Restful API for the Credential issuer of the Digital Democracy and Data Commons pilot project |
---|
Credential issuer API is part of the DDDC. Digital Democracy and Data Commons is a pilot participatory process oriented to test a new technology to improve the digital democracy platform Decidim and to collectively imagine the data politics of the future. This pilot takes place in the context of the European project DECODE (Decentralized Citizen Owned Data Ecosystem) that aims to construct legal, technological, and socioeconomic tools that allow citizens to take back control over their data and technological sovereignty. Our effort is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles using algorithms that can be deployed in any situation without any change.
🚩 Table of Contents (click to expand)
This requires docker to be installed
git clone --recursive https://github.com/DECODEproject/dddc-credential-issuer.git
cd dddc-credential-issuer
./start.sh
This will clone the project and all submodules of the project (--recursive is important)
then by lunching the start.sh
will create a docker container with all the dependencies correctly
configured.
Head your browser to:
SWAGGER UI: http://0.0.0.0/docs/
API: http://0.0.0.0/
for the authentication in the SWAGGER UI over the calls, that need the OAuth2 and JWT token please use the following credentials:
username | password |
---|---|
demo | demo |
NB: client_id
and client_secret
are not mandatory and should be empty
To locally run you need to run over a the API project over an ASGI server like uvicorn.
Assuming you are already cloned the project as described on Getting started with the
submodules and already cd
into your project directory dddc-credential-issuer
you need the following steps
- create a
virtualenv
- activate the virtualenv
- upgrade the pip
- install dependencies
- install the ASGI serve
- run locally the API
python3 -m venv venv
. venv/bin/activate
pip install --upgrade pip
pip install -e .
pip install uvicorn
uvicorn app.main:api --debug
This API server is meant for the Credential Issuing of the DDDC Project part of the
This will handle both the credential issuing with Coconut (for the wallet) and the interaction with the DDDC Site as described here
docker build -t dddc-credential-issuer .
docker run --rm -p 80:80 -e APP_MODULE="app.main:api" -e LOG_LEVEL="debug" -it dddc-credential-issuer
All the options are documented on here
All the parameters and format of the input are documented on the swagger, below you'll find a quick description of each endpoint
This returns a valid JWT to be used over OAuth2 covered calls in the Bearer
header
Creates an Authorizable Attibute as defined on here
it contains an authorizable_attribute_id
and a authorizable_attribute_info
in form of a list of objects
each one with a key and values
This will create the rules to allow people to obtain a credential. Each credential
will have it's own keypair (in form of a Credential Issuer Keypair, Coconut flow 03)
and the public verification_key
will be printed as a result
IoT vs. DDDC the real difference between the two use-cases is to allowing reissue the credentials
for the same user. To differenciate this behaviout each Authorizable Attibute has a boolean parameter reissuable
that should be passed. IoT want to pass it as true
to allow reissuing of the credentials.
This allows to retrieve the Authorizable Attibute by the authorizable_attribute_id
This will contain the ruleset and the verification_key
This will check that the information provided are a correct subset of the information of the Authorizable Attribute and if they are correct it will sign (add a sigma_tilde) and release a credential for the user (coconut flow 05)
Gives back the Credential Issuer ci_unique_id
a string that identifies the credential issue instance.
All the configuration should be available under an .ini file. By default the configuration file is config.ini
Define a environment variable DDDC_CREDENTIAL_ISSUER_CONFIGFILE with the absolute path of the file like:
export DDDC_CREDENTIAL_ISSUER_CONFIGFILE=/srv/some/secure/place/production.ini
You are encouraged to do this and edit the config file with your real data.
name | description | values |
---|---|---|
debug | This should be off in production add some verbose logging | true or false |
uid | The ci_unique_id . A string that identifies the credential issue instance |
string |
keypair | The secret keypair path of the Credential Issuer, if the file does not exists, it is created the first a request is run | file absolute path |
contracts_path | The path of the Zencode smart contracts for now a submodule of dddc-pilot-contracts | directory absolute path |
ALGORITHM | The algorithm used for the JWT generation |
available algorithms |
ACCESS_TOKEN_EXPIRE_MINUTES | Minutes of validity of the JWT tokens | int |
SQLALCHEMY_DATABASE_URI | The url of your relational database (sqlite is tested by now) | SQLAlchemy Database URL |
python3 setup.py test
To run the credential-issuer
in debug mode, please run it in local and activate --debug
when you launch the ASGI
uvicorn server.
Set the LOG_LEVEL="debug"
ENVIRONMENT VARIABLE that is used by uvicorn
and starlette
.
Configure your config.ini
and set the
debug = true
Copyright ©️ 2019 by Dyne.org foundation, Amsterdam
Designed, written and maintained by Puria Nafisi Azizi Dyne.org.
With design contributions by Oleguer 'Ula' Sagarra dribia.com.
Special thanks to Denis 'Jaromil' Roio and Andrea D'Intino for their expert reviews.
This project is receiving funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement nr. 732546 (DECODE).
https://dddc.decodeproject.eu/
Please first take a look at the Dyne.org - Contributor License Agreement then
- 🔀 FORK IT
- Create your feature branch
git checkout -b feature/branch
- Commit your changes
git commit -am 'Add some fooBar'
- Push to the branch
git push origin feature/branch
- Create a new Pull Request
- 🙏 Thank you
DDDC Credential Issuer API
Copyright (c) 2019 Dyne.org foundation, Amsterdam
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.