From ce9dcae2879963b02839b3e80807aa8f1dbf2b56 Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 28 Sep 2023 21:48:28 +0200 Subject: [PATCH] Improve the readme --- README.md | 66 +++++++++++++++++---------------- src/University/appsettings.json | 6 +-- 2 files changed, 37 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index a1bf2c4..987be88 100644 --- a/README.md +++ b/README.md @@ -22,49 +22,51 @@ Validate that the flow can be implemented using this trinsic.id ID-Tech platform Provide a .NET Core example -In a second phase, the trusted registry will be used and implemented. +In a second phase, the trusted registry will be used and implemented with an improved verification process -## Notes -- Does OIDC even work with Trinsic? -- Wallets from other providers do not work -- Trinsic wallet does not work -- Platform documentation do not match the APIs (options.AuthToken = configuration["TrinsicOptions:ApiKey"];) -- No clear docs how to implement this basic flow using OIDC -- Weak user authentication +## Debugging, Setup -## Create Issuer Wallet +### TrinsicV2WebWallet +```json ``` -var request = new CreateWalletRequest -{ - EcosystemId = "--your eco system id--", - Description = "wallet to issue university diplomas" -}; -var createWalletResponse = await _trinsicService.Wallet.CreateWalletAsync(request); +### CompanyXHumanResources -var test = createWalletResponse.AuthToken; -``` - -or this: +The verifier credentials +```json +"TrinsicCompanyXHumanResourcesOptions": { + "Ecosystem": "--in-youe-secrets--", + "ApiKey": "--in-youe-secrets--" +}, ``` -var request = new CreateWalletRequest -{ - EcosystemId = "--your eco system id--", - Description = "wallet to issue university diplomas", - Identity = new CreateWalletRequest.Types.ExternalIdentity - { - Identity = "--email of identity--", - Provider = Trinsic.Services.Provider.V1.IdentityProvider.Email - } -}; -var createWalletResponse = await _trinsicService.Wallet.CreateWalletAsync(request); - -var authToken = createWalletResponse.AuthToken; + +### Univeristy + +The University application requires the trinsic uni credentials, the data for the issuer wallet and a SQL database to store the data. + +An Azure App registration with a web setup is used to setup the application authentication. (OpenID Connect confidential client code flow with PKCE) + +```json +"TrinsicOptions": { + "Ecosystem": "--in-your-user-secrets--", + "ApiKey": "--in-your-user-secrets--" + "IssuerAuthToken": "--in-your-user-secrets--", + "IssuerWalletId": "--in-your-user-secrets--", +}, +"AzureAd": { + "Instance": "https://login.microsoftonline.com/", + "Domain": "damienbodsharepoint.onmicrosoft.com", + "TenantId": "5698af84-5720-4ff0-bdc3-9d9195314244", + "ClientId": "3f1d78ea-06d6-4d77-909f-4d398388e900", + "CallbackPath": "/signin-oidc" + //"ClientSecret": "--in-your-secrets--" +}, ``` + ## Database ``` diff --git a/src/University/appsettings.json b/src/University/appsettings.json index 8174c57..c072667 100644 --- a/src/University/appsettings.json +++ b/src/University/appsettings.json @@ -5,9 +5,6 @@ // "IssuerAuthToken": "--in-your-user-secrets--", // "IssuerWalletId": "--in-your-user-secrets--", //}, - "ConnectionStrings": { - "DefaultConnection": "Data Source=.;Initial Catalog=UniversitySsi;Integrated Security=True;TrustServerCertificate=True;" - }, "AzureAd": { "Instance": "https://login.microsoftonline.com/", "Domain": "damienbodsharepoint.onmicrosoft.com", @@ -16,6 +13,9 @@ "CallbackPath": "/signin-oidc" //"ClientSecret": "--in-your-secrets--" }, + "ConnectionStrings": { + "DefaultConnection": "Data Source=.;Initial Catalog=UniversitySsi;Integrated Security=True;TrustServerCertificate=True;" + }, "Serilog": { "MinimumLevel": { "Default": "Debug",