Skip to content

Latest commit

 

History

History
51 lines (30 loc) · 4.4 KB

README.md

File metadata and controls

51 lines (30 loc) · 4.4 KB

VC AuthN Demo Applications

This is a demo application that uses vc-authn-oidc as Identity Provider to access a web resource directly, without requiring the use of third-party Access and Identity Management solutions.

Running the Demo

Pre-Requisites

This demo requires you to have a mobile wallet installed on your mobile phone. Visit this page for guidance on getting your own mobile wallet on iOS or Android.

Once you have the mobile app, you must obtain a Verified Email credential from this Email Verification Service. Instructions to do that are on the site.

You will also need to have Docker installed and running. Want to run this a—no Docker needed? See these instructions about running this in your browser using Play with Docker.

ℹ️ If you have publicly accessible endpoints for your agent and controller, you can skip starting ngrok and provide your endpoints when starting the components prefixing the manage command with the NGROK_AGENT_URL and NGROK_CONTROLLER_URL environment variables.

Example: NGROK_AGENT_URL=${NGROK_AGENT_URL} NGROK_CONTROLLER_URL=${NGROK_CONTROLLER_URL} ./manage start

Running the Apps

In addition to the above pre-requirements, you will need three bash shell instances open at the following locations:

  1. vc-authn-oidc/docker
  2. demo/docker
  3. demo/scripts

Run ./manage build in shells number 1 and 2 to assemble the images required to run the demo services.

When the builds are completed, run start-ngrok.sh in shell number 3. This will run an instance of ngrok used to allow your mobile agent to communicate with the services running on localhost.

Now we can start the services:

  • In shell number 1 run ./manage start-demo

Once the services are running, we will need to configure vc-authn-oidc so that it will request the Verified Email credential. To do this, execute the following command in another shell (you can use, as an example, shell number 2):

curl -X POST "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{\"id\": \"verified-email\",\"subject_identifier\": \"email\", \"configuration\": { \"name\": \"verified-email\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [ { \"schema_name\": \"verified-email\", \"issuer_did\": \"MTYqmTBoLT7KLP5RNfgK3b\" } ] } ], \"requested_predicates\": [] }}"

Additionally, we need to add the valid redirect URI for the test client to the vc-authn-oidc-controller database: a new entry should be created in the ClientRedirectUris table. To acquire the credentials to connect to to the database you can refer to the environment variables set in the controller-db section of the main manage script, however the default parameters for the demo clients have been pre-configured for convenience.

  • In shell number 2 run ./manage start

Try the Demos!

Django

Once the applications have started, navigate your web browser to http://localhost:8080 and try clicking the link to provide a Verified Email credential: you will be redirected to a page displaying a QR code generated by vc-authn-oidc. If you have previously obtained the Verified Email credential, you should be able to scan the code with your mobile wallet app, present the required proof and be able to access the protected page in the web application.

Angular

To test the second demo application, navigate your web browser to http://localhost:4200 and try clicking the button Authenticate. You will be redirected to to the Keycloak log in page (using OIDC code flow auth).
On the right side, click the log in with Verified Credential Access button, you will be redirected to a page displaying a QR code generated by vc-authn-oidc. If you have previously obtained the Verified Email credential, you should be able to scan the code with your mobile wallet app, present the required proof and after redirect back to web application, be authenticated in the web application. You can see your email, roles, id token, access token and user data. The access token will be every time automatically/silent refreshed before it expired.