INJI Certify enables an issuer to connect with an existing database in order to issue verifiable credentials. It assumes the source database has a primary key for each data record and information required to authenticate a user (e.g. phone, email, or other personal information). Issuer can configure their respective credential schema for various types of certificates they wish to issue. Certificates are generated in JSON-LD as per W3C VC v1.1.
The following steps will help you to setup Sunbird RC and Esignet services using Docker compose.
- Docker (26.0.0)
- Docker Compose (2.25)
Execute installation script
-
Clone the repository and navigate to its directory:
cd inji-certify -
Change the value of
WEB_DID_BASE_URLin .env file to your public domain where did.json will be hosted(You can use your github profile to host DIDs). -
Execute the installation script:
./install.sh
-
During the execution of the
install.shscript, user will be prompted to select the service to be installed:1. Sunbird RC 2. Esignet 0. Exit Select: -
Select "Sunbird RC" as the first step of the installation process.
-
The installation will encompass the following services:
-
Post Sunbird installation, proceed to create an issuer and credential schema. Refer to the Postman collections available here.
- Set the hostname of the endpoints correctly as per your docker setup
- For generating a DID use the
Generate a DIDAPI:- Change the
methodfield in request body towebandservicesto an empty list - Take note of the
idfield from the API response. - For local testing:
- Inside the github repo mentioned in point 2, create a folder with the name of the unique id from the
idfield.- Example: If the
idfrom the response isdid:web:challabeehyv.github.io:DID-Resolve:3313e611-d08a-49c8-b478-7f55eafe62f2then the folder name should be3313e611-d08a-49c8-b478-7f55eafe62f2
- Example: If the
- Create a file named did.json in the above folder and add the response from
Generate a DIDAPI. - Publish the did.json as a webpage.
- Similarly multiple DIDs can be hosted in a single git repo with different folder names.
- Change the
- Now create a credential schema and create an issuance registry
- take note of
$.schema[0].authorand$.schema[0].idfrom the create credential schema request
- take note of
-
Add the jar file of Digital Credential Stack(DCS) plugin implementation in loader_path. The JAR can be built from source or downloaded directly.
-
Modify the properties of the Esignet service located in the esignet-default.properties file:
- Include Issuer ID and credential schema ID for the following properties:
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId,mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential-type}.cred-schema-id. - The
$.schema[0].authorDID goes to the config ending in issuerId and$.schema[0].idDID goes to the config ending incred-schema-id.
- Include Issuer ID and credential schema ID for the following properties:
-
Once the Esignet properties are configured, proceed to select Esignet from the options provided for eSignet.
-
Download the postman collection and environment for sunbird use case from here.
-
Create Client from Create OIDC client API, add redirect uri 'http://localhost:3001', add auth-factor 'mosip:idp:acr:knowledge' to the request body.
-
Change
audvariable in environment to 'http://localhost:8088/v1/esignet/oauth/v2/token' and setaudUrlto http://localhost:8088 -
Perform a Knowledge based authentication(KBA) as specified in the Postman collection.
- perform the authorize callback request
- in the /authorization/authenticate request update the challenge to a URL-safe base64 encoded string with the KBA details such as
{"fullName":"Abhishek Gangwar","dob":"1967-10-24"}, one can use an online base64 encoding service for the same. - in the /vci/credential api inside pre-request script section:
- change the aud env variable to -> "aud" : pm.environment.get('audUrl')
- For generating a credential with smaller VC change the below variables:
keypairvariable to -> keyPair = pmlib.rs.KEYUTIL.generateKeypair("EC", "P-256");algto ES256 in place of RS256
- Sample schemas for Insurance registry are provided here, change it according to use case.
- Change these properties for different use case
mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details,mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field - Add the Sunbird registry URL for these properties:
mosip.esignet.vciplugin.sunbird-rc.issue-credential-url,mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.registry-search-url. - Specify the list of supported credential types using the property:
mosip.esignet.vciplugin.sunbird-rc.supported-credential-types. - For each supported credential type change the below properties. Sample properties are provided in the default properties file.
- Issuer id
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.static-value-map.issuerId - Credential schema id
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-id - Registry Url
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url - Template Url
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.template-url - Credential schema version
mosip.esignet.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version
- Issuer id
- Define the list of supported scopes using:
mosip.esignet.supported.credential.scopes, and for each scope, map the resource accordingly atmosip.esignet.credential.scope-resource-mapping. - Change this property for different credential types supported
mosip.esignet.vci.key-valuesbased on OID4VCI version.
- Apple Silicon Mac users should export or set
DOCKER_DEFAULT_PLATFORM=linux/amd64before running theinstall.shand use GNUsedto run the script over BSDsed. A simple way to do it would be to replace all instances ofsedin the script withgsed. The former change is required to bring-up Vault cleanly without any unsealing errors and the latter had to be done becausesedscripts are usually not portable across platforms. - Windows users should run this script from
git bashshell as-is. - All users should install postman utility lib to their Postman setup.
- The links for installation through helm can be found here