OpenID For VP (openwallet-foundation#926)

* feat: add new models Signed-off-by: Micah Peltier <[email protected]> * feat: add request, pres_def admin routes Signed-off-by: Micah Peltier <[email protected]> * feat: (WIP) more routes for oid4vp Signed-off-by: Micah Peltier <[email protected]> * fix: quick fixes for oid4vp routes Signed-off-by: Micah Peltier <[email protected]> * feat: add topics Signed-off-by: Micah Peltier <[email protected]> * fix: register get_request Signed-off-by: Micah Peltier <[email protected]> * feat: get presentation admin routes Signed-off-by: Micah Peltier <[email protected]> * feat: Add HTMX demo for OID4VC After talking with @dbluhm, we've decided to replace the heavy/time-consuming react.js demo with a much lighter weight and faster HTMX-based demo. What's contained within this commit is a first pass towards those efforts and (for the most part) works just fine. Future commits will expound upon the presentation flow, as well as clean up the code to make it a bit easier to read. Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * feat: add pres delete route Signed-off-by: Micah Peltier <[email protected]> * fix: fix demo app crashes Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * feat: (WIP) did jwk work, etc. Signed-off-by: Micah Peltier <[email protected]> * fix: issue to subject did not kid Signed-off-by: Daniel Bluhm <[email protected]> * feat: add pex evaluator Signed-off-by: Daniel Bluhm <[email protected]> * feat: id needs to be uuid4 to pass schema validation Signed-off-by: Micah Peltier <[email protected]> * fix: minor adjustments Signed-off-by: Micah Peltier <[email protected]> * feat: model adjustments Signed-off-by: Micah Peltier <[email protected]> * feat: get request admin route working Signed-off-by: Micah Peltier <[email protected]> * feat: add response public route Signed-off-by: Micah Peltier <[email protected]> * refactor: rename plugin for clarity Signed-off-by: Daniel Bluhm <[email protected]> * fix: more renames vci to vc Signed-off-by: Daniel Bluhm <[email protected]> * refactor: rename whole plugin Signed-off-by: Daniel Bluhm <[email protected]> * refactor: remove old frontend Signed-off-by: Daniel Bluhm <[email protected]> * fix: oid4vci rename in lite plugins Signed-off-by: Daniel Bluhm <[email protected]> * refactor: move jwt_vc_json into oid4vc plugin Signed-off-by: Daniel Bluhm <[email protected]> * refactor: move mso_mdoc into oid4vc plugin Signed-off-by: Daniel Bluhm <[email protected]> * chore: cleanup old dir Signed-off-by: Daniel Bluhm <[email protected]> * chore: linting and formatting Signed-off-by: Daniel Bluhm <[email protected]> * fix: failing tests Signed-off-by: Daniel Bluhm <[email protected]> * fix: issues with EdDSA Signed-off-by: Daniel Bluhm <[email protected]> * test: int test presentation with credo Signed-off-by: Daniel Bluhm <[email protected]> * feat: Add initial webhook support Just committing stuff that hasn't been committed in a while (apparently) Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * feat: Add responsive & debug presentations Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * feat: some readme updates, new diagram Signed-off-by: Micah Peltier <[email protected]> * chore: docstring cleanup, remove commented code Signed-off-by: Micah Peltier <[email protected]> * feat: Add process logging to issuance Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * chore: cleanup unused code Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * chore: Cleanup demo controller Signed-off-by: Colton Wolkins (Laptop) <[email protected]> * chore: fix typos Signed-off-by: Micah Peltier <[email protected]> --------- Signed-off-by: Micah Peltier <[email protected]> Signed-off-by: Colton Wolkins (Laptop) <[email protected]> Signed-off-by: Daniel Bluhm <[email protected]> Co-authored-by: Colton Wolkins (Laptop) <[email protected]> Co-authored-by: Daniel Bluhm <[email protected]>
jamshale · Sep 5, 2024 · 55630da · 55630da
1 parent 29fcf95
commit 55630da
Show file tree

