diff --git a/.gitbook/assets/mimoto (1).json b/.gitbook/assets/mimoto (1).json index e305d51..f9363ea 100644 --- a/.gitbook/assets/mimoto (1).json +++ b/.gitbook/assets/mimoto (1).json @@ -14,7 +14,7 @@ }, "servers": [ { - "url": "https://api.collab.mosip.net/residentmobileapp", + "url": "https://api.collab.mosip.net/v1/mimoto", "description": "For Swagger" } ], @@ -60,13 +60,17 @@ "type": "string" }, "str": { - "type": "null" + "type": "string", + "nullable": true }, "responsetime": { - "type": "null" + "type": "string", + "format": "date-time", + "nullable": true }, "metadata": { - "type": "null" + "type": "object", + "nullable": true }, "response": { "type": "object", @@ -80,7 +84,19 @@ } }, "errors": { - "type": "null" + "type": "array", + "items": { + "type": "object", + "properties": { + "errorCode": { + "type": "string" + }, + "errorMessage": { + "type": "string" + } + } + }, + "nullable": true } }, "x-examples": { @@ -119,9 +135,274 @@ } }, "description": "Request new otp", + "tags": [ + "Credential Download - OTP Flow" + ], "summary": "Generate Credential - Request Otp" } }, + "/verifiers": { + "get": { + "operationId": "getAllTrustedVerifiers", + "tags": [ + "Verifiers" + ], + "description": "This API retrieves all trusted verifiers for Inji Wallet.", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "verifiers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "client_id": { + "type": "string" + }, + "redirect_uris": { + "type": "array", + "items": { + "type": "string" + } + }, + "response_uris": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "examples": { + "Success response": { + "value": { + "verifiers": [ + { + "client_id": "https://injiverify.collab.mosip.net", + "redirect_uris": [ + "https://injiverify.collab.mosip.net/redirect" + ], + "response_uris": [ + "https://injiverify.collab.mosip.net/redirect" + ] + } + ] + } + }, + "Failure response": { + "value": { + "id": null, + "version": "v1", + "responsetime": "2022-10-31T05:07:34.789Z", + "metadata": null, + "response": null, + "errors": [ + { + "errorCode": "VERIFIER-API-26", + "errorMessage": "API not accessible failure" + } + ] + } + } + } + } + } + } + } + } + }, + "/get-token/{issuer}": { + "post": { + "tags": [ + "Credentials Download" + ], + "summary": "Retrieve accessToken for OIDC flow", + "description": "This endpoint allows you to retrieve the access token in exchange for the authorization code.", + "operationId": "getToken", + "parameters": [ + { + "name": "arg0", + "in": "query", + "required": true, + "schema": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + { + "name": "issuer", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + }, + "str": { + "type": "string", + "nullable": true + }, + "responsetime": { + "type": "string", + "format": "date-time" + }, + "metadata": { + "type": "object", + "nullable": true + }, + "response": { + "type": "object", + "properties": { + "access_token": { + "type": "string" + }, + "token_type": { + "type": "string" + }, + "expires_in": { + "type": "integer" + }, + "scope": { + "type": "string" + }, + "refresh_token": { + "type": "string", + "nullable": true + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "object", + "properties": { + "errorCode": { + "type": "string" + }, + "errorMessage": { + "type": "string" + } + } + }, + "nullable": true + } + } + }, + "examples": { + "Success response": { + "value": { + "id": "mosip.mimoto.issuers", + "version": "v1", + "str": null, + "responsetime": "2024-04-25T05:56:55.890Z", + "metadata": null, + "response": { + "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", + "token_type": "bearer", + "expires_in": 3600, + "scope": "mosip_identity_vc_ldp", + "refresh_token": "xyz123" + }, + "errors": [] + } + } + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "version": { + "type": "string" + }, + "str": { + "type": "string", + "nullable": true + }, + "responsetime": { + "type": "string", + "format": "date-time" + }, + "metadata": { + "type": "object", + "nullable": true + }, + "response": { + "type": "object", + "nullable": true + }, + "errors": { + "type": "array", + "items": { + "type": "object", + "properties": { + "errorCode": { + "type": "string" + }, + "errorMessage": { + "type": "string" + } + } + } + } + } + }, + "examples": { + "Failure response": { + "value": { + "id": null, + "version": "v1", + "str": null, + "responsetime": "2022-10-31T05:07:34.789Z", + "metadata": null, + "response": null, + "errors": [ + { + "errorCode": "RESIDENT-APP-26", + "errorMessage": "Api not accessible failure" + } + ] + } + } + } + } + } + } + } + } + }, "/credentialshare/request": { "post": { "operationId": "request", @@ -182,13 +463,17 @@ "type": "string" }, "str": { - "type": "null" + "type": "string", + "nullable": true }, "responsetime": { - "type": "string" + "type": "string", + "format": "date-time", + "nullable": true }, "metadata": { - "type": "null" + "type": "object", + "nullable": true }, "response": { "type": "object", @@ -202,7 +487,19 @@ } }, "errors": { - "type": "null" + "type": "array", + "items": { + "type": "object", + "properties": { + "errorCode": { + "type": "string" + }, + "errorMessage": { + "type": "string" + } + } + }, + "nullable": true } }, "x-examples": { @@ -257,6 +554,9 @@ } }, "description": "Credential request", + "tags": [ + "Credential Download - OTP Flow" + ], "summary": "Generate Credential - request new credential" } }, @@ -281,21 +581,6 @@ "schema": { "type": "object", "properties": { - "id": { - "type": "null" - }, - "version": { - "type": "null" - }, - "str": { - "type": "null" - }, - "responsetime": { - "type": "string" - }, - "metadata": { - "type": "null" - }, "response": { "type": "object", "properties": { @@ -307,24 +592,19 @@ }, "statusCode": { "type": "string" + }, + "errors": { + "type": "array", + "items": { + "type": "object", + "properties": {} + } } } - }, - "errors": { - "type": "array", - "items": { - "type": "object", - "properties": {} - } } }, "x-examples": { "Example 1": { - "id": null, - "version": null, - "str": null, - "responsetime": "2022-10-31T05:10:58.337Z", - "metadata": null, "response": { "id": "2057135194", "requestId": "2bc3bb7f-6156-46d1-ae03-bf7b76e0c257", @@ -337,11 +617,6 @@ "examples": { "success response": { "value": { - "id": null, - "version": null, - "str": null, - "responsetime": "2022-10-31T05:10:58.337Z", - "metadata": null, "response": { "id": "2057135194", "requestId": "2bc3bb7f-6156-46d1-ae03-bf7b76e0c257", @@ -356,6 +631,9 @@ } }, "description": "Credential request status", + "tags": [ + "Credential Download - OTP Flow" + ], "summary": "Generate Credential - Check Status of Credential Share" }, "parameters": [ @@ -543,9 +821,45 @@ } } }, + "tags": [ + "Credential Download - OTP Flow" + ], "summary": "Generate Credential - Download Credential" } }, + "/credentialshare/callback/notify": { + "post": { + "operationId": "handleSubscribeEvent", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/EventModel" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/GenericResponseDTO" + } + } + } + } + }, + "description": "callback uri used by websub to notify", + "summary": "Callback API - Notify when credential is ready", + "tags": [ + "Credential Download - OTP Flow" + ], + "x-internal": true + } + }, "/binding-otp": { "post": { "operationId": "bindingOtpGenerate", @@ -745,6 +1059,9 @@ } }, "summary": "Wallet Binding - Generate Otp", + "tags": [ + "Wallet Binding" + ], "description": "This api is used to generate otp for wallet binding.\nThis api is used as a proxy to call [Identity Provider - Send Binding OTP Endpoint](https://mosip.stoplight.io/docs/identity-provider/a34e5371d4876-send-binding-otp-endpoint-draft) api internally." } }, @@ -1003,190 +1320,77 @@ } }, "summary": "Wallet Binding - Bind Credential with wallet", + "tags": [ + "Wallet Binding" + ], "description": "This api is used to bind the credential with wallet.\nThis api is used as a proxy to call [Identity Provider - Wallet binding Endpoint](https://mosip.stoplight.io/docs/identity-provider/6e91115b16311-wallet-binding-endpoint) api internally." } }, - "/req/individualId/otp": { - "post": { - "operationId": "individualIdOtpRequest", + "/allProperties": { + "get": { + "operationId": "getAllProperties", "responses": { "200": { - "description": "OK", + "description": "Successfully retrieved all configurable properties for Inji.", "content": { "application/json": { "schema": { "type": "object", "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - }, - "transactionID": { - "type": "string" - }, - "responseTime": { - "type": "string" - }, - "errors": { - "type": "null" - }, "response": { "type": "object", - "properties": { - "maskedMobile": { - "type": "string" - }, - "maskedEmail": { - "type": "string" - } + "additionalProperties": { + "type": "string" } }, - "metadata": { - "type": "null" - } - }, - "x-examples": { - "Example 1": { - "id": "mosip.identity.otp.internal", - "version": "1.0", - "transactionID": "1234567890", - "responseTime": "2022-10-31T05:02:29.001Z", - "errors": null, - "response": { - "maskedMobile": "XXXXXXX187599", - "maskedEmail": "XXqXXgXXyXXpXXgXXbXXtXXhXXfXXeXXzXXtXXfXXkXXwXXsXXuXXsXXfXX8XX@mailinator.com" - }, - "metadata": null + "errors": { + "type": "array", + "items": { + "type": "object" + } } } }, "examples": { - "success response": { + "example-1": { "value": { - "id": "mosip.identity.otp.internal", - "version": "1.0", - "transactionID": "1234567890", - "responseTime": "2022-10-31T05:02:29.001Z", - "errors": null, "response": { - "maskedMobile": "XXXXXXX187599", - "maskedEmail": "XXqXXgXXyXXpXXgXXbXXtXXhXXfXXeXXzXXtXXfXXkXXwXXsXXuXXsXXfXX8XX@mailinator.com" + "internal.auth.types.allowed": "otp,bio-Finger,bio-Iris,bio-Face", + "auth.types.allowed": "demo,otp,bio-Finger,bio-Iris,bio-Face", + "ekyc.auth.types.allowed": "demo,otp,bio-Finger,bio-Iris,bio-Face" }, - "metadata": null - } - }, - "Failure response": { - "value": { - "id": null, - "version": "v1", - "transactionID": null, - "responseTime": null, - "errors": [ - { - "errorCode": "RES-SER-449", - "errorMessage": "AID is not ready" - } - ], - "response": null, - "metadata": null - } - } - } - } - } - } - }, - "description": "request otp using individual id", - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "aid": { - "type": "string" - }, - "otpChannel": { - "type": "array", - "items": { - "type": "string" + "errors": [] } - }, - "transactionID": { - "type": "string" - } - }, - "x-examples": { - "Example 1": { - "aid": "10257101921007120221029201608", - "otpChannel": [ - "EMAIL", - "PHONE" - ], - "transactionID": "1234567890" - } - } - }, - "examples": { - "example-1": { - "value": { - "aid": "10257101921007120221029201608", - "otpChannel": [ - "EMAIL", - "PHONE" - ], - "transactionID": "1234567890" } } } } } }, - "summary": "Request Otp for Application Id" + "description": "Get all configurable properties for Inji.", + "summary": "Get all Inji app properties", + "tags": [ + "Inji Config" + ] } }, - "/aid/get-individual-id": { - "post": { - "operationId": "aidGetIndividualId", - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "aid": { - "type": "string" - }, - "otp": { - "type": "string" - }, - "transactionID": { - "type": "string" - } - }, - "x-examples": { - "Example 1": { - "aid": "10257101921007120221029201609", - "otp": "111111", - "transactionID": "1234567890" - } - } - }, - "examples": { - "example-1": { - "value": { - "aid": "10257101921007120221029201609", - "otp": "111111", - "transactionID": "1234567890" - } - } - } + "/issuers": { + "get": { + "operationId": "getAllIssuers", + "parameters": [ + { + "name": "search", + "in": "query", + "required": false, + "schema": { + "type": "string" } - }, - "required": true - }, + } + ], + "tags": [ + "Trusted Issuers" + ], + "description": "This API provides data with search capability to populate the list of supported issuers in Inji Web, which is then displayed under the List of Issuers", "responses": { "200": { "description": "OK", @@ -1195,71 +1399,197 @@ "schema": { "type": "object", "properties": { - "id": { - "type": "null" - }, - "version": { - "type": "string" - }, - "str": { - "type": "null" - }, - "responsetime": { - "type": "string" - }, - "metadata": { - "type": "null" - }, - "response": { - "type": "null" - }, - "errors": { + "issuers": { "type": "array", "items": { "type": "object", "properties": { - "errorCode": { + "issuer_id": { "type": "string" }, - "errorMessage": { + "protocol": { + "type": "string" + }, + "display": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "logo": { + "type": "object", + "properties": { + "url": { + "type": "string" + }, + "alt_text": { + "type": "string" + } + } + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "language": { + "type": "string" + } + } + } + }, + "client_id": { + "type": "string" + }, + "wellknown_endpoint": { + "type": "string" + }, + "redirect_uri": { + "type": "string" + }, + "authorization_audience": { + "type": "string" + }, + "token_endpoint": { + "type": "string" + }, + "proxy_token_endpoint": { + "type": "string" + }, + "client_alias": { + "type": "string" + }, + "qr_code_type": { + "type": "string", + "enum": [ + "OnlineSharing", + "EmbeddedVC", + "None" + ] + }, + "enabled": { + "type": "string" + }, + "credential_issuer": { + "type": "string" + }, + "credential_issuer_host": { "type": "string" } } } } - }, - "x-examples": { - "Example 1": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:29:08.687Z", - "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RES-SER-422", - "errorMessage": "Unsupported Authentication Type for child - otp" - } - ] - } + } + }, + "x-examples": { + "Example 1": { + "id": "mosip.resident.vid", + "version": "v1", + "str": null, + "responsetime": "2022-10-31T05:08:14.846Z", + "metadata": null, + "response": { + "issuers": [ + { + "issuer_id": "MOSIPInsurance", + "credential_issuer": "MOSIPInsurance", + "credential_issuer_host": "https://injicertify-insurance.collab.mosip.net", + "protocol": "OpenId4VCI", + "display": [ + { + "name": "MOSIP Insurance", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "MOSIP-Logo" + }, + "title": "Download via LIC", + "description": "This API provides data to populate the list of supported issuers in Inji Web, which is then displayed under the List of Issuers section on the Home page of Inji Web.", + "language": "en" + } + ], + "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", + "wellknown_endpoint": "http://localhost:8088/.well-known/openid-credential-issuer" + }, + { + "issuer_id": "MOSIPNationalID", + "credential_issuer": "MOSIPNationalID", + "credential_issuer_host": "https://injicertify-mosipid.released.mosip.net", + "protocol": "OpenId4VCI", + "display": [ + { + "name": "MOSIP National ID", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "MOSIP-Logo" + }, + "title": "Download via LIC", + "description": "Enter your policy number to download your card.", + "language": "en" + } + ], + "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", + "wellknown_endpoint": "http://localhost:8088/.well-known/openid-credential-issuer" + } + ] + }, + "errors": null } }, "examples": { - "success response": { + "Success response": { "value": { - "id": null, + "id": "mosip.resident.vid", "version": "v1", "str": null, - "responsetime": "2022-10-31T05:29:08.687Z", + "responsetime": "2022-10-31T05:08:14.846Z", "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RES-SER-422", - "errorMessage": "Unsupported Authentication Type for child - otp" - } - ] + "response": { + "issuers": [ + { + "issuer_id": "MOSIPInsurance", + "credential_issuer": "MOSIPInsurance", + "credential_issuer_host": "https://injicertify-insurance.collab.mosip.net", + "protocol": "OpenId4VCI", + "display": [ + { + "name": "MOSIP Insurance", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "MOSIP-Logo" + }, + "title": "Download via LIC", + "description": "Enter your policy number to download your card.", + "language": "en" + } + ], + "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", + ".well-known": "http://localhost:8088/.well-known/openid-credential-issuer" + }, + { + "issuer_id": "MOSIPNationalID", + "credential_issuer": "MOSIPNationalID", + "credential_issuer_host": "https://injicertify-mosipid.released.mosip.net", + "protocol": "OpenId4VCI", + "display": [ + { + "name": "MOSIP National ID", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "MOSIP-Logo" + }, + "title": "Download via LIC", + "description": "Enter your policy number to download your card.", + "language": "en" + } + ], + "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", + ".well-known": "http://localhost:8088/.well-known/openid-credential-issuer" + } + ] + } } }, "Failure response": { @@ -1267,13 +1597,13 @@ "id": null, "version": "v1", "str": null, - "responsetime": "2022-10-31T05:27:38.546Z", + "responsetime": "2022-10-31T05:07:34.789Z", "metadata": null, "response": null, "errors": [ { - "errorCode": "RES-SER-457", - "errorMessage": "AID not found" + "errorCode": "RESIDENT-APP-26", + "errorMessage": "Api not accessible failure" } ] } @@ -1282,248 +1612,297 @@ } } } - }, - "description": "get individual id using application id", - "summary": "Generate Credential with Application id - Request Id for an aid" + } } }, - "/safetynet/online/verify": { - "post": { - "operationId": "processOnline", - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "string" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "object" - } - } + "/issuers/{issuer-id}": { + "get": { + "operationId": "getIssuerConfig", + "parameters": [ + { + "name": "issuer-id", + "in": "path", + "required": true, + "schema": { + "type": "string" } } - }, - "summary": "Safetynet Verify Online", - "description": "" - } - }, - "/safetynet/offline/verify": { - "post": { - "operationId": "processOffline", - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "string" - } - } - }, - "required": true - }, + ], + "tags": [ + "Trusted Issuers" + ], + "description": "This API provides the complete configuration details for the specific issuers passed in the path variable", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "type": "object" - } - } - } - } - }, - "summary": "Safetynet Verify Offline" - } - }, - "/vid": { - "post": { - "operationId": "vidGenerate", - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "individualId": { - "type": "string" - }, - "individualIdType": { - "type": "string" - }, - "otp": { - "type": "string" - }, - "vidType": { - "type": "string" - }, - "transactionID": { - "type": "string" + "type": "object", + "properties": { + "response": { + "type": "object", + "properties": { + "issuer_id": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "display": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "logo": { + "type": "object", + "properties": { + "url": { + "type": "string" + }, + "alt_text": { + "type": "string" + } + } + }, + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "language": { + "type": "string" + } + } + } + }, + "client_id": { + "type": "string" + }, + "wellknown_endpoint": { + "type": "string" + }, + "redirect_uri": { + "type": "string" + }, + "authorization_audience": { + "type": "string" + }, + "token_endpoint": { + "type": "string" + }, + "proxy_token_endpoint": { + "type": "string" + }, + "client_alias": { + "type": "string" + }, + "qr_code_type": { + "type": "string", + "enum": [ + "OnlineSharing", + "EmbeddedVC", + "None" + ] + }, + "enabled": { + "type": "boolean" + }, + "credential_issuer": { + "type": "string" + }, + "credential_issuer_host": { + "type": "string" + } + } + }, + "errors": { + "type": "array", + "items": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + } + } + } + } } }, "x-examples": { "Example 1": { - "individualId": "2057135194", - "individualIdType": "UIN", - "otp": "111111", - "vidType": "PERPETUAL", - "transactionID": "1234567890" - } - } - }, - "examples": { - "VID REQUEST": { - "value": { - "individualId": "2057135194", - "individualIdType": "UIN", - "otp": "111111", - "vidType": "PERPETUAL", - "transactionID": "1234567890" - } - }, - "example-2": { - "value": { - "individualId": "string", - "individualIdType": "string", - "otp": "string", - "vidType": "string", - "transactionID": "string" - } - } - } - }, - "application/xml": { - "schema": { - "type": "object", - "properties": { - "individualId": { - "type": "string" - }, - "individualIdType": { - "type": "string" - }, - "otp": { - "type": "string" - }, - "vidType": { - "type": "string" - }, - "transactionID": { - "type": "string" - } - }, - "x-examples": { - "Example 1": { - "individualId": "2057135194", - "individualIdType": "UIN", - "otp": "111111", - "vidType": "PERPETUAL", - "transactionID": "1234567890" - } - } - }, - "examples": { - "example-1": { - "value": "{\n \"individualId\": \"2057135194\",\n \"individualIdType\": \"UIN\",\n \"otp\": \"111111\",\n \"vidType\": \"PERPETUAL\",\n \"transactionID\": \"1234567890\"\n}" - } - } - } - }, - "required": true, - "description": "" - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - }, - "str": { - "type": "null" - }, - "responsetime": { - "type": "string" - }, - "metadata": { - "type": "null" - }, "response": { - "type": "object", - "properties": { - "vid": { - "type": "string" + "issuer_id": "ESignet", + "protocol": "OpenId4VCI", + "display": [ + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "mosip-logo" + }, + "title": "Download MOSIP Credentials", + "description": "Download credentials by providing UIN or VID", + "language": "en" }, - "message": { - "type": "string" + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "شعار موسيب" + }, + "title": "قم بتنزيل بيانات اعتماد MOSIP", + "description": "توفير UIN أو VIDقم بتنزيل بيانات الاعتماد عن طريق", + "language": "ar" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "मोसिप लोगो" + }, + "title": "MOSIP क्रेडेंशियल डाउनलोड करेंं", + "description": "यूआईएन या वीआईडी प्रदान करके क्रेडेंशियल डाउनलोड करें", + "language": "hi" } - } + ], + "client_id": "*****", + "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", + "scopes_supported": [ + "mosip_identity_vc_ldp" + ], + "authorization_endpoint": "https://esignet.collab.mosip.net/authorize", + "authorization_audience": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", + "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/ESignet", + "proxy_token_endpoint": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", + "credential_endpoint": "https://esignet.collab.mosip.net/v1/esignet/vci/credential", + "credential_type": [ + "VerifiableCredential", + "MOSIPVerifiableCredential" + ], + "credential_audience": "https://esignet.collab.mosip.net", + "client_alias": "mpartner-default-mimotooidc", + "additional_headers": { + "Accept": "application/json" + }, + "wellknown_endpoint": "https://esignet.collab.mosip.net/.well-known/openid-credential-issuer" }, - "errors": { - "type": "array", - "items": { - "type": "object", - "properties": {} - } - } + "errors": [] }, - "x-examples": { - "Example 1": { - "id": "mosip.resident.vid", - "version": "v1", - "str": null, - "responsetime": "2022-10-31T04:49:43.085Z", - "metadata": null, - "response": { - "vid": "6924813502849610", - "message": "Notification has been sent to the provided email " - }, - "errors": [] - } - } + "errors": null }, "examples": { "Success response": { "value": { - "id": "mosip.resident.vid", + "id": "mosip.mimoto.issuers", "version": "v1", "str": null, - "responsetime": "2022-10-31T04:49:43.085Z", + "responsetime": "2024-04-25T05:56:55.890Z", "metadata": null, "response": { - "vid": "6924813502849610", - "message": "Notification has been sent to the provided email " + "issuer_id": "mosip.mimoto.issuers", + "protocol": "OpenId4VCI", + "display": [ + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "mosip-logo" + }, + "title": "Download MOSIP Credentials", + "description": "Download credentials by providing UIN or VID", + "language": "en" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "شعار موسيب" + }, + "title": "قم بتنزيل بيانات اعتماد MOSIP", + "description": "توفير UIN أو VIDقم بتنزيل بيانات الاعتماد عن طريق", + "language": "ar" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "मोसिप लोगो" + }, + "title": "MOSIP क्रेडेंशियल डाउनलोड करेंं", + "description": "यूआईएन या वीआईडी प्रदान करके क्रेडेंशियल डाउनलोड करें", + "language": "hi" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "mosip ಲೋಗೋ" + }, + "title": "MOSIP ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "description": "UIN ಅಥವಾ VID ಒದಗಿಸುವ ಮೂಲಕ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", + "language": "kn" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "mosip லோகோ" + }, + "title": "MOSIP சான்றுகளைப் பதிவிறக்கவும்", + "description": "UIN அல்லது VIDஐ வழங்குவதன் மூலம் நற்சான்றிதழ்களைப் பதிவிறக்கவும்", + "language": "ta" + }, + { + "name": "e-Signet", + "logo": { + "url": "https://api.collab.mosip.net/inji/mosip-logo.png", + "alt_text": "logo ng mosip" + }, + "title": "I-download ang Mga Kredensyal ng MOSIP", + "description": "Mag-download ng mga kredensyal sa pamamagitan ng pagbibigay ng UIN o VID", + "language": "fil" + } + ], + "client_id": "DEqVWfdKe9cQWikLdjak3vlDF0Pq7jtnwTcGdEXoT1I", + "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", + "authorization_audience": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", + "token_endpoint": "https://api.collab.mosip.net/v1/mimoto/get-token/ESignet", + "proxy_token_endpoint": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", + "credential_endpoint": "https://esignet.collab.mosip.net/v1/esignet/vci/credential", + "credential_type": [ + "VerifiableCredential", + "MOSIPVerifiableCredential" + ], + "credential_audience": "https://esignet.collab.mosip.net", + "client_alias": "mpartner-default-mimotooidc", + "additional_headers": { + "Accept": "application/json" + }, + "wellknown_endpoint": "https://esignet.collab.mosip.net/.well-known/openid-credential-issuer" }, "errors": [] } }, "Failure response": { "value": { - "id": "mosip.resident.vid", + "id": null, "version": "v1", "str": null, - "responsetime": "2022-10-31T04:57:10.792Z", + "responsetime": "2022-10-31T05:07:34.789Z", "metadata": null, "response": null, "errors": [ { - "errorCode": "RES-SER-422", - "errorMessage": "OTP is invalid" + "errorCode": "RESIDENT-APP-26", + "errorMessage": "Api not accessible failure" } ] } @@ -1532,170 +1911,149 @@ } } } - }, - "summary": "Generate VID", - "description": "Generate new VID" + } } }, - "/req/auth/unlock": { - "post": { - "operationId": "authUnlock", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthUnlockRequestDTO" - } - } - }, - "required": true - }, + "/v2/issuers": { + "get": { + "operationId": "getAllIssuersV2", + "parameters": [], + "tags": [ + "Trusted Issuers V2" + ], + "summary": "Retrieve all onboarded issuers (V2)", + "description": "Retrieve all onboarded issuers in V2 response format. Returns minimal issuer data from configuration (issuer_id, client_id, credential_issuer_host, qr_code_type, token_endpoint, protocol, display, etc.) without fetching well-known endpoints.", "responses": { "200": { "description": "OK", "content": { - "*/*": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "id": { "type": "string", "nullable": true }, + "version": { "type": "string", "nullable": true }, + "responsetime": { "type": "string", "format": "date-time", "nullable": true }, + "metadata": { "type": "object", "nullable": true }, + "response": { + "type": "object", + "properties": { + "issuers": { + "type": "array", + "items": { + "$ref": "#/components/schemas/IssuerV2DTO" + } + } + } + }, + "errors": { "type": "array", "items": { "type": "object", "properties": { "code": { "type": "string" }, "message": { "type": "string" } } }, "nullable": true } + } + } + } + } + }, + "400": { + "description": "Bad Request - API not accessible or configuration error", + "content": { + "application/json": { "schema": { - "type": "object" + "type": "object", + "properties": { + "response": { "type": "object", "nullable": true }, + "errors": { "type": "array", "items": { "type": "object", "properties": { "code": { "type": "string" }, "message": { "type": "string" } } } } + } } } } } - }, - "summary": "Auth Unlock", - "description": "Auth unlock" + } } }, - "/req/auth/lock": { - "post": { - "operationId": "authLock", - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/AuthLockRequestDTO" - } - } - }, - "required": true - }, + "/v2/issuers/{issuer-id}": { + "get": { + "operationId": "getIssuerByIdV2", + "parameters": [ + { + "name": "issuer-id", + "in": "path", + "required": true, + "schema": { "type": "string" }, + "description": "Unique identifier of the issuer" + } + ], + "tags": [ + "Trusted Issuers V2" + ], + "summary": "Retrieve specific issuer (V2)", + "description": "Retrieve a single issuer in V2 response format by issuer ID. Returns configuration-only data.", "responses": { "200": { "description": "OK", "content": { - "*/*": { + "application/json": { "schema": { - "type": "object" + "type": "object", + "properties": { + "id": { "type": "string", "nullable": true }, + "version": { "type": "string", "nullable": true }, + "responsetime": { "type": "string", "format": "date-time", "nullable": true }, + "metadata": { "type": "object", "nullable": true }, + "response": { "$ref": "#/components/schemas/IssuerV2DTO" }, + "errors": { "type": "array", "items": { "type": "object" }, "nullable": true } + } } } } - } - }, - "description": "Auth lock", - "summary": "Auth Lock" - } - }, - "/allProperties": { - "get": { - "operationId": "getAllProperties", - "responses": {}, - "description": "get all configurable properties for inji.", - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "version": { - "type": "string" - }, - "str": { - "type": "null" - }, - "responsetime": { - "type": "string" - }, - "metadata": { - "type": "null" - }, - "response": { - "type": "object", - "properties": { - "internal.auth.types.allowed": { - "type": "string" - }, - "auth.types.allowed": { - "type": "string" - }, - "ekyc.auth.types.allowed": { - "type": "string" - } - } - }, - "errors": { - "type": "array", - "items": { - "type": "object", - "properties": {} - } - } - }, - "x-examples": { - "Example 1": { - "id": "mosip.inji.properties", - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:22:21.009Z", - "metadata": null, - "response": { - "internal.auth.types.allowed": "otp,bio-Finger,bio-Iris,bio-Face", - "auth.types.allowed": "demo,otp,bio-Finger,bio-Iris,bio-Face", - "ekyc.auth.types.allowed": "demo,otp,bio-Finger,bio-Iris,bio-Face" - }, - "errors": [] + }, + "404": { + "description": "Not Found - Invalid issuer ID", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "response": { "type": "object", "nullable": true }, + "errors": { "type": "array", "items": { "type": "object", "properties": { "code": { "type": "string" }, "message": { "type": "string" } } } } } } - }, - "examples": { - "example-1": { - "value": { - "id": "mosip.inji.properties", - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:22:21.009Z", - "metadata": null, - "response": { - "internal.auth.types.allowed": "otp,bio-Finger,bio-Iris,bio-Face", - "auth.types.allowed": "demo,otp,bio-Finger,bio-Iris,bio-Face", - "ekyc.auth.types.allowed": "demo,otp,bio-Finger,bio-Iris,bio-Face" - }, - "errors": [] + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "response": { "type": "object", "nullable": true }, + "errors": { "type": "array" } } } } } } - }, - "summary": "Get all Inji app properties" + } } }, - "/issuers": { + "/issuers/{issuer-id}/well-known-proxy": { "get": { - "operationId": "getAllIssuers", + "operationId": "getCredentialWellknown", "parameters": [ { - "name": "search", - "in": "query", - "required": false, + "name": "issuer-id", + "in": "path", + "required": true, "schema": { "type": "string" } } ], - "description": "This API provides data with search capability to populate the list of supported issuers in Inji Web, which is then displayed under the List of Issuers", + "tags": [ + "Trusted Issuers" + ], + "deprecated": true, + "description": "This API fetches and allows searching for Credential Types offered by the issuer, all sourced from the issuer's well-known configuration. Since version 0.16.0, this endpoint is deprecated and will be removed in a future release. Use issuers new endpoint issuers/{issuer-id}/configuration instead.", "responses": { "200": { "description": "OK", @@ -1704,160 +2062,426 @@ "schema": { "type": "object", "properties": { - "issuers": [ - { - "credential_issuer": "string", - "protocol": "string", - "display": [ - { - "name": "string", - "logo": { - "url": "string", - "alt_text": "string" - }, - "title": "string", - "description": "string", - "language": "string" + "credential_issuer": { + "type": "string" + }, + "authorization_servers": { + "type": "array", + "items": { + "type": "string" + } + }, + "credential_endpoint": { + "type": "string" + }, + "credential_configurations_supported": { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "format": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "doctype": { + "type": "string" + }, + "proof_types_supported": { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "proof_signing_alg_values_supported": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "claims": { + "type": "object" + }, + "credential_definition": { + "type": "object", + "properties": { + "type": { + "type": "array", + "items": { + "type": "string" + } + }, + "credentialSubject": { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": { + "display": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "locale": { + "type": "string" + } + } + } + } + } + } + } + } + }, + "display": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "locale": { + "type": "string" + }, + "logo": { + "type": "object", + "properties": { + "url": { + "type": "string" + }, + "alt_text": { + "type": "string" + } + } + }, + "background_image": { + "type": "object", + "properties": { + "uri": { + "type": "string" + } + } + }, + "background_color": { + "type": "string" + }, + "text_color": { + "type": "string" + } + } + } + }, + "order": { + "type": "array", + "items": { + "type": "string" + } } - ], - "client_id": "string", - "redirect_uri": "string", - "scopes_supported": [ - "string" - ], - "authorization_endpoint": "string", - "authorization_audience": "string", - "token_endpoint": "string", - "proxy_token_endpoint": "string", - "credential_endpoint": "string", - "credential_type": [ - "string" - ], - "credential_audience": "string", - "client_alias": "string", - "additional_headers": { - "additionalProp1": "string", - "additionalProp2": "string", - "additionalProp3": "string" - }, - ".well-known": "string" + } } - ] + } } }, - "x-examples": { - "Example 1": { - "id": "mosip.resident.vid", - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:08:14.846Z", - "metadata": null, - "response": { - "issuers": [ - { - "credential_issuer": "MOSIPInsurance", - "protocol": "OpenId4VCI", + "examples": { + "Success response": { + "value": { + "credential_issuer": "https://injicertify-insurance.dev1.mosip.net", + "authorization_servers": [ + "https://esignet-insurance.dev1.mosip.net" + ], + "credential_endpoint": "https://injicertify-insurance.dev1.mosip.net/v1/certify/issuance/credential", + "credential_configurations_supported": { + "InsuranceCredential": { + "format": "ldp_vc", + "scope": "sunbird_rc_insurance_vc_ldp", + "order": [ + "fullName", + "policyName", + "policyExpiresOn", + "policyIssuedOn", + "policyNumber", + "mobile", + "dob", + "gender", + "benefits", + "email" + ], + "proof_types_supported": { + "jwt": { + "proof_signing_alg_values_supported": [ + "RS256", + "PS256" + ] + } + }, + "credential_definition": { + "type": [ + "VerifiableCredential", + "InsuranceCredential" + ], + "credentialSubject": { + "fullName": { + "display": [ + { + "name": "Name", + "locale": "en" + } + ] + }, + "mobile": { + "display": [ + { + "name": "Phone Number", + "locale": "en" + } + ] + }, + "dob": { + "display": [ + { + "name": "Date of Birth", + "locale": "en" + } + ] + }, + "gender": { + "display": [ + { + "name": "Gender", + "locale": "en" + } + ] + }, + "benefits": { + "display": [ + { + "name": "Benefits", + "locale": "en" + } + ] + }, + "email": { + "display": [ + { + "name": "Email Id", + "locale": "en" + } + ] + }, + "policyIssuedOn": { + "display": [ + { + "name": "Policy Issued On", + "locale": "en" + } + ] + }, + "policyExpiresOn": { + "display": [ + { + "name": "Policy Expires On", + "locale": "en" + } + ] + }, + "policyName": { + "display": [ + { + "name": "Policy Name", + "locale": "en" + } + ] + }, + "policyNumber": { + "display": [ + { + "name": "Policy Number", + "locale": "en" + } + ] + } + } + }, "display": [ { - "name": "MOSIP Insurance", + "name": "Health Insurance", + "locale": "en", "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "MOSIP-Logo" + "url": "https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png", + "alt_text": "a square logo of a Veridonia" }, - "title": "Download via LIC", - "description": "This API provides data to populate the list of supported issuers in Inji Web, which is then displayed under the List of Issuers section on the Home page of Inji Web.", - "language": "en" + "background_image": { + "uri": "https://api.dev1.mosip.net/inji/veridonia-logo.png" + }, + "background_color": "#FDFAF9", + "text_color": "#7C4616" } - ], - "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", - ".well-known": "http://localhost:8088/.well-known/openid-credential-issuer" + ] }, - { - "credential_issuer": "MOSIPNationalID", - "protocol": "OpenId4VCI", + "LifeInsuranceCredential": { + "format": "ldp_vc", + "scope": "life_insurance_vc_ldp", + "order": [ + "fullName", + "policyName", + "policyExpiresOn", + "policyIssuedOn", + "policyNumber", + "mobile", + "dob", + "gender", + "benefits", + "email" + ], + "proof_types_supported": { + "jwt": { + "proof_signing_alg_values_supported": [ + "RS256", + "ES256" + ] + } + }, + "credential_definition": { + "type": [ + "VerifiableCredential", + "LifeInsuranceCredential" + ], + "credentialSubject": { + "fullName": { + "display": [ + { + "name": "Name", + "locale": "en" + } + ] + }, + "mobile": { + "display": [ + { + "name": "Phone Number", + "locale": "en" + } + ] + }, + "dob": { + "display": [ + { + "name": "Date of Birth", + "locale": "en" + } + ] + }, + "gender": { + "display": [ + { + "name": "Gender", + "locale": "en" + } + ] + }, + "benefits": { + "display": [ + { + "name": "Benefits", + "locale": "en" + } + ] + }, + "email": { + "display": [ + { + "name": "Email Id", + "locale": "en" + } + ] + }, + "policyIssuedOn": { + "display": [ + { + "name": "Policy Issued On", + "locale": "en" + } + ] + }, + "policyExpiresOn": { + "display": [ + { + "name": "Policy Expires On", + "locale": "en" + } + ] + }, + "policyName": { + "display": [ + { + "name": "Policy Name", + "locale": "en" + } + ] + }, + "policyNumber": { + "display": [ + { + "name": "Policy Number", + "locale": "en" + } + ] + } + } + }, "display": [ { - "name": "MOSIP National ID", + "name": "Life Insurance", + "locale": "en", "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "MOSIP-Logo" + "url": "https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png", + "alt_text": "a square logo of a Veridonia" }, - "title": "Download via LIC", - "description": "Enter your policy number to download your card.", - "language": "en" + "background_image": { + "uri": "https://api.dev1.mosip.net/inji/veridonia-logo.png" + }, + "background_color": "#FDFAF9", + "text_color": "#7C4616" } - ], - "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", - ".well-known": "http://localhost:8088/.well-known/openid-credential-issuer" + ] + } + } + } + }, + "Failure response": { + "value": { + "id": null, + "version": "v1", + "str": null, + "responsetime": "2022-10-31T05:07:34.789Z", + "metadata": null, + "response": null, + "errors": [ + { + "errorCode": "RESIDENT-APP-026", + "errorMessage": "Api not accessible failure" } ] } }, - "errors": null - }, - "examples": { - "Success response": { + "Failure response 2": { "value": { - "id": "mosip.resident.vid", + "id": null, "version": "v1", "str": null, - "responsetime": "2022-10-31T05:08:14.846Z", - "metadata": null, - "response": { - "issuers": [ - { - "credential_issuer": "MOSIPInsurance", - "protocol": "OpenId4VCI", - "display": [ - { - "name": "MOSIP Insurance", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "MOSIP-Logo" - }, - "title": "Download via LIC", - "description": "Enter your policy number to download your card.", - "language": "en" - } - ], - "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", - ".well-known": "http://localhost:8088/.well-known/openid-credential-issuer" - }, - { - "credential_issuer": "MOSIPNationalID", - "protocol": "OpenId4VCI", - "display": [ - { - "name": "MOSIP National ID", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "MOSIP-Logo" - }, - "title": "Download via LIC", - "description": "Enter your policy number to download your card.", - "language": "en" - } - ], - "client_id": "3yz7-j3xRzU3SODdoNgSGvO_cD8UijH3AIWRDAg1x-M", - ".well-known": "http://localhost:8088/.well-known/openid-credential-issuer" - } - ] - } - }, - "errors": null - }, - "Failure response": { - "value": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:07:34.789Z", + "responsetime": "2022-10-31T05:07:34.789Z", "metadata": null, "response": null, "errors": [ { - "errorCode": "RESIDENT-APP-26", - "errorMessage": "Api not accessible failure" + "errorCode": "RESIDENT-APP-035", + "errorMessage": "Invalid issuer ID" } ] } @@ -1866,268 +2490,205 @@ } } } - } + }, + "summary": "Get Issuers Wellknown" } }, - "/issuers/{issuer-id}": { + "/issuers/{issuer-id}/configuration": { "get": { - "operationId": "getIssuerConfig", + "operationId": "getCredentialIssuerConfiguration", "parameters": [ { "name": "issuer-id", "in": "path", "required": true, + "description": "The unique identifier of the credential issuer.", "schema": { "type": "string" } } ], - "description": "This API provides the complete configuration details for the specific issuers passed in the path variable", + "tags": [ + "Trusted Issuers" + ], + "description": "Retrieve the required configuration details for a specific issuer and its authorization server from their respective well-known endpoints.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "issuers": [ - { - "credential_issuer": "string", - "protocol": "string", - "display": [ + "$ref": "#/components/schemas/IssuerConfigurationSuccessResponse" + }, + "examples": { + "SuccessResponse": { + "summary": "Issuer Configuration Response", + "value": { + "response": { + "credentials_supported": [ { - "name": "string", - "logo": { - "url": "string", - "alt_text": "string" - }, - "title": "string", - "description": "string", - "language": "string" + "name": "InsuranceCredential", + "scope": "sunbird_rc_insurance_vc_ldp", + "display": [ + { + "name": "Health Insurance", + "locale": "en", + "logo": "https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png" + } + ] } ], - "client_id": "string", - "redirect_uri": "string", - "scopes_supported": [ - "string" - ], - "authorization_endpoint": "string", - "authorization_audience": "string", - "token_endpoint": "string", - "proxy_token_endpoint": "string", - "credential_endpoint": "string", - "credential_type": [ - "string" - ], - "credential_audience": "string", - "client_alias": "string", - "additional_headers": { - "additionalProp1": "string", - "additionalProp2": "string", - "additionalProp3": "string" - }, - ".well-known": "string" - } - ] + "authorization_endpoint": "https://esignet-insurance.collab.mosip.net/authorize", + "grant_types_supported": [ + "authorization_code" + ] + }, + "errors": [] + } } + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/IssuerConfigurationErrorResponse" }, - "x-examples": { - "Example 1": { - "id": "mosip.mimoto.issuers", - "version": "v1", - "str": null, - "responsetime": "2024-04-25T05:56:55.890Z", - "metadata": null, - "response": { - "credential_issuer": "ESignet", - "protocol": "OpenId4VCI", - "display": [ - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip-logo" - }, - "title": "Download MOSIP Credentials", - "description": "Download credentials by providing UIN or VID", - "language": "en" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "شعار موسيب" - }, - "title": "قم بتنزيل بيانات اعتماد MOSIP", - "description": "توفير UIN أو VIDقم بتنزيل بيانات الاعتماد عن طريق", - "language": "ar" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "मोसिप लोगो" - }, - "title": "MOSIP क्रेडेंशियल डाउनलोड करेंं", - "description": "यूआईएन या वीआईडी प्रदान करके क्रेडेंशियल डाउनलोड करें", - "language": "hi" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip ಲೋಗೋ" - }, - "title": "MOSIP ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", - "description": "UIN ಅಥವಾ VID ಒದಗಿಸುವ ಮೂಲಕ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", - "language": "kn" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip லோகோ" - }, - "title": "MOSIP சான்றுகளைப் பதிவிறக்கவும்", - "description": "UIN அல்லது VIDஐ வழங்குவதன் மூலம் நற்சான்றிதழ்களைப் பதிவிறக்கவும்", - "language": "ta" - }, + "examples": { + "FailureResponse1": { + "summary": "Api not accessible failure", + "value": { + "errors": [ { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "logo ng mosip" - }, - "title": "I-download ang Mga Kredensyal ng MOSIP", - "description": "Mag-download ng mga kredensyal sa pamamagitan ng pagbibigay ng UIN o VID", - "language": "fil" + "errorCode": "RESIDENT-APP-026", + "errorMessage": "Api not accessible failure" } ], - "client_id": "*****", - "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", - "scopes_supported": [ - "mosip_identity_vc_ldp" + "response": null + } + }, + "FailureResponse2": { + "summary": "Invalid issuer ID", + "value": { + "errors": [ + { + "errorCode": "RESIDENT-APP-035", + "errorMessage": "Invalid issuer ID" + } ], - "authorization_endpoint": "https://esignet.collab.mosip.net/authorize", - "authorization_audience": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", - "token_endpoint": "https://api.collab.mosip.net/residentmobileapp/get-token/ESignet", - "proxy_token_endpoint": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", - "credential_endpoint": "https://esignet.collab.mosip.net/v1/esignet/vci/credential", - "credential_type": [ - "VerifiableCredential", - "MOSIPVerifiableCredential" + "response": null + } + }, + "FailureResponse3": { + "summary": "Invalid Authorization Server well-known endpoint", + "value": { + "errors": [ + { + "errorCode": "RESIDENT-APP-042", + "errorMessage": "Invalid Authorization Server well-known from server:\nAuthorization Server host url cannot be null" + } ], - "credential_audience": "https://esignet.collab.mosip.net", - "client_alias": "mpartner-default-mimotooidc", - "additional_headers": { - "Accept": "application/json" - }, - ".well-known": "https://esignet.collab.mosip.net/.well-known/openid-credential-issuer" - }, - "errors": [] + "response": null + } + } + } + } + } + } + } + } + }, + "/credentials/download": { + "post": { + "requestBody": { + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "grant_type": { + "type": "string", + "example": "authorization_code" }, - "errors": null + "code": { + "type": "string", + "example": "GL9N1V-authorizationcodeyBkoaonjplms" + }, + "redirect_uri": { + "type": "string", + "example": "https://injiweb.collab.mosip.net/redirect" + }, + "code_verifier": { + "type": "string", + "example": "Sq6nZNToevcodeVerifierjXw70LCJ" + }, + "issuer": { + "type": "string", + "example": "Mosip" + }, + "credential": { + "type": "string", + "example": "MosipVerifiableCredential" + }, + "vcStorageExpiryLimitInTimes": { + "type": "string", + "example": "1" + }, + "locale": { + "type": "string", + "example": "en" + } + } + } + } + }, + "required": true + }, + "tags": [ + "Credentials Download" + ], + "description": "This API is responsible for generating PDFs for the received VC content. It fetches display properties from the well-known configuration of the issuer and incorporates them into the predefined template of the PDF file.", + "responses": { + "200": { + "description": "OK", + "content": { + "application/pdf": { + "schema": { + "type": "string", + "format": "binary" + } + } + } + }, + "400": { + "description": "BAD_REQUEST", + "content": { + "application/pdf": { + "schema": { + "type": "string", + "format": "binary" }, "examples": { - "Success response": { + "Failure response 1": { "value": { - "id": "mosip.mimoto.issuers", + "id": null, "version": "v1", "str": null, - "responsetime": "2024-04-25T05:56:55.890Z", + "responsetime": "2022-10-31T05:07:34.789Z", "metadata": null, - "response": { - "credential_issuer": "ESignet", - "protocol": "OpenId4VCI", - "display": [ - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip-logo" - }, - "title": "Download MOSIP Credentials", - "description": "Download credentials by providing UIN or VID", - "language": "en" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "شعار موسيب" - }, - "title": "قم بتنزيل بيانات اعتماد MOSIP", - "description": "توفير UIN أو VIDقم بتنزيل بيانات الاعتماد عن طريق", - "language": "ar" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "मोसिप लोगो" - }, - "title": "MOSIP क्रेडेंशियल डाउनलोड करेंं", - "description": "यूआईएन या वीआईडी प्रदान करके क्रेडेंशियल डाउनलोड करें", - "language": "hi" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip ಲೋಗೋ" - }, - "title": "MOSIP ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", - "description": "UIN ಅಥವಾ VID ಒದಗಿಸುವ ಮೂಲಕ ರುಜುವಾತುಗಳನ್ನು ಡೌನ್ಲೋಡ್ ಮಾಡಿ", - "language": "kn" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "mosip லோகோ" - }, - "title": "MOSIP சான்றுகளைப் பதிவிறக்கவும்", - "description": "UIN அல்லது VIDஐ வழங்குவதன் மூலம் நற்சான்றிதழ்களைப் பதிவிறக்கவும்", - "language": "ta" - }, - { - "name": "e-Signet", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "logo ng mosip" - }, - "title": "I-download ang Mga Kredensyal ng MOSIP", - "description": "Mag-download ng mga kredensyal sa pamamagitan ng pagbibigay ng UIN o VID", - "language": "fil" - } - ], - "client_id": "DEqVWfdKe9cQWikLdjak3vlDF0Pq7jtnwTcGdEXoT1I", - "redirect_uri": "io.mosip.residentapp.inji://oauthredirect", - "scopes_supported": [ - "mosip_identity_vc_ldp" - ], - "authorization_endpoint": "https://esignet.collab.mosip.net/authorize", - "authorization_audience": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", - "token_endpoint": "https://api.collab.mosip.net/residentmobileapp/get-token/ESignet", - "proxy_token_endpoint": "https://esignet.collab.mosip.net/v1/esignet/oauth/v2/token", - "credential_endpoint": "https://esignet.collab.mosip.net/v1/esignet/vci/credential", - "credential_type": [ - "VerifiableCredential", - "MOSIPVerifiableCredential" - ], - "credential_audience": "https://esignet.collab.mosip.net", - "client_alias": "mpartner-default-mimotooidc", - "additional_headers": { - "Accept": "application/json" - }, - ".well-known": "https://esignet.collab.mosip.net/.well-known/openid-credential-issuer" - }, - "errors": [] - }, - "errors": null + "response": null, + "errors": [ + { + "errorCode": "RESIDENT-APP-036", + "errorMessage": "Invalid Credential Type Id" + } + ] + } }, - "Failure response": { + "Failure response 2": { "value": { "id": null, "version": "v1", @@ -2137,465 +2698,2094 @@ "response": null, "errors": [ { - "errorCode": "RESIDENT-APP-26", + "errorCode": "RESIDENT-APP-026", "errorMessage": "Api not accessible failure" } ] } + }, + "Failure response 3": { + "value": { + "id": null, + "version": "v1", + "str": null, + "responsetime": "2022-10-31T05:07:34.789Z", + "metadata": null, + "response": null, + "errors": [ + { + "errorCode": "RESIDENT-APP-028", + "errorMessage": "error occured while signing pdf" + } + ] + } } } } } } + }, + "summary": "Download Credential As PDF", + "x-stoplight": { + "id": "42bjevdfa0stx" } } }, - "/issuers/{issuer-id}/credentialTypes": { + "/authorize": { "get": { - "operationId": "getCredentialTypes", + "summary": "Authorize Verifiable Presentation", + "tags": [ + "Authorize the Verifiable Presentation" + ], + "responses": { + "302": { + "description": "Found\n\n**Success Case :**\n\n```json\n\n{redirectUri}#vp_token={base64_encoded_vpToken}&presentation_submission={url_encoded_presentation_submission}\n\n```\n**Error Case :** \n\n```json\n\n{redirectUri}?error={error_codes}&error_messages={error_messages}\n\n```\n\n\n**Possible Error Codes and Error Messages :**\n\n- **invalid_request** - \"Some incorrect parameters in the request\"\n- **unsupported_format** - \"No VC of this format is found\"\n- **resource_not_found** - \"The requested resource doesn’t exist.\"\n- **server_unavailable** - \"The server is not reachable right now.\"\n- **resource_expired** - \"The requested resource expired.\"\n- **resource_invalid** - \"The requested resource is invalid.\"\n- **request_timed_out** - \"We are unable to process your request right now\"\n- **uri_too_long** - \"Resource URI is too long to be handled\"\n- **invalid_client** - \"The requested client doesn’t match.\"\n- **invalid_redirect_uri** - \"The requested redirect URI doesn’t match.\"\n- **internal_server_error** - \"We are unable to process request now\"\n\n" + } + }, + "operationId": "get-v1-mimoto-authorize", + "x-stoplight": { + "id": "x4k8ruhin2f09" + }, "parameters": [ { - "name": "issuer-id", + "schema": { + "type": "string", + "default": "vp_token" + }, + "in": "query", + "name": "response_type", + "description": "Response Type of the authorization" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "resource", + "description": "Credential Resource url" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "presentation_definition", + "description": "URL Encoded Value of the presentation Definition" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "client_id", + "description": "Client ID of the registered verifier" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "redirect_uri", + "description": "One of the Redirect uri of the registered verifiers" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "state", + "description": "Unique session identifier to prevent CSRF" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "nonce", + "description": "Cryptographic challenge used to bind the presentation to this request" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "response_uri", + "description": "Where to send the VP token" + }, + { + "schema": { + "type": "string" + }, + "in": "query", + "name": "response_mode", + "description": "Specifies how the Verifier will receive the Authorization Response from the Wallet" + } + ] + } + }, + "/users/me": { + "get": { + "tags": [ + "Users" + ], + "summary": "Retrieve user metadata", + "description": "First attempts to retrieve user metadata from the session cache. If not available, fetches from the database. This API is secured using session-based authentication.", + "operationId": "getUserProfile", + "security": [ + { + "SessionAuth": [] + } + ], + "responses": { + "200": { + "description": "User profile retrieved successfully", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UserMetadataDTO" + }, + "examples": { + "Success response from DB": { + "value": { + "displayName": "John Doe", + "profilePictureUrl": "https://example.com/profile.jpg", + "email": "john.doe@example.com" + } + }, + "Success response from cache": { + "value": { + "displayName": "John Doe", + "profilePictureUrl": "john.doe@example.com", + "email": "john.doe@example.com", + "walletId": "123e4567-e89b-12d3-a456-426614174000" + } + } + } + } + } + }, + "401": { + "description": "User data not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User data not available in DB" : { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User not found. Please check your credentials or login again" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + }, + "Decryption Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "Failed to process user data" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + } + }, + "/wallets/{walletId}/credentials": { + "post": { + "tags": [ + "Wallet Credentials" + ], + "summary": "Download and store a Verifiable Credential under a specific Wallet", + "description": "This API is secured using session-based authentication. Upon receiving a request, the session ID is extracted from the Cookie header and used to retrieve session details from Redis for authentication. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. It then retrieves the wallet key from the session and use it to decrypt the signing algorithm's secret key(which is used for signing the JWT in credential request) and encrypt the downloaded Verifiable Credential. If the process completes successfully, the credential is stored in the database and certain fields will be returned in the response. In case of any issues, an appropriate error response is returned.", + "operationId": "downloadCredential", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", "in": "path", "required": true, "schema": { "type": "string" - } + }, + "description": "Unique identifier of the user's wallet where the credential will be stored" }, { - "name": "search", - "in": "query", + "name": "X-XSRF-TOKEN", + "in": "header", "required": false, "schema": { "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + }, + { + "name": "Accept-Language", + "in": "header", + "required": false, + "schema": { + "type": "string", + "default": "en" + }, + "description": "Locale is used to determine the language in which credential's issuer display details should be stored. Input should be a 2-letter code (e.g., 'en' for English, 'fr' for French). If not provided, defaults to 'en'." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifiableCredentialRequestDTO" + }, + "examples": { + "Default download": { + "value": { + "issuer": "Mosip", + "credentialConfigurationId": "MosipVerifiableCredential", + "code": "abc123", + "grant_type": "authorization_code", + "redirectUri": "https://example.com/redirect", + "codeVerifier": "xyz-secret-verifier" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Verifiable Credential downloaded and stored successfully", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifiableCredentialResponseDTO" + }, + "examples": { + "Success response": { + "value": { + "issuerDisplayName": "Mosip", + "issuerLogo": "https://example.com/logo.png", + "credentialTypeDisplayName": "National Identity Department Mosip", + "credentialTypeLogo": "https://example.com/credential-logo.png", + "credentialId": "1234567890" + } + } + } + } + } + }, + "400": { + "description": "Bad request - Wallet key is null / blank or Wallet ID is null / blank / mismatch with session Wallet ID or required params are missing / invalid or any invalid request data", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Wallet ID is null or blank": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet ID cannot be blank" + } + }, + "Invalid Accept-Language header": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Locale must be a 2-letter code" + } + }, + "Invalid Wallet ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID not found in session": { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + }, + "Wallet key not found in session" : { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet key not found in session" + } + }, + "Invalid issuer": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "issuerId cannot be blank" + } + }, + "Invalid credentialConfigurationId": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "credentialConfigurationId cannot be blank" + } + }, + "Invalid code": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "code cannot be blank" + } + }, + "Invalid grantType": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "grantType cannot be blank" + } + }, + "Invalid redirectUri": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "redirectUri cannot be blank" + } + }, + "Invalid codeVerifier": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "codeVerifier cannot be blank" + } + }, + "Credential already exists for given Issuer and Credential Type in the wallet": { + "value": { + "errorCode": "credential_download_error", + "errorMessage": "Duplicate credential for issuer and type" + } + } + } + } + } + }, + "500": { + "description": "Internal server error - along with below examples it will return this status code when error occurred while serializing the VC response or unable to store the response in data share or unable to encrypt the credential", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Exception occurred while fetching Issuer config": { + "value": { + "errorCode": "credential_download_error", + "errorMessage": "Unable to fetch issuer configuration" + } + }, + "Failed to generate VC Credential request": { + "value": { + "errorCode": "credential_download_error", + "errorMessage": "Unable to generate credential request" + } + }, + "Signature verification failed for downloaded Credential": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + }, + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable - along with below examples it will return this status code when any error occurred while fetching Issuer wellknown or Auth Server wellknown", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "API is not accessible": { + "value": { + "errorCode": "credential_download_error", + "errorMessage": "Failed to download and store the credential" + } + }, + "Failed to download credential from Issuer": { + "value": { + "errorCode": "server_unavailable", + "errorMessage": "Unable to download credential from issuer" + } + }, + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + }, + "get": { + "tags": [ + "Wallet Credentials" + ], + "summary": "Fetch all credentials for the given wallet", + "description": "This API is secured using session-based authentication. When a request is made, the session ID is extracted from the Cookie header and used to fetch session details from Redis for authentication. It then retrieves the wallet key from the session and uses it to decrypt all stored Verifiable Credentials for the given wallet. If successful, it returns a list of credentials otherwise an appropriate error is returned.", + "operationId": "fetchAllCredentialsForWallet", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the user's wallet from where the credential will be fetched" + }, + { + "name": "Accept-Language", + "in": "header", + "required": false, + "schema": { + "type": "string", + "default": "en" + }, + "description": "Language preference in which the user expects the Verifiable Credential to be rendered. Input should be a 2-letter code (e.g., 'en' for English, 'fr' for French). If not provided, defaults to 'en'." + } + ], + "responses": { + "200": { + "description": "Credentials retrieved successfully", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/VerifiableCredentialResponseDTO" + } + }, + "examples": { + "Success response": { + "value": [ + { + "issuerDisplayName": "Mosip", + "issuerLogo": "https://example.com/logo.png", + "credentialTypeDisplayName": "National Identity Department Mosip", + "credentialTypeLogo": "https://example.com/credential-logo.png", + "credentialId": "1234567890" + } + ] + } + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid Wallet Id": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID is not available in session" : { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + }, + "Wallet key not found in session": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet key not found in session" + } + }, + "Invalid Accept-Language header": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Locale must be a 2-letter code" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + } + }, + "/wallets/{walletId}/credentials/{credentialId}": { + "get": { + "tags": [ + "Wallet Credentials" + ], + "summary": "Fetch a Verifiable Credential by ID to either preview it or download it based on the requirement", + "description": "This API is protected using session-based authentication. When a request is received, the session ID is extracted from the Cookie header and used to fetch session data from Redis for user authentication. Upon successful authentication, the wallet key is retrieved from the session and used to decrypt the credential data obtained from the database.\n\nThe API retrieves a specific Verifiable Credential based on the provided wallet ID and credential ID. Depending on the action query parameter (inline or download) received in the request, the Content-Disposition header in the response is adjusted to either display the credential in the browser or prompt a file download. On success, the API returns the credential as a PDF byte stream. In case of any errors, an appropriate error response is returned.", + "operationId": "fetchVerifiableCredentialById", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the user's wallet" + }, + { + "name": "credentialId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the Verifiable Credential to be retrieved" + }, + { + "name": "action", + "in": "query", + "required": false, + "schema": { + "type": "string", + "default": "inline" + }, + "description": "Controls how the credential should be displayed. If it is sent as download, the response will include a header to download the file. For any other value or if not provided, it defaults to inline to preview the file in the browser." + }, + { + "name": "Accept-Language", + "in": "header", + "required": false, + "schema": { + "type": "string", + "default": "en" + }, + "description": "Language preference in which the user expects the Verifiable Credential to be rendered. Input should be a 2-letter code (e.g., 'en' for English, 'fr' for French). If not provided, defaults to 'en'." + }, + { + "name": "Accept", + "in": "header", + "required": true, + "schema": { + "type": "string", + "example": "application/pdf" + }, + "description": "The Accept header must be set to application/pdf to indicate that the response should be in PDF format. If not provided or set to a different value, the API will return a 400 Bad Request error." + } + ], + "responses": { + "200": { + "description": "Verifiable Credential fetched successfully", + "headers": { + "Content-Disposition": { + "description": "Indicates if the verifiable credential is displayed inline or downloaded", + "schema": { + "type": "string", + "example": "inline; filename=\"credential.pdf\"" + } + } + }, + "content": { + "application/pdf": { + "schema": { + "type": "string", + "format": "binary" + }, + "examples": { + "Success response": { + "value": "PDF content in Binary Format" + } + } + } + } + }, + "400": { + "description": "Bad request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid Wallet Id": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID is not available in session" : { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + }, + "Wallet key not found in session": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet key not found in session" + } + }, + "Invalid Accept-Language header": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Locale must be a 2-letter code" + } + }, + "Invalid Accept header" : { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Accept header must be application/pdf" + } + } + } + } + } + }, + "404": { + "description": "Not Found - Credential not found for given Wallet ID and Credential ID", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "No credentials found for the given Credential ID and Wallet ID": { + "value": { + "errorCode": "resource_not_found", + "errorMessage": "The requested resource doesn’t exist." + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Failed to decrypt the Credential": { + "value": { + "errorCode": "credential_fetch_error", + "errorMessage": "Decryption failed" + } + }, + "Credential Type is invalid": { + "value": { + "errorCode": "credential_fetch_error", + "errorMessage": "Invalid credential type configuration" + } + }, + "Exception occurred while fetching Issuer config": { + "value": { + "errorCode": "credential_download_error", + "errorMessage": "Unable to fetch issuer configuration" + } + }, + "Exception occurred when generating PDF": { + "value": { + "errorCode": "credential_download_error", + "errorMessage": "Failed to generate credential PDF" + } + }, + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + }, + "delete": { + "tags": [ + "Wallet Credentials" + ], + "summary": "Delete a credential from a wallet", + "description": "This endpoint allows you to delete a specific credential from a wallet. The API is secured using session-based authentication. The session ID is extracted from the Cookie header to authenticate the user. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. The wallet ID is validated against the session to ensure the user has access to the wallet. If the credential is successfully deleted, a 200 OK response is returned.", + "operationId": "deleteCredential", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the wallet containing the credential" + }, + { + "name": "credentialId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the credential to be deleted" + }, + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "responses": { + "200": { + "description": "Credential successfully deleted" + }, + "400": { + "description": "Provided request is invalid", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid Wallet Id": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID is not available in session" : { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + } + } + } + } + }, + "404": { + "description": "Credential not found", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Credential not found": { + "value": { + "errorCode": "resource_not_found", + "errorMessage": "The requested resource doesn’t exist." + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + } + } + } + }, + "/wallets": { + "post": { + "tags": [ + "Wallets" + ], + "summary": "Create a new wallet", + "description": "This API is secured using session-based authentication. The session ID is extracted from the Cookie header and used to retrieve session details from Redis for authentication. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. The user ID is then obtained from the session and along with the provided wallet name and PIN is used to create a new wallet in the database. If the wallet is created successfully, response including unique identifier of the wallet and and the provided name is returned otherwise an appropriate error response is provided.", + "operationId": "createWallet", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "requestBody": { + "required": true, + "description": "Wallet creation request containing the wallet name and wallet PIN", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateWalletRequestDto" + }, + "examples": { + "Create wallet request": { + "value": { + "walletPin": "1234", + "confirmWalletPin": "1234", + "walletName": "My Personal Wallet" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Wallet created successfully", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WalletResponseDTO" + }, + "examples": { + "Success response": { + "value": { + "walletId": "123e4567-e89b-12d3-a456-426614174000", + "walletName": "My Personal Wallet" + } + } + } + } + } + }, + "400": { + "description": "Invalid wallet creation request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid User ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "User ID cannot be null or empty" + } + }, + "Invalid Wallet name": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet name must be alphanumeric with allowed special characters" + } + }, + "Invalid Wallet PIN": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "PIN must be numeric with 6 digits" + } + }, + "Entered Pin and Confirm Pin Mismatch": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Entered PIN and Confirm PIN do not match" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized user creating a wallet", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID is not present in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "500": { + "description": "Internal server error while creating Wallet - error occurred while generating Wallet key or encrypting it with Wallet PIN", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + }, + "get": { + "tags": [ + "Wallets" + ], + "summary": "Retrieve all wallets for the user", + "description": "This API is secured using session-based authentication. Upon receiving a request, the session is first retrieved using the session ID extracted from the Cookie header to authenticate the user. Once authenticated, the user's ID is obtained from the session stored in Redis. Using this user ID, the API fetches all wallets associated with the user from the database and returns them. If an error occurs while retrieving the wallets, an appropriate error response is returned.", + "operationId": "getWallets", + "security": [ + { + "SessionAuth": [] + } + ], + "responses": { + "200": { + "description": "List of wallets retrieved successfully", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/WalletDetailsResponseDto" + } + }, + "examples": { + "Success response": { + "value": [ + { + "walletId": "123e4567-e89b-12d3-a456-426614174000", + "walletName": "My Personal Wallet", + "walletStatus": null + }, + { + "walletId": "223e4567-e89b-12d3-a456-426614174001", + "walletName": "Wallet Main", + "walletStatus": "temporarily_locked" + } + ] + } + } + } + } + }, + "400": { + "description": "Invalid Wallets fetching request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid User ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "User ID cannot be null or empty" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized user fetching wallets", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID is not present in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + } + }, + "/wallets/{walletId}": { + "delete": { + "tags": [ + "Wallets" + ], + "summary": "Delete a Wallet", + "description": "This endpoint allows you to delete a specific wallet. The API is secured using session-based authentication. The session ID is extracted from the Cookie header to authenticate the user. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. The user's ID is obtained from the session and used to validate ownership of the Wallet before deletion. If the Wallet is successfully deleted, a 200 OK response is returned; otherwise, an appropriate error response is returned.", + "operationId": "deleteWallet", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the Wallet to be deleted" + }, + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "responses": { + "200": { + "description": "Wallet successfully deleted" + }, + "401": { + "description": "Unauthorized user deleting a Wallet", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID not found in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "400": { + "description": "Invalid wallet deletion request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid User ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "User ID cannot be null or empty" + } + }, + "Invalid Wallet ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID not found in session": { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + }, + "Wallet not found in database": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet not found" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + } + } + } + }, + "/wallets/{walletId}/unlock": { + "post": { + "tags": [ + "Wallets" + ], + "summary": "Unlock an existing Wallet", + "description": "This API is secured using session-based authentication. Upon receiving a request, the session is first retrieved using the session ID extracted from the Cookie header to authenticate the user. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. Once authenticated, the user's ID is obtained from the session stored in Redis. Using this user ID along with the provided wallet ID and PIN, the corresponding wallet key is fetched and stored in the session. If successful then the API returns a response containing the wallet ID otherwise an appropriate error response is returned.", + "operationId": "unlockWallet", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "Unique identifier of the wallet to be unlocked", + "example": "123e4567-e89b-12d3-a456-426614174000" + }, + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UnlockWalletRequestDto" + }, + "examples": { + "Unlock wallet request": { + "value": { + "walletPin": "1234" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Wallet unlocked successfully", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WalletResponseDto" + }, + "examples": { + "Success response": { + "value": { + "walletId": "123e4567-e89b-12d3-a456-426614174000", + "walletName": "My Personal Wallet" + } + } + } + } + } + }, + "400": { + "description": "Invalid Wallet unlock request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Wallet not found": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Wallet not found" + } + }, + "Invalid User ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "User ID cannot be null or empty" + } + }, + "Invalid Wallet PIN": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "PIN must be numeric with 6 digits" + } + }, + "Incorrect Wallet PIN": { + "value": { + "errorCode": "invalid_pin", + "errorMessage": "Invalid PIN or wallet key provided" + } + }, + "Only one attempt left to unlock Wallet before Permanent Lockout": { + "value": { + "errorCode": "last_attempt_before_lockout", + "errorMessage": "Incorrect passcode. Last attempt remaining before your Wallet is permanently locked" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized user unlocking wallet", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID is not present in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "423": { + "description": "Wallet is locked temporarily or permanently", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Wallet is locked Temporarily": { + "value": { + "errorCode": "temporarily_locked", + "errorMessage": "You’ve reached the maximum number of attempts. Your wallet is now temporarily locked" + } + }, + "Wallet is locked Permanently": { + "value": { + "errorCode": "permanently_locked", + "errorMessage": "Your wallet has been permanently locked due to multiple failed attempts. Please click on forgot password to reset your wallet to continue" + } + } + } + } + } + }, + "500": { + "description": "Internal server error - any error occurred while decrypting the Wallet key with Wallet PIN or when fetching Wallet details from the database", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Database connection failure": { + "value": { + "errorCode": "database_unavailable", + "errorMessage": "Failed to connect to the database" + } + } + } + } + } + } + } + } + }, + "/wallets/{walletId}/presentations": { + "post": { + "tags": [ + "Wallet Presentations" + ], + "summary": "Processes Verifiable Presentation Authorization Request and provides details about the verifier and presentation.", + "description": "This API is secured using session-based authentication. Upon receiving a request, the session is first retrieved using the session ID extracted from the Cookie header to authenticate the user. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. Once authenticated, the API processes the received Verifiable Presentation Authorization Request from the Verifier for a specific wallet. It validates the session, verifies the authenticity of the request, and checks if the Verifier is pre-registered and trusted by the wallet. If all validations pass, the API returns a response containing the presentation details; otherwise, an appropriate error response is returned.", + "operationId": "processVPAuthorizationRequest", + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The unique identifier of the Wallet." + }, + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifiablePresentationAuthorizationRequest" + }, + "examples": { + "Verifier Verifiable Presentation Authorization Request": { + "value": { + "authorizationRequestUrl": "client_id=mock-client&presentation_definition_uri=https%3A%2F%2Finji-verify.collab.mosip.net%2Fverifier%2Fpresentation_definition_uri&response_type=vp_token&response_mode=direct_post&nonce=NHgLcWlae745DpfJbUyfdg%253D%253D&response_uri=https%3A%2F%2Finji-verify.collab.mosip.net%2Fverifier%2Fvp-response&state=pcmxBfvdPEcjFObgt%252BLekA%253D%253D" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully processed the Verifiable Presentation Authorization Request.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifiablePresentationResponseDTO" + }, + "examples": { + "Success response": { + "value": { + "presentationId": "123e4567-e89b-12d3-a456-426614174000", + "verifier": { + "id": "mock-client", + "name": "Requester name", + "logo": "https://api.collab.mosip.net/inji/verifier-logo.png", + "isTrusted": true, + "isPreregisteredWithWallet": true, + "redirectUri": "https://injiverify.collab.mosip.net/redirect" + } + } + } + } + } + } + }, + "400": { + "description": "Invalid request or missing required parameters.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "response_type is missing in Authorization request": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Missing Input: response_type param is required" + } + }, + "Invalid Wallet ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID not found in session": { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized user performing the Verifiable Presentation flow", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID is not present in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Failed to fetch pre-registered trusted verifiers": { + "value": { + "errorCode": "RESIDENT-APP-026", + "errorMessage": "Api not accessible failure" + } + }, + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + } + }, + "security": [ + { + "SessionAuth": [] + } + ] + } + }, + "/wallets/{walletId}/presentations/{presentationId}": { + "patch": { + "tags": [ + "Wallet Presentations" + ], + "summary": "Handles user submission or rejection of a presentation", + "description": "This API allows users to accept or reject a presentation request by selecting specific credentials. The API is secured using session-based authentication. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests. Upon acceptance, the system fetches the selected credentials, constructs and signs a VP token, shares it with the verifier, and stores the presentation record in the database.", + "operationId": "handlePresentationSubmission", + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The unique identifier of the Wallet." + }, + { + "name": "presentationId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The unique identifier of the Presentation." + }, + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "oneOf": [ + { "$ref": "#/components/schemas/PresentationSubmissionRequestDTO" }, + { "$ref": "#/components/schemas/Error" } + ] + }, + "examples": { + "Presentation Submission Request": { + "value": { + "selectedCredentials": ["cred-123", "cred-456"] + } + }, + "Rejection payload": { + "value": { + "errorCode": "access_denied", + "errorMessage": "User denied authorization to share credentials" + } + } + } + } + } + }, + "responses": { + "200": { + "description": "Successfully processed the presentation submission.