This repository is the home of a project to achieve verifiable credential based authentication using OpenID Connect.
See here for background into how this integration is defined.
The VCAuthn-Service has two main dependencies
- A backend database, postgres is used as the provider
- An instance of ACA-Py for handling the interactions with verifiable credentials
To run the OIDC-Controller in debug, first you must run these dependencies with the following command
docker-compose -f ./docker/docker-compose.local-debug.yml build
docker-compose -f ./docker/docker-compose.local-debug.yml up
Following this you can either launch the VCAuthn-Service in debug via an IDE like VS Code or Visual Studio or run the following command
dotnet run ./src/VCAuthn
You will need an instance of von-network running in Docker
The following demo starts up the VCAuthn-Service and its associated dependencies, along with an instance of keycloak.
To start the demo run the following commands from within the docker folder:
./manage build
./manage start
Once you have the service running, a presentation request configuration must be configured on the service. You can configure this through either browsing to the swagger interface here or running the following curl command with a valid request body
curl -X POST "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}"
The API is protected with an APIKey which defaults to
Testin the demo
An example of a valid presentation request configuration is the following.
{
"id": "test-request-config",
"subject_identifier": "email",
"configuration": {
"name": "Basic Proof",
"version": "1.0",
"requested_attributes": [
{
"name": "email",
"restrictions": []
},
{
"name": "first_name",
"restrictions": []
},
{
"name": "last_name",
"restrictions": []
}
],
"requested_predicates": []
}
}
After configuring this, if you used the above presentation request configuration example, you can browse to keycloaks login page with this link
From here you can click the vc-authn option to try out the flow. Clicking this should redirect your browser to the VC-Authn service and display a QR-Code base challenge.
This project was formed from the code with us opportunity executed by Mattr funded by BCGov.