From 4dd91fe4924219749f10a23d995e308eeeb6bca2 Mon Sep 17 00:00:00 2001 From: Ariel Gentile Date: Tue, 9 Jul 2024 19:06:10 -0300 Subject: [PATCH 1/3] feat: custom wallet URI scheme Signed-off-by: Ariel Gentile --- charts/vc-authn-oidc/README.md | 1 + charts/vc-authn-oidc/templates/deployment.yaml | 2 ++ docker/docker-compose.yaml | 1 + docker/manage | 1 + docs/ConfigurationGuide.md | 1 + oidc-controller/api/core/config.py | 1 + oidc-controller/api/routers/oidc.py | 3 ++- 7 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/vc-authn-oidc/README.md b/charts/vc-authn-oidc/README.md index f0aea4b6..38d68fb9 100644 --- a/charts/vc-authn-oidc/README.md +++ b/charts/vc-authn-oidc/README.md @@ -96,6 +96,7 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `useOobPresentProof` | if True, the present-proof request will be provided as a an [out of band](https://github.com/hyperledger/aries-rfcs/tree/main/features/0434-outofband) invitation with a [present-proof](https://github.com/hyperledger/aries-rfcs/tree/main/features/0037-present-proof) request inside. If False, the present-proof request will be use the [service-decorator](https://github.com/hyperledger/aries-rfcs/tree/main/features/0056-service-decorator) | `false` | | `useOobLocalDIDService` | | `false` | | `useUrlDeepLink` | if True, will use the new encoded URL (`didcomm://?_url={redirect URL}`) redirect form of the deep link | `false` | +| `walletDeepLinkUriScheme` | Custom URI scheme to use for deep link when using encoded connection invitation (`{walletDeepLinkUriScheme}://aries_proof-request?c_i={connection payload`) | `bcwallet` | | `controllerCameraRedirectUrl` | The redirect url can be a web link or the name of a template | `wallet_howto` | | `controllerPresentationExpireTime` | The number of time in seconds a proof request will be valid for | `300` | | `useHTTPS` | Prepend Agent and Admin URLs with `https` | `true` | diff --git a/charts/vc-authn-oidc/templates/deployment.yaml b/charts/vc-authn-oidc/templates/deployment.yaml index 76a2d4c6..712d4427 100644 --- a/charts/vc-authn-oidc/templates/deployment.yaml +++ b/charts/vc-authn-oidc/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: {{ .Values.useOobPresentProof | quote }} - name: USE_URL_DEEP_LINK value: {{ .Values.useUrlDeepLink | quote }} + - name: WALLET_DEEP_LINK_URI_SCHEME + value: {{ .Values.walletDeepLinkUriScheme }} - name: SET_NON_REVOKED value: {{ .Values.setNonRevoked | quote }} - name: ACAPY_TENANCY diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 3d8bf160..7d1652d8 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -37,6 +37,7 @@ services: - USE_OOB_PRESENT_PROOF=${USE_OOB_PRESENT_PROOF} - USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE} - USE_URL_DEEP_LINK=${USE_URL_DEEP_LINK} + - WALLET_DEEP_LINK_URI_SCHEME=${WALLET_DEEP_LINK_URI_SCHEME} ports: - ${CONTROLLER_SERVICE_PORT}:5000 - 5678:5678 diff --git a/docker/manage b/docker/manage index 017767a0..61f6fa22 100755 --- a/docker/manage +++ b/docker/manage @@ -184,6 +184,7 @@ configureEnvironment() { export USE_OOB_PRESENT_PROOF=${USE_OOB_PRESENT_PROOF:-"false"} export USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE:-"true"} export USE_URL_DEEP_LINK=${USE_URL_DEEP_LINK:-"false"} + export WALLET_DEEP_LINK_URI_SCHEME=${WALLET_DEEP_LINK_URI_SCHEME:-"bcwallet"} # agent export AGENT_TENANT_MODE="${AGENT_TENANT_MODE:-single}" diff --git