did\": \"\", \"schema_name\": \"name\", \"schema_version\": \"\", \"issuer_did\": \"\", \"cred_def_id\": \"\" }\t\t\t\t] }, \"attribute2\": { \"name\" : \"attribute2\", \"restrictions\" : [ { \"schema_id\": \"345\", \"schema_issuer_did\": \"\", \"schema_name\": \"name\", \"schema_version\": \"\", \"issuer_did\": \"\", \"cred_def_id\": \"\" }\t\t\t\t] }\t\t} }}"

The API is protected with an APIKey which defaults to Test in the demo

An example of a valid presentation request configuration is the following.

{
    "id" : "test-request-config",
    "subject_identifier" : "attribute1",
    "configuration" : {
        "name" : "test",
        "version" : 1.0,
        "requested_attributes" : {
            "attribute1": {
                "name" : "attribute1",
                "restrictions" : [
                    {
                        "schema_id": "123",
                        "schema_issuer_did": "",
                        "schema_name": "name",
                        "schema_version": "",
                        "issuer_did": "",
                        "cred_def_id": ""
                    }
				]
            },
            "attribute2": {
                "name" : "attribute2",
                "restrictions" : [
                    {
                        "schema_id": "345",
                        "schema_issuer_did": "",
                        "schema_name": "name",
                        "schema_version": "",
                        "issuer_did": "",
                        "cred_def_id": ""
                    }
				]
            }
		}
    }
}

After configuring this, if you used the above presentation request configuration example, you can browse to keycloaks login page with this link

From here you can click the vc-authn option to try out the flow. Clicking this should redirect your browser to the VC-Authn service and display a QR-Code base challenge.

Project Affiliation

This project was formed from the code with us opportunity executed by Mattr funded by BCGov.

You can’t perform that action at this time.