Skip to content

Latest commit

 

History

History
74 lines (53 loc) · 3.62 KB

README.md

File metadata and controls

74 lines (53 loc) · 3.62 KB

img License

Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC)

This repository is the home of a project to achieve verifiable credential based authentication using OpenID Connect.

See here for background into how this integration is defined.

For configuration instructions, refer to the configuration guide.

Make sure to read the best practices to be used when protecting a web application using vc-authn-oidc.

A Quick Demo

Pre-requisites

You will need an instance of von-network running in Docker

Running the demo

The following demo starts up the VCAuthn-Service and its associated dependencies, along with an instance of keycloak.

To start the demo run the following commands from within the docker folder:

    ./manage build
    ./manage start

Once you have the service running, a presentation request configuration must be configured on the service. You can configure this through either browsing to the swagger interface here or running the following curl command with a valid request body

    curl -X POST "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}"

The API is protected with an APIKey which defaults to Test in the demo

An example of a valid presentation request configuration is the following.

{
  "id": "test-request-config",
  "subject_identifier": "email",
  "configuration": {
    "name": "Basic Proof",
    "version": "1.0",
    "requested_attributes": [
      {
        "name": "email",
        "restrictions": []
      },
      {
        "name": "first_name",
        "restrictions": []
      },
      {
        "name": "last_name",
        "restrictions": []
      }
    ],
    "requested_predicates": []
  }
}

After configuring this, if you used the above presentation request configuration example, you can browse to keycloaks login page with this link

From here you can click the vc-authn option to try out the flow. Clicking this should redirect your browser to the VC-Authn service and display a QR-Code base challenge.

For more interactive demos, refer to the demo readme

Project Affiliation

This project was formed from the code with us opportunity executed by Mattr funded by BCGov.