This repository is the home of a project to achieve verifiable credential based authentication using OpenID Connect.
See here for background into how this integration is defined.
For configuration instructions, refer to the configuration guide.
Make sure to read the best practices to be used when protecting a web application using vc-authn-oidc
.
You will need an instance of von-network running in Docker
The following demo starts up the VCAuthn-Service and its associated dependencies, along with an instance of keycloak.
To start the demo run the following commands from within the docker
folder:
./manage build
./manage start
Once you have the service running, a presentation request configuration must be configured on the service. You can configure this through either browsing to the swagger interface here or running the following curl command with a valid request body
curl -X POST "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}"
The API is protected with an APIKey which defaults to
Test
in the demo
An example of a valid presentation request configuration is the following.
{
"id": "test-request-config",
"subject_identifier": "email",
"configuration": {
"name": "Basic Proof",
"version": "1.0",
"requested_attributes": [
{
"name": "email",
"restrictions": []
},
{
"name": "first_name",
"restrictions": []
},
{
"name": "last_name",
"restrictions": []
}
],
"requested_predicates": []
}
}
After configuring this, if you used the above presentation request configuration example, you can browse to keycloaks login page with this link
From here you can click the vc-authn
option to try out the flow. Clicking this should redirect your browser to the VC-Authn service and display a QR-Code base challenge.
For more interactive demos, refer to the demo readme
This project was formed from the code with us opportunity executed by Mattr funded by BCGov.