The Decentralized Identity Management (DIM) Wallet stub application provides REST APIs for below wallet functionality.
- Setup Wallet and push Did document to portal backend
- Issue Verifiable Credentials
- Sign and get Verifiable Credentials by ID
- Create Self issued (SI) token with scope and without scope
- Query Verifiable Presentation
- Create technical user for wallet to access APIs using OAuth flow
- Request BPN Did mapping
This application can be used as a temporary wallet solution for local and integration testing.
This application is using Java 21 and Spring boot framework to serve REST APIs.
The DIM Wallet is part of the Self-Sovereign Identity (SSI) Flow of Eclipse Tractus-X.
- Update env variables in application.yaml
Name | Description | Default value |
---|---|---|
APPLICATION_PORT | Application port | 8080 |
STUB_ENV | Environment(LZ) in with application is running. | local |
BASE_WALLET_BPN | Issuer BPN number | BPNL000000000000 |
SEED_WALLETS_BPN | List of BPNs for which wallets will be seeded on application startup | BPNL00000003AZQP,BPNL00000003AYRE |
STUB_HOST | Wallet stub application host | |
STATUS_LIST_VC_ID | VC id of status list credential of base wallet | 8a6c7486-1e1f-4555-bdd2-1a178182651e |
TOKEN_EXPIRY_TIME | JWT(STS, VC and VP) expiry time in minutes | 5 |
PORTAL_WAIT_TIME | Wait time before we push did document to portal after wallet creation in seconds | 60 |
PORTAL_HOST | Host of port backend application | |
PORTAL_CLIENT_ID | Keycloak client_id to access portal API | |
PORTAL_CLIENT_SECRET | keycloak client_secret to access portal API | |
PORTAL_REALM | keycloak realm | |
PORTAL_AUTH_SERVER_URL | Authentication server(keycloak) | |
APP_LOG_LEVEL | Log level of application | DEBUG |
- Run application using gradle
./gradlew clean bootrun
- After successful running orf the application, you can access swagger
on
http://localhost:8080/ui/swagger-ui/index.html
Please refer deploy using helm
Detailed documentation can be found here
- Simple Java
Map
is used to store keypair, VC and VP of wallet to avoid any further complexity. Please refer MemoryStorage.java - This application will create same key for given BPN on given environment. Please refer DeterministicECKeyPairGenerator.java
- If a wallet is not created at any point of request, application will create a new wallet at runtime
- Application will issue new VC during
/presentations/query
API if not issued previously - Application will not give error if request VC is not already issue
- There is no separate IDP for this wallet application. OAuth token creation API is part of this application only
- We are not validating
client_secret
while creating OAuth token andclient_id
will be BPN - Negative scenarios are not covered
jti
claim is not validated- No actual revocation of verifiable credentials
- All stored credentials will be lost on restart of the application
- JWTs are printed with debug log level for debugging purposes
This application provides container images for demonstration purposes.
See Docker notice files for more information:
Distributed under the Apache 2.0 License. See LICENSE for more information.