Skip to content

DIDroom credential issuer part of Forkbomb's SSI solution

Notifications You must be signed in to change notification settings

ForkbombEu/DIDroom_microservices

Repository files navigation

DIDroom standalone microservices

Implementation of the OpenID4VC with the Zenroom stack

DIDroom microservices is a comprehensive open-source implementation of the OpenID4VC "OpenID for Verifiable Credential" protocols, designed to easily deploy the entire credential issuance process.This project is built using the Zenroom ecosystem, incorporating Zencode natural language smart contracts for secure, flexible, and human-readable protocol implementation.





🧱 Building blocks

🎫 Verifiable Credential issuer

OIDC4VCI REFERENCE

The credential issuer is the component that implements the endpoint to issue verifiable credentials in different formats (eg. w3c-vc, iso.18013-5 aka mDL) actually it's agnostic to the format.

API for credential issuance is comprised of the following endpoints

Mandatory

POST /credential
GET /.well-known/openid-credential-issuer
GET /.well-known/openid-configuration

Optionals

GET /credential_offer
GET /authorize
POST /batch_credential
POST /token
POST /op/par
POST /as/par

Core concepts of the issuer:

  • Wallets can request one OR batch requests for one OR multiple credentials with the same access token
  • Credentials can be issued syncronously or deferred
  • Multiple key proof types are supported
  • The same OAuth 2.0 Authorization Server can protect one or more Credential Issuers. Wallets determine the Credential Issuer's Authorization Server using the Credential Issuer's metadata

🚦 Authorization Server OAuth 2.0

REFERENCE RFC6749

Credential Issuers use OAuth 2.0 RFC6749 Authorization Server for access. A single server can protect multiple Issuers, identified via metadata (/.well-known/openid-credential-issuer). All OAuth 2.0 Grant Types and extensions work with the credential issuance API. Unspecified aspects follow [@!RFC6749]. Some tweaks and enhancements are needed although, this extensions include:

  • New Authorization Details Type - openid_credential:

  • New Token Response Error Codes:

    • authorization_pending and slow_down support deferred authorization for Pre-Authorized Code grant type.
  • Client Metadata:

    • Uses client metadata, introducing credential_offer_endpoint for Wallet to publish its Credential Offer Endpoint (see #client-metadata).
  • Authorization Endpoint Enhancements:

    • Adds issuer_state for issuer-initiated Credential Offer processing (see #credential-authz-request).
    • Introduces wallet_issuer and user_hint for Credential Issuers to request Verifiable Presentations during Authorization Request.
  • Token Endpoint Enhancements:

    • Adds optional response parameters - c_nonce and c_nonce_expires_in - for nonce-based proof of possession of key material (see #token-response).

For details, refer to the full specification.

🔝 back to top


🎮 Quick start

To start using all the components run the following command in the root folder

make

Then point your browser to the http://localhost:3000/docs to see all the exposed endpoints

🔝 back to top


🚑 Community & support

📝 Documentation - Getting started and more.

🌱 Ecosystem - W3C-DID Dyne, Signroom, Zenroom, Didroom

🚩 Issues - Bugs end errors you encounter using {project_name}.

[] Matrix - Hanging out with the community.

🗣️ Discord - Hanging out with the community.

🪁 Telegram - Hanging out with the community.

🔝 back to top


🐋 Docker

You can start it using docker, just have to mount you static file directory

docker pull ghcr.io/forkbombeu/didroom_microservices:latest
docker run -p 3000:3000 -v public:/app/public ghcr.io/forkbombeu/didroom_microservices:latest

Please refer to DOCKER PACKAGES

🔝 back to top


🐝 API

Available endpoints, TBD

🔝 back to top


🔧 Configuration

TBD

🔝 back to top


📋 Testing

TBD

🔝 back to top


🐛 Troubleshooting & debugging

Availabe bugs are reported via GitHub issues.

🔝 back to top


😍 Acknowledgements

Copyleft 🄯 2023 by Forkbomb BV, Amsterdam

Designed, written and maintained by Puria Nafisi Azizi, Andrea D'Intino, Alberto Lerda with contributions of Matteo Cristino.

🔝 back to top


👤 Contributing

Please first take a look at the our Contributor License Agreement then

  1. 🔀 FORK IT
  2. Create your feature branch git checkout -b feature/branch
  3. Commit your changes git commit -am 'feat: New feature\ncloses #398'
  4. Push to the branch git push origin feature/branch
  5. Create a new Pull Request gh pr create -f
  6. 🙏 Thank you

🔝 back to top


💼 License

Didroom standalone microservices
Copyleft 🄯 2023 Forkbomb BV, Amsterdam

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

🔝 back to top

About

DIDroom credential issuer part of Forkbomb's SSI solution

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages