docs: update backend services | libraries section for inji-mobile#15
docs: update backend services | libraries section for inji-mobile#15KiruthikaJeyashankar wants to merge 4 commits into
Conversation
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
WalkthroughBackend-services documentation was restructured: TOC/README entries renamed, eSignet.md and inji-certify.md removed and replaced by new login-using-credential.md and issuer.md pages, and mimoto.md rewritten with expanded configuration, OIDC token, and verifier-list sections. Separately, pixelpass.md was reorganized into Availability, Features, APIs Overview, and Use Cases sections. ChangesBackend Services Documentation Rework
Estimated code review effort: 2 (Simple) | ~12 minutes PixelPass Integration Guide Rewrite
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related issues
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
fba7842 to
22275f9
Compare
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md`:
- Around line 29-33: The credential endpoint block in issuer.md uses a signed
OpenAPI asset URL that has expired, so the rendered docs will contain a dead
link. Update the openapi-operation reference for /vci/credential to use a
stable, non-expiring asset source or a publishing-time generated link, keeping
the surrounding Inji Certify documentation reference intact.
- Around line 5-8: The Issuer overview incorrectly implies that Inji Certify
authenticates users; update the wording in the Issuer section to keep
authentication separate from issuance. Rephrase the description around Inji
Certify so it only covers issuing Verifiable Credentials via OpenID4VCI, and
make clear that user login/authentication is handled by the authorization server
before the issuer is involved.
In
`@inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md`:
- Around line 42-81: The OpenAPI embeds in the authentication flow docs use
time-limited cloudflarestorage signed URLs, and the lingering TODO shows this
page is still unfinished. Update the Link Login Transaction, Authenticate User,
and Submit User Consent sections to reference a stable OpenAPI asset/source
through the existing openapi-operation usage, then remove the TODO comment so
the page no longer depends on stale signatures.
In `@inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md`:
- Around line 14-16: The OpenAPI embeds in mimoto.md are all pointing to a
signed, expiring R2 asset, so the rendered docs will eventually break. Update
every {% swagger %} block on this page to use a stable, non-expiring source or
asset instead of the signed mimoto (1).json URL, and make sure all repeated
embeds in the page are switched consistently.
- Line 92: The heading hierarchy is skipped in the Property Descriptions
section, which triggers markdown linting. Update the Property Descriptions
heading in mimoto.md to use the correct intermediate level (for example, align
it with the surrounding section headings like `###`), keeping the document’s
heading structure consistent and lint-clean.
In
`@inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/pixelpass.md`:
- Around line 28-47: The APIs Overview in pixelpass.md is inconsistent: it
claims six primary APIs but lists seven entries, including toJson. Update the
overview in the PixelPass API list so the stated count matches the actual number
of APIs, and make sure the summary and bullet list stay aligned with the public
methods named generateQRCode, generateQRData, decode, decodeBinary,
getMappedData, decodeMappedData, and toJson.
- Around line 48-84: The QR flow description is inaccurate:
`pixelPass.generateQRData(data, header)` returns the encoded base45 payload, not
the final QR image. Update the wording in the PixelPass use case section to say
the wallet first generates the payload with `generateQRData`, then renders that
payload as a QR code for sharing or scanning; keep the rest of the flow aligned
with the Inji Wallet and Inji Verify integration descriptions.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 8a3b5e74-138e-401e-b7e2-b89938786d40
⛔ Files ignored due to path filters (2)
.gitbook/assets/verify-decode.pngis excluded by!**/*.png.gitbook/assets/wallet-encode.pngis excluded by!**/*.png
📒 Files selected for processing (9)
.gitbook/assets/mimoto (1).jsonSUMMARY.mdinji-wallet/inji-mobile/technical-overview/backend-services/README.mdinji-wallet/inji-mobile/technical-overview/backend-services/esignet.mdinji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.mdinji-wallet/inji-mobile/technical-overview/backend-services/issuer.mdinji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.mdinji-wallet/inji-mobile/technical-overview/backend-services/mimoto.mdinji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/pixelpass.md
💤 Files with no reviewable changes (2)
- inji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.md
- inji-wallet/inji-mobile/technical-overview/backend-services/esignet.md
| {% openapi-operation spec="api" path="/vci/credential" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| > **For more details**: Refer to the [Inji Certify Documentation](../../../../inji-certify/overview/README.md) to understand credential issuance workflows. |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift
Replace the signed OpenAPI asset link.