a/docs/ConfigurationGuide.md b/docs/ConfigurationGuide.md index 1ecc7231..28fca1a7 100644 --- a/docs/ConfigurationGuide.md +++ b/docs/ConfigurationGuide.md @@ -80,6 +80,7 @@ Several functions in VC-AuthN can be tweaked by using the following environment | USE_OOB_PRESENT_PROOF | bool | if True, the present-proof request will be provided as a an [out of band](https://github.com/hyperledger/aries-rfcs/tree/main/features/0434-outofband) invitation with a [present-proof](https://github.com/hyperledger/aries-rfcs/tree/main/features/0037-present-proof) request inside. If False, the present-proof request will be use the [service-decorator](https://github.com/hyperledger/aries-rfcs/tree/main/features/0056-service-decorator) | **TRUE:** BC Wallet supports our OOB Message with a minor glitch, BiFold, Lissi, Trinsic, and Estatus all read the QR code as 'Invalid' | | USE_OOB_LOCAL_DID_SERVICE | bool | Instructs VC-AuthN to use a local DID, it must be used when the agent service is not registered on the ledger with a public DID | Use this when `ACAPY_WALLET_LOCAL_DID` is set to `true` in the agent. | | USE_URL_DEEP_LINK | bool | If True, in Mobile mode the BC Wallet deep link will use an encoded URL (`didcomm://?_url={redirect URL}`), otherwise will use the encoded connection (`bcwallet://aries_proof-request?c_i={connection payload}`) | Default False/.. To control using the new `?_url` handler, which is not in a public release of BC Wallet yet | +| WALLET_DEEP_LINK_URI_SCHEME | string | Custom URI scheme to use for deep link when using encoded connection invitation (`{WALLET_DEEP_LINK_URI_SCHEME}://aries_proof-request?c_i={connection payload`) | Default bcwallet | | LOG_WITH_JSON | bool | If True, logging output should printed as JSON if False it will be pretty printed. | Default behavior will print as JSON. | | LOG_TIMESTAMP_FORMAT | string | determines the timestamp formatting used in logs | Default is "iso" | | LOG_LEVEL | "DEBUG", "INFO", "WARNING", or "ERROR" | sets the minimum log level that will be printed to standard out | Defaults to DEBUG | diff --git a/oidc-controller/api/core/config.py b/oidc-controller/api/core/config.py index 4955ac50..5abde899 100644 --- a/oidc-controller/api/core/config.py +++ b/oidc-controller/api/core/config.py @@ -222,6 +222,7 @@ class GlobalConfig(BaseSettings): os.environ.get("USE_OOB_LOCAL_DID_SERVICE", True) ) USE_URL_DEEP_LINK: bool = strtobool(os.environ.get("USE_URL_DEEP_LINK", False)) + WALLET_DEEP_LINK_URI_SCHEME: str = os.environ.get("WALLET_DEEP_LINK_URI_SCHEME", "bcwallet") SET_NON_REVOKED: bool = strtobool(os.environ.get("SET_NON_REVOKED", True)) model_config = ConfigDict(case_sensitive=True) diff --git a/oidc-controller/api/routers/oidc.py b/oidc-controller/api/routers/oidc.py index 622f069c..ba693b1c 100644 --- a/oidc-controller/api/routers/oidc.py +++ b/oidc-controller/api/routers/oidc.py @@ -168,7 +168,8 @@ async def get_authorize(request: Request, db: Database = Depends(get_db)): ) else: suffix = f'c_i={base64.b64encode(formated_msg.encode("utf-8")).decode("utf-8")}' - wallet_deep_link = f"bcwallet://aries_proof-request?{suffix}" + wallet_deep_link_uri_scheme = settings.WALLET_DEEP_LINK_URI_SCHEME + wallet_deep_link = f"{wallet_deep_link_uri_scheme}://aries_proof-request?