Credential Providers
Last updated
Was this helpful?
Last updated
Was this helpful?
Inji Wallet currently provides support for following credential providers:
Download VC using OpenID for VC Issuance Flow
National ID
Insurance
To set up a new provider that can issue VC, it can be accomplished by making a few configuration changes.
Steps:
The configuration details can be found in the mimoto-issuers-config.json
property file. This file is maintained separately for each deployment environment. In this repository, each environment's configuration is stored in a dedicated branch specific to that environment.
Refer to of Collab environment.
These values will be used by Inji Wallet via Mimoto. Mimoto exposes APIs which is used by the Inji Wallet application to fetch, store the issuers and their configurations in the local storage.
API used to fetch issuers: https://api.collab.mosip.net/v1/mimoto/issuers
In mimoto-issuers-config.json
, new providers can be added as per the well-known
schema defined by OpenID4VCI standards.
After adding the provider in configuration, it will be displayed on the UI on Add new card
screen.
If new provider supports protocol, it is recommended to use issuerMachine.ts
for workflow to download VC.
At present, Inji Wallet supports verification of VCs which has RSA proof type. If VC is issued with any other proof type, VC verification is bypassed and it is marked as verified.
Token endpoint should also use same issuer id. Refer https://github.com/mosip/inji-config/blob/collab/mimoto-issuers-config.json#L140
Once the above steps are completed, mimoto should be onboarded as an OIDC client for every issuer. Please check the steps in the below sections.
If you are looking to try out wallet and certify building locally, then you can use collab env eSignet as authorization server. Here are the details:
We have configured few UINs/Individual Ids to use. These UINs can be used while configuring the data for credential. (Few Demo UINs you can use):
Male (Adult)
2154189532 , 5614273165
Female (Adult)
2089250384 , 5860356276
Minor (aged btw 5-18yrs)
3963293078
Infant (aged below 5 yrs)
5134067562
Use wallet-demo
as client id in mimoto-issuers-config.json
Use wallet-demo-client
as client alias in mimoto-issuers-config.json
authorization server to use in well-known
is https://esignet-mock.collab.mosip.net
After configuring issuers and data as mentioned above, we will be able to successfully authenticate through esigent and download credential in wallet.
Step 1:
Please find a zip file attached to this document called certgen.zip which will help the user in creating the p12 file as well as the public-key.jwk file.
Step 2:
The Userguide.md file explains the working of the script.
Step 3:
Create a client ID using the Esignet API which is mentioned below:
Sample Request Body:
Sample Response :
Step 4:
The logo URL should be uploaded to file server.
Step 5:
Once p12 file is generated, existing keystore file has to be exported from mimoto pod and newly created p12 file has to be imported and remounted in the Mimoto pod.
Step 6:
Once mimoto is added as an OIDC client, the new issuer should be added as a partner to mimoto.
Add this newly created partner into existing keystore - download the existing p12 file from the mimoto pod using this command from the environment's terminal:
Add the esignet--partner's key as alias “esignet--partner“ onto the same p12 file using a tool like keystore-explorer. Use the password used while generating p12 file
The below image shows how to browse and select the client-id’s oidckeystore as the second alias. in the decryption password field should have the password of the p12 file. Note: we have used esignet-sunbird-partner
as client id for reference in the attachment
The below image shows how to add an alias for the new key pair, here the value is esignet-sunbird-partner.
To take a backup of the original keystore.p12 use the following command
Delete the existing mimotooidc secret using the following command
To create a new secret containing both the keypair.
Create the required secrets in the cluster such as mimoto.oidc.mock.partner.clientid and use the client ID from the response of create oidc-client request.
Make sure to add the the mimoto.oidc.mock.partner.clientid inside the config-server deployment yaml file
Restart the Mimoto pod to take all the changes.
oidckeystore.p12 file is attached password to unlock this is xy4gh6swa2i
Create a partner - following is the process of adding a new partner by the name of “esignet--partner “ onto mimoto. Refer to create a partner and onboard the partner in MOSIP Ecosystem.