This signed R2 URL is already past its expiry window, so the credential endpoint block will render a dead link in published docs. Please point it at a stable asset or regenerate the spec link during publishing.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md` around
lines 29 - 33, The credential endpoint block in issuer.md uses a signed OpenAPI
asset URL that has expired, so the rendered docs will contain a dead link.
Update the openapi-operation reference for /vci/credential to use a stable,
non-expiring asset source or a publishing-time generated link, keeping the
surrounding Inji Certify documentation reference intact.
| ### Link Login Transaction | ||
| After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code. | ||
|
|
||
| {% openapi-operation spec="api" path="/linked-authorization/v2/link-transaction" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| ### Authenticate User | ||
|
|
||
| After successful face authentication, the wallet authenticates the user. | ||
|
|
||
| {% openapi-operation spec="api" path="/linked-authorization/v2/authenticate" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| ### Submit User Consent | ||
|
|
||
| Once the user approves the requested claims, the wallet submits the consent. | ||
|
|
||
| {% openapi-operation spec="api" path="/linked-authorization/v2/consent" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| --- | ||
|
|
||
| ## Benefits | ||
|
|
||
| * Passwordless authentication using digital credentials. | ||
| * User-controlled sharing of identity attributes. | ||
| * Explicit consent before any information is shared. | ||
| * Reusable across multiple service provider portals. | ||
| * Secure authentication using trusted verifiable credentials. | ||
|
|
||
| --- | ||
|
|
||
| ## Reference | ||
|
|
||
| For details about the Wallet Authentication APIs, refer to the [eSignet Wallet Authenticator documentation](https://docs.esignet.io/esignet-authentication/develop/integration/wallet/wallet-authenticator#wallet-authentication-apis) | ||
|
|
||
| [//]: # (TODO: Fix swagger esignet links) No newline at end of file |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift
Replace the signed OpenAPI assets and remove the TODO.
These cloudflarestorage.com links are time-limited; the June 19, 2026 signatures are already stale, so the API embeds will break on rebuild. The trailing TODO confirms this page still isn’t finished. Please switch to a stable asset/source before publishing.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md`
around lines 42 - 81, The OpenAPI embeds in the authentication flow docs use
time-limited cloudflarestorage signed URLs, and the lingering TODO shows this
page is still unfinished. Update the Link Login Transaction, Authenticate User,
and Submit User Consent sections to reference a stable OpenAPI asset/source
through the existing openapi-operation usage, then remove the TODO comment so
the page no longer depends on stale signatures.
| {% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/issuers" method="get" %} | ||
| [mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) | ||
| {% endswagger %} |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift
Replace the signed swagger assets throughout this page.
Every OpenAPI embed here points at the same signed R2 object with a June 19, 2026 timestamp and a 2-day TTL, so the rendered docs will break after the signature expires. Please point these blocks at a stable asset/source instead.
Also applies to: 23-25, 41-43, 47-49, 67-69, 129-131
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md` around
lines 14 - 16, The OpenAPI embeds in mimoto.md are all pointing to a signed,
expiring R2 asset, so the rendered docs will eventually break. Update every {%
swagger %} block on this page to use a stable, non-expiring source or asset
instead of the signed mimoto (1).json URL, and make sure all repeated embeds in
the page are switched consistently.
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
22275f9 to
34910b9
Compare
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Summary by CodeRabbit