Hide file tree

Showing 154 changed files with 4,617 additions and 37,879 deletions.
diff --git a/jwt_vc_json/jwt_vc_json/__init__.py b/jwt_vc_json/jwt_vc_json/__init__.py
diff --git a/jwt_vc_json/jwt_vc_json/v1_0/__init__.py b/jwt_vc_json/jwt_vc_json/v1_0/__init__.py
diff --git a/jwt_vc_json/poetry.lock b/jwt_vc_json/poetry.lock
diff --git a/jwt_vc_json/pyproject.toml b/jwt_vc_json/pyproject.toml
diff --git a/mso_mdoc/mso_mdoc/__init__.py b/mso_mdoc/mso_mdoc/__init__.py
diff --git a/mso_mdoc/mso_mdoc/v1_0/__init__.py b/mso_mdoc/mso_mdoc/v1_0/__init__.py
diff --git a/mso_mdoc/mso_mdoc/v1_0/tests/__init__.py b/mso_mdoc/mso_mdoc/v1_0/tests/__init__.py
diff --git a/mso_mdoc/mso_mdoc/v1_0/tests/mdoc/__init__.py b/mso_mdoc/mso_mdoc/v1_0/tests/mdoc/__init__.py
diff --git a/mso_mdoc/mso_mdoc/v1_0/tests/mso/__init__.py b/mso_mdoc/mso_mdoc/v1_0/tests/mso/__init__.py
diff --git a/mso_mdoc/pyproject.toml b/mso_mdoc/pyproject.toml
diff --git a/oid4vci/.devcontainer/Dockerfile → oid4vc/.devcontainer/Dockerfile b/oid4vci/.devcontainer/Dockerfile → oid4vc/.devcontainer/Dockerfile
diff --git a/oid4vci/.devcontainer/devcontainer.json → oid4vc/.devcontainer/devcontainer.json b/oid4vci/.devcontainer/devcontainer.json → oid4vc/.devcontainer/devcontainer.json
diff --git a/oid4vci/.devcontainer/post-install.sh → oid4vc/.devcontainer/post-install.sh b/oid4vci/.devcontainer/post-install.sh → oid4vc/.devcontainer/post-install.sh
diff --git a/oid4vci/.pre-commit-config.yaml → oid4vc/.pre-commit-config.yaml b/oid4vci/.pre-commit-config.yaml → oid4vc/.pre-commit-config.yaml
diff --git a/oid4vci/README.md → oid4vc/README.md b/oid4vci/README.md → oid4vc/README.md
@@ -19,41 +19,48 @@ This repository showcases a simplified demonstration of the OID4VCI (OpenID for
 First, you'll have to get your authtoken from ngrok. Note this value down.
 
 ```shell
-cd oid4vci/demo
-docker compose build
+cd oid4vc/demo
+docker-compose build
 echo "NGROK_AUTHTOKEN=<PASTE YOUR AUTHTOKEN HERE>" > .env
-docker compose up
-docker compose down -v  # Clean up
+docker-compose up
+docker-compose down -v  # Clean up
 ```
 
 If you're using Apple Silicon, you may have to separately build the image with the appropriate platform flag (from the `demo` directory):
 
 ```sh
-DOCKER_DEFAULT_PLATFORM=linux/amd64 docker build -f ../docker/Dockerfile --tag oid4vci ..
+DOCKER_DEFAULT_PLATFORM=linux/amd64 docker build -f ../docker/Dockerfile --tag oid4vc ..
 ```
 
 ### Demo Flow
 
-Navigate to `http://localhost:3002` in your browser. You will start at the registration page.
+Navigate to `http://localhost:3002` in your browser. You will start at the landing page. The sidebar has buttons to take you to the issuance and presentation pages. 
+
+1. Issue Credential
 
-1. Admin Registration Page
+   - This page generates a simple `UniversityCredential` for issuance
+       - The demo obscures and automates the necessary `credential-supported/create` call, which is what defines the type and values of a credential that can be issued
 
-- Demonstrates the issuer's process of registering a new OID4VCI credential type.
-- Utilizes the admin API to create a supported credential record for issuance tracking.
-- In a production environment, this process is dynamic, but for the demo, it's simplified to a single button click.
+   - Preparing a credential offer is simple:
+      - Enter your name and email, or use the test value provided, and hit `Register`
+      - Once you hit `Register`, you'll be automatically taken to the Credential Offer Page
 
-1. Input Form Page
+2. Credential Offer Page
+   - Presents a credential offer in the form of a QR code.
+   - Scan the QR code using the Sphereon Wallet app.
+   - The Sphereon Wallet follows the OID4VC flow, requesting an authentication token and using it to obtain a credential.
+   - The OID4VC plugin determines the credential subjects based on the exchange record.
 