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SubmitPresentationResponseDTO" + }, + "examples": { + "Success response": { + "value": { + "status": "success", + "redirectUri": "https://verifier.example.com/callback?state=af0ifjsldkj", + "message": "Presentation successfully submitted" + } + }, + "Response when successfully rejected": { + "value": { + "status": "success", + "redirectUri": "https://client.example.org/cb#response_code=091535f699ea575c7937fa5f0f454aee", + "message": "Presentation request rejected. An OpenID4VP error response has been sent to the verifier." + } + }, + "Response when an error occurs while submitting a rejection": { + "value": { + "status": "error", + "message": "Failed to submit Verifiable Presentation." + } + } + } + } + } + }, + "400": { + "description": "Invalid request or missing required parameters.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid Wallet ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Wallet ID not found in session": { + "value": { + "errorCode": "wallet_locked", + "errorMessage": "Wallet is locked" + } + }, + "Credential not found": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Credential not found: cred-123" + } + }, + "presentationId not found in session": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "presentationId not found in session" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized user performing the presentation submission", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID is not present in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Failed to process presentation submission": { + "value": { + "errorCode": "wallet_vp_submission_error", + "errorMessage": "Failed to process presentation submission: Error message" + } + }, + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + }, + "Failed to reject verifier": { + "value": { + "errorCode": "error", + "errorMessage": "Unable to process reject verifier request" + } + } + } + } + } + } + }, + "security": [ + { + "SessionAuth": [] + } + ] + } + }, + "/wallets/{walletId}/presentations/{presentationId}/credentials": { + "get": { + "tags": [ + "Wallet Presentations" + ], + "summary": "Get matching credentials for a presentation request", + "description": "This API retrieves credentials from the wallet that match the presentation definition requirements. It returns available credentials that can satisfy the presentation request along with any missing claims that are required but not available.", + "operationId": "getMatchingCredentials", + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The unique identifier of the Wallet." + }, + { + "name": "presentationId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The unique identifier of the Presentation." + } + ], + "responses": { + "200": { + "description": "Successfully retrieved matching credentials.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/MatchingCredentialsResponseDTO" + }, + "examples": { + "Success response": { + "value": { + "availableCredentials": [ + { + "credentialId": "cred-123", + "credentialTypeDisplayName": "W3C VC", + "credentialTypeLogo": "https://mosip.github.io/inji-config/logos/mosipid-logo.png", + "format": "ldp_vc" + } + ], + "missingClaims": ["$.type"] + } + } + } + } + } + }, + "400": { + "description": "Invalid request or missing required parameters.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Invalid Wallet ID": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" + } + }, + "Presentation not found": { + "value": { + "errorCode": "invalid_request", + "errorMessage": "Presentation not found in session" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized user performing the Verifiable Presentation flow", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "User ID is not present in session": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" + } + } + } + } + } + } + }, + "security": [ + { + "SessionAuth": [] + } + ] + } + }, + "/wallets/{walletId}/trusted-verifiers": { + "post": { + "tags": [ + "Wallet Trusted Verifiers" + ], + "summary": "Add a trusted verifier to a wallet", + "description": "Adds a trusted verifier for the specified wallet after validating the session and request. Requires an active session; the path walletId must match the wallet in session. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests.", + "operationId": "addTrustedVerifier", + "security": [ + { + "SessionAuth": [] + } + ], + "parameters": [ + { + "name": "walletId", + "in": "path", + "required": true, + "schema": { + "type": "string" + }, + "description": "The unique identifier of the wallet." + }, + { + "name": "X-XSRF-TOKEN", + "in": "header", + "required": false, + "schema": { + "type": "string" + }, + "description": "CSRF token obtained from the XSRF-TOKEN cookie set by the server on GET requests." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TrustedVerifierRequest" + }, + "examples": { + "Trusted Verifier Request": { + "value": { + "verifierId": "mock-client" + } + } + } } } - ], - "description": "This API fetches and allows searching for Credential Types offered by the issuer, all sourced from the issuer's well-known configuration.", + }, "responses": { - "200": { - "description": "OK", + "201": { + "description": "Trusted verifier created successfully", "content": { "application/json": { "schema": { - "type": "object", - "properties": { - "supportedCredentials": [ - { - "format": "string", - "id": "string", - "scope": "string", - "display": [ - { - "name": "string", - "logo": { - "url": "string", - "alt_text": "string" - }, - "locale": "string", - "background_color": "string", - "text_color": "string" - } - ], - "proof_types_supported": [ - "string" - ], - "credential_definition": { - "type": [ - "string" - ], - "credentialSubject": { - "additionalProp1": { - "display": [ - { - "name": "string", - "locale": "string" - } - ] - }, - "additionalProp2": { - "display": [ - { - "name": "string", - "locale": "string" - } - ] - }, - "additionalProp3": { - "display": [ - { - "name": "string", - "locale": "string" - } - ] - } - } - } - } - ], - "authorization_endpoint": "string" - }, - "errors": { - "type": "null" - } + "$ref": "#/components/schemas/TrustedVerifierResponseDTO" }, - "x-examples": { - "Example 1": { - "supportedCredentials": [ - { - "format": "ldp_vc", - "id": "InsuranceCredential", - "scope": "sunbird_rc_insurance_vc_ldp", - "display": [ - { - "name": "MOSIP Insurance", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "insurance logo" - }, - "locale": "en", - "background_color": "#fafcff", - "text_color": "#00284d" - } - ], - "proof_types_supported": [ - "jwt" - ], - "credential_definition": { - "type": [ - "VerifiableCredential", - "InsuranceCredential" - ], - "credentialSubject": { - "fullName": { - "display": [ - { - "name": "Full Name", - "locale": "en" - } - ] - }, - "policyName": { - "display": [ - { - "name": "Policy Name", - "locale": "en" - } - ] - }, - "policyNumber": { - "display": [ - { - "name": "Policy Number", - "locale": "en" - } - ] - }, - "gender": { - "display": [ - { - "name": "Gender", - "locale": "en" - } - ] - }, - "expiresOn": { - "display": [ - { - "name": "Expiry Date", - "locale": "en" - } - ] - }, - "dob": { - "display": [ - { - "name": "Date Of Birth", - "locale": "en" - } - ] - } - } - } - }, - { - "format": "ldp_vc", - "id": "LifeInsuranceCredential_ldp", - "scope": "life_insurance_vc_ldp", - "display": [ - { - "name": "Sunbird Life Insurance", - "logo": { - "url": "https://sunbird.org/images/sunbird-logo-new.png", - "alt_text": "Sunbird life insurance logo" - }, - "locale": "en", - "background_color": "#fefcfa", - "text_color": "#7C4616" - } - ], - "proof_types_supported": [ - "jwt" - ], - "credential_definition": { - "type": [ - "VerifiableCredential", - "LifeInsuranceCredential" - ], - "credentialSubject": { - "fullName": { - "display": [ - { - "name": "Full Name", - "locale": "en" - } - ] - }, - "policyName": { - "display": [ - { - "name": "Policy Name", - "locale": "en" - } - ] - }, - "policyNumber": { - "display": [ - { - "name": "Policy Number", - "locale": "en" - } - ] - }, - "gender": { - "display": [ - { - "name": "Gender", - "locale": "en" - } - ] - }, - "policyExpiresOn": { - "display": [ - { - "name": "Expiry Date", - "locale": "en" - } - ] - }, - "dob": { - "display": [ - { - "name": "Date Of Birth", - "locale": "en" - } - ] - } - } - } - } - ], - "authorization_endpoint": "http://localhost:8088/authorize" + "examples": { + "Success response": { + "value": { + "id": "2d598dfc-7218-cb7a7afd5a07" + } } + } + } + } + }, + "400": { + "description": "Invalid request or missing required parameters", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" }, "examples": { - "Success response": { + "Missing verifierId": { "value": { - "id": "mosip.resident.vid", - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:08:14.846Z", - "metadata": null, - "response": { - "supportedCredentials": [ - { - "format": "ldp_vc", - "id": "InsuranceCredential", - "scope": "sunbird_rc_insurance_vc_ldp", - "display": [ - { - "name": "MOSIP Insurance", - "logo": { - "url": "https://api.collab.mosip.net/inji/mosip-logo.png", - "alt_text": "insurance logo" - }, - "locale": "en", - "background_color": "#fafcff", - "text_color": "#00284d" - } - ], - "proof_types_supported": [ - "jwt" - ], - "credential_definition": { - "type": [ - "VerifiableCredential", - "InsuranceCredential" - ], - "credentialSubject": { - "fullName": { - "display": [ - { - "name": "Full Name", - "locale": "en" - } - ] - }, - "policyName": { - "display": [ - { - "name": "Policy Name", - "locale": "en" - } - ] - }, - "policyNumber": { - "display": [ - { - "name": "Policy Number", - "locale": "en" - } - ] - }, - "gender": { - "display": [ - { - "name": "Gender", - "locale": "en" - } - ] - }, - "expiresOn": { - "display": [ - { - "name": "Expiry Date", - "locale": "en" - } - ] - }, - "dob": { - "display": [ - { - "name": "Date Of Birth", - "locale": "en" - } - ] - } - } - } - }, - { - "format": "ldp_vc", - "id": "LifeInsuranceCredential_ldp", - "scope": "life_insurance_vc_ldp", - "display": [ - { - "name": "Sunbird Life Insurance", - "logo": { - "url": "https://sunbird.org/images/sunbird-logo-new.png", - "alt_text": "Sunbird life insurance logo" - }, - "locale": "en", - "background_color": "#fefcfa", - "text_color": "#7C4616" - } - ], - "proof_types_supported": [ - "jwt" - ], - "credential_definition": { - "type": [ - "VerifiableCredential", - "LifeInsuranceCredential" - ], - "credentialSubject": { - "fullName": { - "display": [ - { - "name": "Full Name", - "locale": "en" - } - ] - }, - "policyName": { - "display": [ - { - "name": "Policy Name", - "locale": "en" - } - ] - }, - "policyNumber": { - "display": [ - { - "name": "Policy Number", - "locale": "en" - } - ] - }, - "gender": { - "display": [ - { - "name": "Gender", - "locale": "en" - } - ] - }, - "policyExpiresOn": { - "display": [ - { - "name": "Expiry Date", - "locale": "en" - } - ] - }, - "dob": { - "display": [ - { - "name": "Date Of Birth", - "locale": "en" - } - ] - } - } - } - } - ], - "authorization_endpoint": "http://localhost:8088/authorize" - }, - "errors": null + "errorCode": "invalid_request", + "errorMessage": "Missing Input: verifierId is required" } }, - "Failure response": { + "Invalid Wallet ID": { "value": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:07:34.789Z", - "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RESIDENT-APP-026", - "errorMessage": "Api not accessible failure" - } - ] + "errorCode": "invalid_request", + "errorMessage": "Invalid Wallet ID. Session and request Wallet ID do not match" } }, - "Failure response 2": { + "Duplicate verifier": { "value": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:07:34.789Z", - "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RESIDENT-APP-035", - "errorMessage": "Invalid issuer ID" - } - ] + "errorCode": "duplicate_verifier", + "errorMessage": "Verifier is already trusted for this wallet" + } + } + } + } + } + }, + "401": { + "description": "Unauthorized - session invalid or missing user", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unauthorized": { + "value": { + "errorCode": "unauthorized", + "errorMessage": "User ID not found in session" + } + } + } + } + } + }, + "500": { + "description": "Internal server error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" + }, + "examples": { + "Unexpected Server Error": { + "value": { + "errorCode": "internal_server_error", + "errorMessage": "We are unable to process request now" } } } @@ -2605,92 +4795,86 @@ } } }, - "/issuers/{issuer-id}/credentials/{credentialType}/download": { - "get": { - "operationId": "generatePdfForVC", - "parameters": [ + "/auth/{provider}/token-login": { + "post": { + "tags": ["OAuth2 Authentication"], + "summary": "Login and create session using OAuth2 ID token", + "description": "This API accepts an OAuth2 ID token in the Authorization header and establishes a session by populating Spring Security context.