-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[INJICERT-499] Added postgres plugin config docs #83
base: release-0.3.x
Are you sure you want to change the base?
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
## Configuration docs for Postgres Plugin | ||
|
||
- Pre-requisites | ||
Authorisation Provider should expose the unique identifier in the `sub` field of the JWT token. | ||
Eg. If one is using eSignet with mock-identity-system:0.10.0 and above it can be achieved by setting: | ||
```mosip.mock.ida.kyc.psut.field=individualId``` | ||
where individualId will be the identifier to locate the identity in the expected identity registry. | ||
|
||
1. Create the tables with all the fields that should be returned by the Postgres Data Provider Plugin within the certify postgres database. | ||
- Refer the following query for insertion in DB: | ||
``` | ||
CREATE TABLE certify.<table_name> ( | ||
attribute_1 <type> NOT NULL, | ||
attribute_2 <type> NOT NULL, | ||
... | ||
CONSTRAINT pk_id_code PRIMARY KEY (<identifier>) | ||
); | ||
``` | ||
|
||
2. The schema context containing all the required fields should be hosted in a public url. | ||
- Refer this link for an existing context: [Registration Receipt Schema](https://piyush7034.github.io/my-files/registration_receipt.json) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This URL is giving a 404, please host in the gh-pages branch of inji-config for all the file hosting needs. this change to be done for DID and context files also, lets create a folder with env as dev1 in the root and create the DID folder for add the did.json and keep the context directly under the dev1 folder. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. File URL referred was wrong, have fixed the filename. DIDs and context schema urls will be replaced with respective public URLs once it is hosted on gh-pages branch of inji-config repo in the above specified format. |
||
Eg: https://<username>.github.io/<project_name>/<file_name>.json | ||
- Also change the respective credential name: | ||
``` | ||
{ | ||
"@context": { | ||
"@version": 1.1, | ||
"@protected": true, | ||
"type": "@type", | ||
"schema": "https://schema.org/", | ||
"<credential_name>": { | ||
"@id": "https://<username>.github.io/<project_name>/<file_name>.json#<credential_name>" | ||
}, | ||
<field1>: "schema:<type>" | ||
<field2>: "schema:<type>" | ||
... | ||
} | ||
} | ||
``` | ||
- The primary_key should be a identifier that is existing in the current mock_identity_system records. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. lets not stress too much on the mock_identity_system, since it is only one reference impl and the actual places this plugin to be used might not sue the mock identity system There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Removed reference of mock-identity-system as it may not be a dependency every time. |
||
Eg: If "1234" is present in mock_identity table, then same identifier should be used for inserting records in the certify data tables | ||
- When the authentication is done using this particular identifier then the record from certify tables can be fetched by the postgres plugin and returned as a JSON Object. | ||
|
||
3. Insert the templates in the DB with credential subject containing all the fields which must be the part of issued credential. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This point fits in the certify docs, can we add there and have a link here pointing to that ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added a reference for the template_table scripts defined in db_scripts/mosip_certify/ddl folder of inji_certify. |
||
- Eg: Find the below template for reference: | ||
``` | ||
{ | ||
"@context": [ | ||
"https://www.w3.org/2018/credentials/v1", | ||
"https://piyush7034.github.io/my-files/registration-receipt.json", | ||
"https://w3id.org/security/suites/ed25519-2020/v1" | ||
], | ||
"issuer": "${issuer}", | ||
"type": [ | ||
"VerifiableCredential", | ||
"RegistrationReceiptCredential" | ||
], | ||
"issuanceDate": "${validFrom}", | ||
"expirationDate": "${validUntil}", | ||
"credentialSubject": { | ||
"attributeName1": "${<attribute1>}", | ||
"attributeName2": "${<attribute2>}" | ||
... | ||
} | ||
} | ||
``` | ||
- For referring the table creation and template insertion, see the sql scripts under certify_init.sql file: [certify-init](https://github.com/mosip/inji-certify/blob/develop/docker-compose/docker-compose-injistack/certify_init.sql) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. docker compose sql file is subjected to change later, can we not point to the db_script folder scripts ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Referred the above URL to point to the db_scripts/mosip_certify/ddl folder |
||
|
||
4. inji-config changes: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this topic is the most important topic in this read me file to call out the config specific to this plugin and how to configure each of them |
||
- Refer to the properties file in [inji-config](https://github.com/mosip/inji-config) that corresponds to the postgres plugin implementation. | ||
[Certify Postgres Land Registry](https://github.com/mosip/inji-config/blob/develop/certify-postgres-landregistry.properties) | ||
- The value for the property `mosip.certify.integration.data-provider-plugin` must be set to `PostgresDataProviderPlugin` | ||
- Refer to the below property for setting the query value against the scope for the credential that is to be issued: | ||
``` | ||
mosip.certify.data-provider-plugin.postgres.scope-query-mapping={ | ||
`credential_scope`: `select * from certify.<table_name> where <table_id>=:id` | ||
} | ||
``` | ||
- Add the scope defined above and the type of credential in the well-known config of the properties file. Refer to the property `mosip.certify.key-values` for the same. | ||
- Add the fields from the respective table in the well-known config. | ||
|
||
5. mosip-config changes: | ||
- Refer to the [authentication-config](https://github.com/mosip/mosip-config/pull/7653) properties file in mosip-config repo(esignet-mock in this case). | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If someone is uses a different authorization server other than eSignet, then these changes are not required. Lets change the point to tell what need to be done in the authorization server high level and call out what has to be done if the authorization server is eSignet. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Removed direct reference of esignet and added general comment to add the respective configurations corresponding to the scope-query-mapping config defined for postgres-plugin |
||
- Add the required scopes under `mosip.esignet.supported.credential.scopes` config. | ||
- Also add the scopes under `mosip.esignet.credential.scope-resource-mapping` config. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This step is not mandatory, we can point to existing tables also, but both certify and these table should be inside the same DB and schema
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed this as a point and added a note in pre-requisites