This repository contains the implementation of Authorization Code flow of OAuth 2.0. Supports all the mandatory features of OIDC (Open ID Connect) specification.
e-Signet repository contains following:
- esignet-core - Library containing all the common interfaces, DTOs and utils that is used as dependency in the other esignet module libraries and services
- esignet-service - Deployable API service containing all the OIDC and UI controllers.
- esignet-integration-api - Library containing all the integration interfaces.
- client-management-service-impl - Client management implementations classes.
- oidc-service-impl - Oauth and OIDC implementation classes.
- binding-service-impl - key and individualId binding service implementation classes.
- consent-service-impl - Service to manage user consent per client.
- vci-service-impl - Credential issuance service implementation classes.
- db_scripts - Contains all the db scripts required to setup or upgrade the DB for esignet module.
Refer to SQL scripts.
The project requires JDK 11.
- Build and install:
$ mvn clean install -Dgpg.skip=true
- Build Docker for a service:
$ docker build -f Dockerfile
- Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
- Make sure DB setup is done.
- Add / merge below mentioned properties files into existing config branch:
- Below are the dependent services required for esignet service integrated with MOSIP IDA:
Chart Chart version Keycloak 7.1.18 Keycloak-init 12.0.1-B3 Postgres 10.16.2 Postgres Init 12.0.1-B3 Minio 10.1.6 Kafka 0.4.2 Config-server 12.0.1-B3 Websub 12.0.1-B2 Artifactory server 12.0.1-B3 Keymanager service 12.0.1-B2 Kernel services 12.0.1-B2 Biosdk service 12.0.1-B3 Idrepo services 12.0.1-B2 Pms services 12.0.1-B3 IDA services 12.0.1-B3
- Install
kubectl
andhelm
utilities. - Run
install-all.sh
to deploy esignet services.cd helm ./install-all.sh
- During the execution of the
install-all.sh
script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server. - If the server lacks a public domain and a valid SSL certificate, it is advisable to select the
n
option. Opting it will enable theinit-container
with anemptyDir
volume and include it in the deployment process. - The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e.,
cacerts
) file. - This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.
- Run
delete-all.sh
to remove esignet services.cd helm ./delete-all.sh
- Run
restart-all.sh
to restart esignet services.cd helm ./restart-all.sh
- Run onboarder's install.sh script to exchange jwk certificates.
API documentation is available here.
This project is licensed under the terms of Mozilla Public License 2.0.