-- Illustrates the user's initiation of an interaction with an issuer to request a credential.
-- The data submitted here will end up in the issued credential.
+Now you have a `UniversityCredential` in your Sphereon Wallet. To demonstrate the other half of the OID4VC plugin, click on the `Present Credential` button on the sidebar.
 
-3. Credential Offer Page
+3. Present Credential
+   - The Present Credential page has a single button on it: Present Credential
+   - When you press that button, the demo will prepare a QR code that contains a presentation request
+     - Again, the demo obscures and automates some of the necessary calls to prepare the request, but you can see the calls being made in the logs
+   - Scan this QR code with your Sphereon Wallet app
+   - Follow the steps on the app, which will prompt you to select a University Credential from your wallet
 
-- Presents a credential offer in the form of a QR code.
-- The Input Form Page uses the admin API to create an exchange record, tracking user information, OID4VCI token, codes, pins, and credential subjects.
-- Scan the QR code using the Sphereon Wallet app.
-- The Sphereon Wallet follows the OID4VCI flow, requesting an authentication token and using it to obtain a credential.
-- The OID4VCI plugin determines the credential subjects based on the exchange record.
+As mentioned, the demo automatically takes care of a lot of the setup calls necessary to prepare credential definitions, presentation requests, and so forth. You can see what calls are being made, and with what values, both in the container logs and on the page.
 
 ### Note
 
@@ -81,6 +88,8 @@ The plugin adds two records to ACA-Py, `OID4VCIExchangeRecord` and `SupportedCre
 
 It is the Controller's responsibility to prepare Credential Issuer Metadata, collect and record details about the credential subject, (optionally) generate and deliver a User PIN to the holder out of band, and to generate and present the credential offer to the holder.
 
+### Credential Issuance
+
 ```mermaid
 sequenceDiagram
 autonumber
@@ -136,6 +145,36 @@ controller ->> alice: redirect to success page
 end
 end
 ```
+### Credential Presentation
+```mermaid
+sequenceDiagram
+autonumber
+
+actor alice as Alice
+participant holder as Wallet
+participant controller as Controller
+box OpenID4VCI Plugin
+participant public as Public Routes
+participant admin as Admin Routes
+end
+participant acapy as ACA-Py Core
+
+controller ->> admin: POST /oid4vp/presentation-definition
+admin ->> acapy: store presentation definition
+admin -->> controller: created presentation definition
+alice ->> controller: Hits web page initiating presentation
+controller ->> admin: POST /oid4vp/request
+admin ->> acapy: save request record associated <br/>with a particular pres def 
+admin -->> controller: request URI
+controller ->> alice: QR Code
+alice ->> holder: Scan QR Code
+holder ->> public: GET /oid4vp/request/{request_id} (request uri in QR code)
+public -> acapy: retrieve stored request
+public -->> holder: request 
+holder ->> public: POST /oid4vp/response/{presentation_id}
+acapy ->> controller: POST /topic/oid4vp <br/>(state: presentation-valid/invalid)
+controller ->> holder: result
+```
 
 ## Usage
 
@@ -150,7 +189,7 @@ The Plugin expects the following configuration options. These options can either
 - `OID4VCI_ENDPOINT` or `oid4vci.endpoint`
     - `credential_issuer` endpoint, seen in the Credential Offer
 - `OID4VCI_CRED_HANDLER` or `oid4vci.cred_handler`
-    - Dict of credential handlers. e.g. `{"jwt_vc_json": "jwt_vc_json.v1_0"}`
+    - Dict of credential handlers. e.g. `{"jwt_vc_json": "jwt_vc_json"}`
 
 ### Creating Supported Credential Records
 
@@ -324,7 +363,7 @@ AFJ has an active PR working on adding support for Draft 11 version of the OpenI
 To run the integration tests:
 
 ```shell
-cd oid4vci/int
+cd oid4vc/integration
 docker compose build
 docker compose run tests
 docker compose down -v  # Clean up