diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 950990dee..dda74a8c0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -36,6 +36,7 @@ jobs:
deployment: prod
namespace: default
portals: portals
+ kubeconfig_secret: NL_KUBE_CONFIG
tag:
uses: walt-id/waltid-identity/.github/workflows/tag.yml@266f5c09359450c39019a6da38f2b331e7122918
needs: [ version, deploy ]
diff --git a/.run/Issuer.run.xml b/.run/Issuer.run.xml
index 3efb04e4b..86dd8a77f 100644
--- a/.run/Issuer.run.xml
+++ b/.run/Issuer.run.xml
@@ -5,7 +5,7 @@
-
+
diff --git a/docker-compose/.env b/docker-compose/.env
index 2b795d9ed..c352c1885 100644
--- a/docker-compose/.env
+++ b/docker-compose/.env
@@ -23,6 +23,6 @@ MSSQL_DB_PORT=1433
#sqlite | postgres | mssql
DATABASE_ENGINE=postgres
-VERSION_TAG=0.10.0
+VERSION_TAG=0.11.0
#identity | identity,tse | all
COMPOSE_PROFILES=identity
diff --git a/waltid-applications/waltid-web-portal/pages/verify/index.tsx b/waltid-applications/waltid-web-portal/pages/verify/index.tsx
index f7b57ba25..7d32951a7 100644
--- a/waltid-applications/waltid-web-portal/pages/verify/index.tsx
+++ b/waltid-applications/waltid-web-portal/pages/verify/index.tsx
@@ -41,11 +41,18 @@ export default function Verification() {
return false;
});
+ const standardVersion = 'draft13'; // ['draft13', 'draft11']
+ const issuerMetadataConfigSelector = {
+ 'draft13': 'credential_configurations_supported',
+ 'draft11': 'credentials_supported',
+ }
+
+ const issuerMetadata = await axios.get(`${env.NEXT_PUBLIC_ISSUER ? env.NEXT_PUBLIC_ISSUER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_ISSUER}/${standardVersion}/.well-known/openid-credential-issuer`);
const request_credentials = credentials.map((credential) => {
if (mapFormat(format) === 'vc+sd-jwt') {
- let url = `${env.NEXT_PUBLIC_ISSUER ? env.NEXT_PUBLIC_ISSUER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_ISSUER}`;
+ let url = issuerMetadata.data[issuerMetadataConfigSelector[standardVersion]][`${credential.offer.type[credential.offer.type.length - 1]}_vc+sd-jwt`].vct;
return {
- vct: `${url}/${credential.offer.type[credential.offer.type.length - 1]}`,
+ vct: url,
format: mapFormat(format),
};
} else {
@@ -75,7 +82,7 @@ export default function Verification() {
const response = await axios.post(
`${env.NEXT_PUBLIC_VERIFIER ? env.NEXT_PUBLIC_VERIFIER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_VERIFIER}/openid4vc/verify`,
- requestBody,
+ requestBody,
{
headers: {
successRedirectUri: `${window.location.origin}/success/$id`,
diff --git a/waltid-services/waltid-issuer-api/src/main/kotlin/id/walt/issuer/issuance/OidcApi.kt b/waltid-services/waltid-issuer-api/src/main/kotlin/id/walt/issuer/issuance/OidcApi.kt
index 2f85270eb..20aea5910 100644
--- a/waltid-services/waltid-issuer-api/src/main/kotlin/id/walt/issuer/issuance/OidcApi.kt
+++ b/waltid-services/waltid-issuer-api/src/main/kotlin/id/walt/issuer/issuance/OidcApi.kt
@@ -1,8 +1,6 @@
package id.walt.issuer.issuance
-import id.walt.policies.Verifier
-import id.walt.policies.models.PolicyRequest.Companion.parsePolicyRequests
import id.walt.oid4vc.OpenID4VC
import id.walt.oid4vc.data.*
import id.walt.oid4vc.data.dif.PresentationDefinition
@@ -19,6 +17,8 @@ import id.walt.oid4vc.responses.AuthorizationErrorCode
import id.walt.oid4vc.responses.CredentialErrorCode
import id.walt.oid4vc.responses.PushedAuthorizationResponse
import id.walt.oid4vc.util.randomUUID
+import id.walt.policies.Verifier
+import id.walt.policies.models.PolicyRequest.Companion.parsePolicyRequests
import id.walt.sdjwt.JWTVCIssuerMetadata
import id.walt.sdjwt.SDJWTVCTypeMetadata
import io.github.oshai.kotlinlogging.KotlinLogging
@@ -61,7 +61,7 @@ object OidcApi : CIProvider() {
}) {
get("{standardVersion}/.well-known/openid-configuration", {
request {
- standardVersionQueryParameter()
+ standardVersionPathParameter()
}
}) {
val metadata = getMetadataForVersion(
@@ -73,7 +73,7 @@ object OidcApi : CIProvider() {
get("{standardVersion}/.well-known/openid-credential-issuer", {
request {
- standardVersionQueryParameter()
+ standardVersionPathParameter()
}
}) {
val metadata = getMetadataForVersion(
@@ -85,7 +85,7 @@ object OidcApi : CIProvider() {
get("{standardVersion}/.well-known/oauth-authorization-server", {