{suffix}" # This is the payload to send to the template data = { From 37be6e096c9e792b788dc1a728a04d1d5e09d385 Mon Sep 17 00:00:00 2001 From: Ariel Gentile Date: Tue, 9 Jul 2024 19:46:18 -0300 Subject: [PATCH 2/3] style: fix line length Signed-off-by: Ariel Gentile --- oidc-controller/api/core/config.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/oidc-controller/api/core/config.py b/oidc-controller/api/core/config.py index 5abde899..a94033ae 100644 --- a/oidc-controller/api/core/config.py +++ b/oidc-controller/api/core/config.py @@ -222,7 +222,9 @@ class GlobalConfig(BaseSettings): os.environ.get("USE_OOB_LOCAL_DID_SERVICE", True) ) USE_URL_DEEP_LINK: bool = strtobool(os.environ.get("USE_URL_DEEP_LINK", False)) - WALLET_DEEP_LINK_URI_SCHEME: str = os.environ.get("WALLET_DEEP_LINK_URI_SCHEME", "bcwallet") + WALLET_DEEP_LINK_URI_SCHEME: str = os.environ.get( + "WALLET_DEEP_LINK_URI_SCHEME", + "bcwallet") SET_NON_REVOKED: bool = strtobool(os.environ.get("SET_NON_REVOKED", True)) model_config = ConfigDict(case_sensitive=True) From a26e9713713b1d79c48c183120a7897b23cd2254 Mon Sep 17 00:00:00 2001 From: Ariel Gentile Date: Wed, 10 Jul 2024 09:12:09 -0300 Subject: [PATCH 3/3] refactor: complete deep link prefix instead of just URI scheme Signed-off-by: Ariel Gentile --- charts/vc-authn-oidc/README.md | 2 +- charts/vc-authn-oidc/templates/deployment.yaml | 4 ++-- charts/vc-authn-oidc/values.yaml | 4 +++- docker/docker-compose.yaml | 2 +- docker/manage | 2 +- docs/ConfigurationGuide.md | 4 ++-- oidc-controller/api/core/config.py | 6 +++--- oidc-controller/api/routers/oidc.py | 4 ++-- 8 files changed, 15 insertions(+), 13 deletions(-) diff --git a/charts/vc-authn-oidc/README.md b/charts/vc-authn-oidc/README.md index 38d68fb9..276c057a 100644 --- a/charts/vc-authn-oidc/README.md +++ b/charts/vc-authn-oidc/README.md @@ -96,7 +96,7 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release | `useOobPresentProof` | if True, the present-proof request will be provided as a an [out of band](https://github.com/hyperledger/aries-rfcs/tree/main/features/0434-outofband) invitation with a [present-proof](https://github.com/hyperledger/aries-rfcs/tree/main/features/0037-present-proof) request inside. If False, the present-proof request will be use the [service-decorator](https://github.com/hyperledger/aries-rfcs/tree/main/features/0056-service-decorator) | `false` | | `useOobLocalDIDService` | | `false` | | `useUrlDeepLink` | if True, will use the new encoded URL (`didcomm://?_url={redirect URL}`) redirect form of the deep link | `false` | -| `walletDeepLinkUriScheme` | Custom URI scheme to use for deep link when using encoded connection invitation (`{walletDeepLinkUriScheme}://aries_proof-request?c_i={connection payload`) | `bcwallet` | +| `walletDeepLinkPrefix` | Custom URI scheme and host to use for deep links (`{walletDeepLinkPrefix}?c_i={connection payload`) | `bcwallet://aries_proof-request` | | `controllerCameraRedirectUrl` | The redirect url can be a web link or the name of a template | `wallet_howto` | | `controllerPresentationExpireTime` | The number of time in seconds a proof request will be valid for | `300` | | `useHTTPS` | Prepend Agent and Admin URLs with `https` | `true` | diff --git a/charts/vc-authn-oidc/templates/deployment.yaml b/charts/vc-authn-oidc/templates/deployment.yaml index 712d4427..400749b1 100644 --- a/charts/vc-authn-oidc/templates/deployment.yaml +++ b/charts/vc-authn-oidc/templates/deployment.yaml @@ -75,8 +75,8 @@ spec: value: {{ .Values.useOobPresentProof | quote }} - name: USE_URL_DEEP_LINK value: {{ .Values.useUrlDeepLink | quote }} - - name: WALLET_DEEP_LINK_URI_SCHEME - value: {{ .Values.walletDeepLinkUriScheme }} + - name: WALLET_DEEP_LINK_PREFIX + value: {{ .Values.walletDeepLinkPrefix }} - name: SET_NON_REVOKED value: {{ .Values.setNonRevoked | quote }} - name: ACAPY_TENANCY diff --git a/charts/vc-authn-oidc/values.yaml b/charts/vc-authn-oidc/values.yaml index a3be70f3..fb0957b3 100644 --- a/charts/vc-authn-oidc/values.yaml +++ b/charts/vc-authn-oidc/values.yaml @@ -30,8 +30,10 @@ setNonRevoked: true useOobPresentProof: false ## @param useOobLocalDIDService useOobLocalDIDService: false -## @param useUrlDeepLink if True, will use the new encoded URL (didcomm://?_url={redirect URL}) redirect form of the deep link +## @param useUrlDeepLink if True, will use the new encoded URL (e.g. bcwallet://aries_proof-request?_url={redirect URL}) redirect form of the deep link useUrlDeepLink: false +## @param walletDeepLinkPrefix URI scheme and host to use in deep links ((e.g. `{WALLET_DEEP_LINK_PREFIX}?c_i={connection invitation payload`)) +walletDeepLinkPrefix: bcwallet://aries_proof-request ## @param controllerCameraRedirectUrl The redirect url can be a web link or the name of a template controllerCameraRedirectUrl: wallet_howto ## @param controllerPresentationExpireTime The number of time in seconds a proof request will be valid for diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 7d1652d8..526478f8 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -37,7 +37,7 @@ services: - USE_OOB_PRESENT_PROOF=${USE_OOB_PRESENT_PROOF} - USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE} - USE_URL_DEEP_LINK=${USE_URL_DEEP_LINK} - - WALLET_DEEP_LINK_URI_SCHEME=${WALLET_DEEP_LINK_URI_SCHEME} + - WALLET_DEEP_LINK_PREFIX=${WALLET_DEEP_LINK_PREFIX} ports: - ${CONTROLLER_SERVICE_PORT}:5000 - 5678:5678 diff --git a/docker/manage b/docker/manage index 61f6fa22..577a2616 100755 --- a/docker/manage +++ b/docker/manage @@ -184,7 +184,7 @@ configureEnvironment() { export USE_OOB_PRESENT_PROOF=${USE_OOB_PRESENT_PROOF:-"false"} export USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE:-"true"} export USE_URL_DEEP_LINK=${USE_URL_DEEP_LINK:-"false"} - export WALLET_DEEP_LINK_URI_SCHEME=${WALLET_DEEP_LINK_URI_SCHEME:-"bcwallet"} + export WALLET_DEEP_LINK_PREFIX=${WALLET_DEEP_LINK_PREFIX:-"bcwallet://aries_proof-request"} # agent export AGENT_TENANT_MODE="${AGENT_TENANT_MODE:-single}" diff --git a/docs/ConfigurationGuide.md b/docs/ConfigurationGuide.md index 28fca1a7..ecdbd9bf 100644 --- a/docs/ConfigurationGuide.md +++ b/docs/ConfigurationGuide.md @@ -79,8 +79,8 @@ Several functions in VC-AuthN can be tweaked by using the following environment | SET_NON_REVOKED | bool | if True, the `non_revoked` attributed will be added to each of the present-proof request `requested_attribute` and `requested_predicate` with 'from=0' and'to=`int(time.time())` | | | USE_OOB_PRESENT_PROOF | bool | if True, the present-proof request will be provided as a an [out of band](https://github.com/hyperledger/aries-rfcs/tree/main/features/0434-outofband) invitation with a [present-proof](https://github.com/hyperledger/aries-rfcs/tree/main/features/0037-present-proof) request inside. If False, the present-proof request will be use the [service-decorator](https://github.com/hyperledger/aries-rfcs/tree/main/features/0056-service-decorator) | **TRUE:** BC