This repository is the home of a project to achieve verifiable credential based authentication using OpenID Connect.
See here for background into how this integration is defined.
The VCAuthn-Service has two main dependencies
- A backend database, postgres is used as the provider
- An instance of ACA-Py for handling the interactions with verifiable credentials
To run the OIDC-Controller in debug, first you must run these dependencies with the following command
docker-compose -f ./docker/docker-compose.local-debug.yml
Following this you can either launch the VCAuthn-Service in debug via an IDE like VS Code or Visual Studio or run the following command
dotnet run ./src/VCAuthn
The following demo starts up the VCAuthn-Service and its associated dependencies, along with an instance of keycloak.
To start the demo run the following commands from within the docker folder:
./manage build
./manage start
Once you have the service running, a presentation request configuration must be configured on the service. You can configure this through either browsing to the swagger interface here or running the following curl command with a valid request body
curl -X POST "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "Authorization: Test" -H "Content-Type: application/json" -d "{ \"id\" : \"test-request-config\", \"subject_identifier\" : \"attribute1\", \"configuration\" : { \"name\" : \"test\", \"version\" : 1.0, \"requested_attributes\" : { \"attribute1\": { \"name\" : \"attribute1\", \"restrictions\" : [ { \"schema_id\": \"123\", \"schema_issuer_did\": \"\", \"schema_name\": \"name\", \"schema_version\": \"\", \"issuer_did\": \"\", \"cred_def_id\": \"\" }\t\t\t\t] }, \"attribute2\": { \"name\" : \"attribute2\", \"restrictions\" : [ { \"schema_id\": \"345\", \"schema_issuer_did\": \"\", \"schema_name\": \"name\", \"schema_version\": \"\", \"issuer_did\": \"\", \"cred_def_id\": \"\" }\t\t\t\t] }\t\t} }}"
The API is protected with an APIKey which defaults to
Testin the demo
An example of a valid presentation request configuration is the following.
{
"id" : "test-request-config",
"subject_identifier" : "attribute1",
"configuration" : {
"name" : "test",
"version" : 1.0,
"requested_attributes" : {
"attribute1": {
"name" : "attribute1",
"restrictions" : [
{
"schema_id": "123",
"schema_issuer_did": "",
"schema_name": "name",
"schema_version": "",
"issuer_did": "",
"cred_def_id": ""
}
]
},
"attribute2": {
"name" : "attribute2",
"restrictions" : [
{
"schema_id": "345",
"schema_issuer_did": "",
"schema_name": "name",
"schema_version": "",
"issuer_did": "",
"cred_def_id": ""
}
]
}
}
}
}
After configuring this, if you used the above presentation request configuration example, you can browse to keycloaks login page with this link
From here you can click the vc-authn option to try out the flow. Clicking this should redirect your browser to the VC-Authn service and display a QR-Code base challenge.
This project was formed from the code with us opportunity executed by Mattr funded by BCGov.