request {
- standardVersionQueryParameter()
+ standardVersionPathParameter()
}
}) {
val metadata = getMetadataForVersion(
@@ -97,13 +97,18 @@ object OidcApi : CIProvider() {
get("/.well-known/jwt-vc-issuer/{standardVersion}", {
request {
- standardVersionQueryParameter()
+ standardVersionPathParameter()
}
}) {
call.respond(HttpStatusCode.OK, JWTVCIssuerMetadata(issuer = metadata.issuer, jwksUri = metadata.jwksUri))
}
- get("/.well-known/vct/{standardVersion}/{type}") {
+ get("/.well-known/vct/{standardVersion}/{type}", {
+ request{
+ standardVersionPathParameter()
+ typePathParameter()
+ }
+ }) {
val credType = call.parameters["type"] ?: throw IllegalArgumentException("Type required")
// issuer api is the
@@ -139,7 +144,7 @@ object OidcApi : CIProvider() {
get("{standardVersion}/jwks", {
request {
- standardVersionQueryParameter()
+ standardVersionPathParameter()
}
}) {
call.respond(HttpStatusCode.OK, getJwksSessions())
@@ -441,7 +446,7 @@ object OidcApi : CIProvider() {
} else {
val credReq = CredentialRequest.fromJSON(call.receive())
try {
- val session = parsedToken.get(JWTClaims.Payload.subject)?.jsonPrimitive?.content?.let { getSession(it) }
+ val session = parsedToken[JWTClaims.Payload.subject]?.jsonPrimitive?.content?.let { getSession(it) }
?: throw CredentialError(credReq, CredentialErrorCode.invalid_request, "Session not found for access token")
call.respond(generateCredentialResponse(credReq, session).toJSON())
} catch (exc: CredentialError) {
@@ -477,7 +482,7 @@ object OidcApi : CIProvider() {
} else {
val req = BatchCredentialRequest.fromJSON(call.receive())
try {
- val session = parsedToken.get(JWTClaims.Payload.subject)?.jsonPrimitive?.content?.let { getSession(it) }
+ val session = parsedToken[JWTClaims.Payload.subject]?.jsonPrimitive?.content?.let { getSession(it) }
?: throw BatchCredentialError(req, CredentialErrorCode.invalid_request, "Session not found for access token")
call.respond(generateBatchCredentialResponse(req, session).toJSON())
} catch (exc: BatchCredentialError) {
@@ -550,12 +555,18 @@ object OidcApi : CIProvider() {
}
}
- private fun OpenApiRequest.standardVersionQueryParameter() = queryParameter("standardVersion") {
+ private fun OpenApiRequest.standardVersionPathParameter() = pathParameter("standardVersion") {
description = "The value of the standard version. Supported values are: draft13 and draft11"
example("Example") { value = "draft13" }
required = true
}
+ private fun OpenApiRequest.typePathParameter() = pathParameter("type") {
+ description = "The value of the credential type."
+ example("Example") { value = "identity_credential" }
+ required = true
+ }
+
private fun getPushedAuthorizationSession(authorizationRequest: AuthorizationRequest): IssuanceSession {
return authorizationRequest.requestUri?.let {
getVerifiedSession(OpenID4VC.getPushedAuthorizationSessionId(it)) ?: throw AuthorizationError(
diff --git a/waltid-services/waltid-wallet-api/Dockerfile b/waltid-services/waltid-wallet-api/Dockerfile
index 6b7082dd4..c3f5e381b 100644
--- a/waltid-services/waltid-wallet-api/Dockerfile
+++ b/waltid-services/waltid-wallet-api/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/gradle:jdk17 AS buildstage
+FROM docker.io/gradle:jdk21 AS buildstage
COPY gradle/ /work/gradle
COPY settings.gradle.kts build.gradle.kts gradle.properties gradlew /work/
@@ -45,7 +45,7 @@ COPY waltid-services/waltid-wallet-api/build.gradle.kts waltid-services/waltid-w
RUN gradle clean installDist
-FROM docker.io/eclipse-temurin:17
+FROM docker.io/eclipse-temurin:21
# Non-root user
RUN useradd --create-home waltid
diff --git a/waltid-services/waltid-wallet-api/k8s/deployment-dev.yaml b/waltid-services/waltid-wallet-api/k8s/deployment-dev.yaml
index f29593bf7..36708fdc6 100644
--- a/waltid-services/waltid-wallet-api/k8s/deployment-dev.yaml
+++ b/waltid-services/waltid-wallet-api/k8s/deployment-dev.yaml
@@ -201,7 +201,7 @@ spec:
- name: NUXT_PUBLIC_DEV_WALLET_URL
value: "https://wallet-dev.test.waltid.cloud"
- name: NUXT_PUBLIC_CREDENTIALS_REPOSITORY_URL
- value: "https://vc-repo.walt-test.cloud"
+ value: "https://credentials.test.waltid.cloud"
ports:
- containerPort: 7101
name: http-api