Wallet supports our OOB Message with a minor glitch, BiFold, Lissi, Trinsic, and Estatus all read the QR code as 'Invalid' | | USE_OOB_LOCAL_DID_SERVICE | bool | Instructs VC-AuthN to use a local DID, it must be used when the agent service is not registered on the ledger with a public DID | Use this when `ACAPY_WALLET_LOCAL_DID` is set to `true` in the agent. | -| USE_URL_DEEP_LINK | bool | If True, in Mobile mode the BC Wallet deep link will use an encoded URL (`didcomm://?_url={redirect URL}`), otherwise will use the encoded connection (`bcwallet://aries_proof-request?c_i={connection payload}`) | Default False/.. To control using the new `?_url` handler, which is not in a public release of BC Wallet yet | -| WALLET_DEEP_LINK_URI_SCHEME | string | Custom URI scheme to use for deep link when using encoded connection invitation (`{WALLET_DEEP_LINK_URI_SCHEME}://aries_proof-request?c_i={connection payload`) | Default bcwallet | +| USE_URL_DEEP_LINK | bool | If True, in Mobile mode the BC Wallet deep link will use an encoded URL (`WALLET_DEEP_LINK_PREFIX?_url={redirect URL}`), otherwise will use the encoded connection invitation (`{WALLET_DEEP_LINK_PREFIX}?c_i={connection invitation payload}`) | Default False/.. To control using the new `?_url` handler, which is not in a public release of BC Wallet yet | +| WALLET_DEEP_LINK_PREFIX | string | Custom URI scheme and host to use for deep links (e.g. `{WALLET_DEEP_LINK_PREFIX}?c_i={connection invitation payload`) | Default bcwallet://aries_proof-request | | LOG_WITH_JSON | bool | If True, logging output should printed as JSON if False it will be pretty printed. | Default behavior will print as JSON. | | LOG_TIMESTAMP_FORMAT | string | determines the timestamp formatting used in logs | Default is "iso" | | LOG_LEVEL | "DEBUG", "INFO", "WARNING", or "ERROR" | sets the minimum log level that will be printed to standard out | Defaults to DEBUG | diff --git a/oidc-controller/api/core/config.py b/oidc-controller/api/core/config.py index a94033ae..53308718 100644 --- a/oidc-controller/api/core/config.py +++ b/oidc-controller/api/core/config.py @@ -222,9 +222,9 @@ class GlobalConfig(BaseSettings): os.environ.get("USE_OOB_LOCAL_DID_SERVICE", True) ) USE_URL_DEEP_LINK: bool = strtobool(os.environ.get("USE_URL_DEEP_LINK", False)) - WALLET_DEEP_LINK_URI_SCHEME: str = os.environ.get( - "WALLET_DEEP_LINK_URI_SCHEME", - "bcwallet") + WALLET_DEEP_LINK_PREFIX: str = os.environ.get( + "WALLET_DEEP_LINK_PREFIX", + "bcwallet://aries_proof-request") SET_NON_REVOKED: bool = strtobool(os.environ.get("SET_NON_REVOKED", True)) model_config = ConfigDict(case_sensitive=True) diff --git a/oidc-controller/api/routers/oidc.py b/oidc-controller/api/routers/oidc.py index ba693b1c..5a844fd6 100644 --- a/oidc-controller/api/routers/oidc.py +++ b/oidc-controller/api/routers/oidc.py @@ -168,8 +168,8 @@ async def get_authorize(request: Request, db: Database = Depends(get_db)): ) else: suffix = f'c_i={base64.b64encode(formated_msg.encode("utf-8")).decode("utf-8")}' - wallet_deep_link_uri_scheme = settings.WALLET_DEEP_LINK_URI_SCHEME - wallet_deep_link = f"{wallet_deep_link_uri_scheme}://aries_proof-request?{suffix}" + WALLET_DEEP_LINK_PREFIX = settings.WALLET_DEEP_LINK_PREFIX + wallet_deep_link = f"{WALLET_DEEP_LINK_PREFIX}?{suffix}" # This is the payload to send to the template data = {