\n\nFetch the ID token from a supported OAuth2 provider (such as Google or Microsoft) and provide it in the request as a Bearer token.", + "operationId": "loginWithOAuth2IdToken", + "security": [ { - "name": "Bearer", - "in": "header", - "required": true, - "schema": { - "type": "string" - } - }, + "bearerAuth": [] + } + ], + "parameters": [ { - "name": "issuer-id", + "name": "provider", "in": "path", "required": true, "schema": { - "type": "string" - } + "type": "string", + "example": "google" + }, + "description": "The OAuth2 provider to use for login. Example values: 'google', 'microsoft', 'facebook'." }, { - "name": "credentialType", - "in": "path", + "name": "Authorization", + "in": "header", "required": true, "schema": { - "type": "string" - } + "type": "string", + "example": "Bearer " + }, + "description": "The OAuth2 ID token that must be provided in the 'Authorization' header, prefixed with 'Bearer '." } ], - "description": "This API is responsible for generating PDFs for the received VC content. It fetches display properties from the well-known configuration of the issuer and incorporates them into the predefined template of the PDF file.", "responses": { "200": { - "description": "OK", + "description": "Successfully logged in and session created", "content": { - "application/pdf": { + "application/json": { "schema": { "type": "string", - "format": "binary" + "description": "Success message indicating that the session has been created" + }, + "examples": { + "Success response": { + "value": "Session created." + } + } + } + } + }, + "400": { + "description": "Bad Request - Missing/invalid header or unsupported provider.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Error" }, "examples": { - "Failure response 1": { + "UnsupportedProvider": { "value": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:07:34.789Z", - "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RESIDENT-APP-036", - "errorMessage": "Invalid Credential Type Id" - } - ] + "errorCode": "INVALID_REQUEST", + "errorMessage": "Unsupported provider: provider123" } }, - "Failure response 2": { + "MissingToken": { "value": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:07:34.789Z", - "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RESIDENT-APP-026", - "errorMessage": "Api not accessible failure" - } - ] + "errorCode": "INVALID_REQUEST", + "errorMessage": "Bearer ID token required." } }, - "Failure response 3": { + "InvalidToken": { "value": { - "id": null, - "version": "v1", - "str": null, - "responsetime": "2022-10-31T05:07:34.789Z", - "metadata": null, - "response": null, - "errors": [ - { - "errorCode": "RESIDENT-APP-028", - "errorMessage": "error occured while signing pdf" - } - ] + "errorCode": "invalid_token", + "errorMessage": "An error occurred while attempting to decode the Jwt: Signed JWT rejected: Invalid signature" + } + }, + "ExpiredToken": { + "value": { + "errorCode": "invalid_token", + "errorMessage": "An error occurred while attempting to decode the Jwt: Jwt expired at 2025-06-10T12:00:00Z" } } } @@ -2702,110 +4886,425 @@ } }, "components": { + "securitySchemes": { + "SessionAuth": { + "type": "apiKey", + "in": "cookie", + "name": "SESSION", + "description": "Session-based authentication using a session ID stored in the cookie. The client must send the 'SESSION' cookie (e.g., SESSION=) with each request. For state-changing requests (POST, PUT, DELETE, PATCH), a valid CSRF token must also be included in the X-XSRF-TOKEN header. The CSRF token can be obtained from the XSRF-TOKEN cookie set by the server on GET requests (e.g., by calling GET /issuers or GET /wallets)." + }, + "bearerAuth": { + "type": "http", + "scheme": "bearer", + "bearerFormat": "JWT", + "description": "JWT-based authentication. Use a valid OAuth2 ID token (e.g., from Google or Microsoft) in the Authorization header as a Bearer token. Example: 'Authorization: Bearer eyJhbGciOi...'. This token will be used to authenticate the user and establish a session." + } + }, "schemas": { - "AppVIDGenerateRequestDTO": { + "UserMetadataDTO": { "type": "object", "properties": { - "individualId": { - "type": "string" + "display_name": { + "type": "string", + "description": "The display name of the user provided by the Identity Provider" }, - "individualIdType": { - "type": "string" + "profile_picture_url": { + "type": "string", + "format": "uri", + "description": "The URL of the user's profile picture provided by the Identity Provider" }, - "otp": { - "type": "string" + "email": { + "type": "string", + "format": "email", + "description": "The email address of the user provided by the Identity Provider" }, - "vidType": { - "type": "string" + "walletId": { + "type": "string", + "format": "email", + "description": "The unique identifier of the user's wallet. This is available if data is fetched from session else its null" + } + } + }, + "VerifiableCredentialRequestDTO": { + "type": "object", + "properties": { + "issuer": { + "type": "string", + "description": "The unique identifier of the issuer" }, - "transactionID": { - "type": "string" + "credentialConfigurationId": { + "type": "string", + "description": "The unique identifier of the credential type from the issuer well-known configuration" + }, + "code": { + "type": "string", + "description": "The authorization code received from the authorization server" + }, + "grantType": { + "type": "string", + "description": "The grant type for the authorization request" + }, + "redirectUri": { + "type": "string", + "description": "The redirect URI for the authorization request" + }, + "codeVerifier": { + "type": "string", + "description": "The code verifier used for PKCE (Proof Key for Code Exchange)" + } + }, + "required": [ + "issuer", + "credentialConfigurationId", + "code", + "grantType", + "redirectUri", + "codeVerifier" + ] + }, + "VerifiableCredentialResponseDTO": { + "type": "object", + "properties": { + "issuerDisplayName": { + "type": "string", + "description": "Name of the Issuer" + }, + "issuerLogo": { + "type": "string", + "description": "Logo of the Issuer" + }, + "credentialTypeDisplayName": { + "type": "string", + "description": "The name of the Credential Type issued by the Issuer" + }, + "credentialTypeLogo": { + "type": "string", + "description": "Logo of the Credential Type" + }, + "credentialId": { + "type": "string", + "description": "Unique Identifier of the Credential in the database" } } }, - "AppOTPRequestDTO": { + "CreateWalletRequestDto": { "type": "object", "properties": { - "individualId": { - "type": "string" + "walletPin": { + "type": "string", + "description": "PIN used to unlock the Wallet" }, - "individualIdType": { - "type": "string" + "confirmWalletPin": { + "type": "string", + "description": "Re-entered PIN used to confirm the Wallet PIN" }, - "otpChannel": { + "walletName": { + "type": "string", + "description": "Name of the Wallet" + } + }, + "required": [ + "walletPin", + "confirmWalletPin" + ] + }, + "WalletResponseDTO": { + "type": "object", + "properties": { + "walletId": { + "type": "string", + "description": "Unique identifier of the Wallet" + }, + "walletName": { + "type": "string", + "description": "Wallet name provided by the user" + } + } + }, + "UnlockWalletRequestDto": { + "type": "object", + "properties": { + "walletName": { + "type": "string", + "description": "Name of the Wallet" + }, + "walletPin": { + "type": "string", + "description": "PIN used to unlock the Wallet" + } + }, + "required": [ + "walletPin" + ] + }, + "WalletResponseDto": { + "type": "object", + "properties": { + "walletId": { + "type": "string", + "description": "Unique identifier of the Wallet" + }, + "walletName" : { + "type": "string", + "description": "Name of the Wallet" + } + } + }, + "WalletDetailsResponseDto": { + "type": "object", + "properties": { + "walletId": { + "type": "string", + "description": "Unique identifier of the Wallet" + }, + "walletName" : { + "type": "string", + "description": "Name of the Wallet" + }, + "walletStatus": { + "type": "string", + "description": "Wallet status indicating if it is locked or unlocked", + "enum": ["active", "temporarily_locked", "permanently_locked", "ready_for_unlock"], + "nullable": true + } + } + }, + "VerifiablePresentationAuthorizationRequest": { + "type": "object", + "properties": { + "authorizationRequestUrl": { + "type": "string", + "description": "The complete authorization request URL received from the Verifier" + } + }, + "required": [ + "authorizationRequestUrl" + ] + }, + "VerifiablePresentationResponseDTO": { + "type": "object", + "properties": { + "presentationId": { + "type": "string", + "description": "Unique identifier for the verifiable presentation request" + }, + "verifier": { + "$ref": "#/components/schemas/VerifiablePresentationVerifierDTO" + } + } + }, + "VerifiablePresentationVerifierDTO": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "The client ID of the verifier" + }, + "name": { + "type": "string", + "description": "The name of the verifier" + }, + "logo": { + "type": "string", + "format": "uri", + "description": "The logo URI of the verifier" + }, + "isTrusted": { + "type": "boolean", + "description": "Indicates if the verifier is trusted by the wallet" + }, + "isPreregisteredWithWallet": { + "type": "boolean", + "description": "Indicates if the verifier is pre-registered with the wallet" + }, + "redirectUri": { + "type": "string", + "format": "uri", + "description": "The redirect URI provided in the authorization request to redirect the User back to Verifier" + } + } + }, + "PresentationSubmissionRequestDTO": { + "type": "object", + "properties": { + "selectedCredentials": { "type": "array", "items": { "type": "string" + }, + "description": "List of selected credential IDs for presentation", + "example": ["cred-123", "cred-456"] + } + }, + "required": [ + "selectedCredentials" + ] + }, + "IssuerConfigurationSuccessResponse": { + "type": "object", + "properties": { + "response": { + "type": "object", + "properties": { + "credentials_supported": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Credential" + } + }, + "authorization_endpoint": { + "type": "string", + "format": "uri" + }, + "grant_types_supported": { + "type": "array", + "items": { + "type": "string" + } + } } }, - "transactionID": { - "type": "string" + "errors": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Error" + }, + "example": [] } } }, - "IndividualIdOtpRequestDTO": { + "IssuerConfigurationErrorResponse": { "type": "object", "properties": { - "aid": { - "type": "string" + "response": { + "type": "object", + "nullable": true }, - "otpChannel": { + "errors": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/Error" } - }, - "transactionID": { - "type": "string" } } }, - "AuthUnlockRequestDTO": { + "IssuerV2DTO": { "type": "object", + "description": "Minimal issuer representation (V2 API). Data from mimoto-issuers-config only.", "properties": { - "transactionID": { - "type": "string" - }, - "individualIdType": { - "type": "string" + "issuer_id": { "type": "string", "description": "Unique identifier of the issuer" }, + "protocol": { "type": "string", "description": "Download flow protocol", "enum": ["OTP", "OpenId4VCI"] }, + "display": { + "type": "array", + "description": "Display properties of the issuer.", + "items": { + "type": "object", + "description": "Localized display entry for the issuer.", + "properties": { + "name": { "type": "string", "description": "Display name of the issuer." }, + "logo": { + "type": "object", + "description": "Display logo of the issuer.", + "properties": { + "url": { "type": "string", "description": "URL of the issuer logo image." }, + "alt_text": { "type": "string", "description": "Alternate text for the logo (accessibility)." } + } + }, + "title": { "type": "string", "description": "Display title of the issuer." }, + "description": { "type": "string", "description": "Short description of the issuer." }, + "language": { "type": "string", "description": "Language code for this display entry (e.g. en, fr)." } + } + } }, - "individualId": { + "client_id": { "type": "string", "description": "Onboarded Mimoto OIDC client ID" }, + "token_endpoint": { "type": "string", "description": "Token endpoint URL" }, + "client_alias": { "type": "string", "description": "Client alias in keyStore" }, + "qr_code_type": { "type": "string", "enum": ["OnlineSharing", "EmbeddedVC", "None"] }, + "enabled": { "type": "string", "description": "Whether issuer is enabled (\"true\", \"false\")" }, + "credential_issuer_host": { "type": "string", "description": "Credential issuer host URL" } + } + }, + "Credential": { + "type": "object", + "properties": { + "name": { "type": "string" }, - "otp": { + "scope": { "type": "string" }, - "authType": { + "display": { "type": "array", "items": { - "type": "string" + "$ref": "#/components/schemas/Display" } + } + } + }, + "Display": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "locale": { + "type": "string" }, - "unlockForSeconds": { + "logo": { "type": "string" } } }, - "AuthLockRequestDTO": { + "Error": { "type": "object", "properties": { - "transactionID": { + "errorCode": { + "type": "string", + "description": "It represents the type or category of the error" + }, + "errorMessage": { + "type": "string", + "description": "A human-readable message providing more details about the error" + } + } + }, + "AppVIDGenerateRequestDTO": { + "type": "object", + "properties": { + "individualId": { "type": "string" }, "individualIdType": { "type": "string" }, + "otp": { + "type": "string" + }, + "vidType": { + "type": "string" + }, + "transactionID": { + "type": "string" + } + } + }, + "AppOTPRequestDTO": { + "type": "object", + "properties": { "individualId": { "type": "string" }, - "otp": { + "individualIdType": { "type": "string" }, - "authType": { + "otpChannel": { "type": "array", "items": { "type": "string" } + }, + "transactionID": { + "type": "string" } } }, @@ -2857,6 +5356,9 @@ "JsonNode": { "type": "object" }, + "StringNode": { + "type": "string" + }, "Event": { "type": "object", "properties": { @@ -2935,7 +5437,84 @@ "type": "string" } } + }, + "MatchingCredentialsResponseDTO": { + "type": "object", + "properties": { + "availableCredentials": { + "type": "array", + "description": "List of credentials that match the presentation definition", + "items": { + "$ref": "#/components/schemas/AvailableCredentialDTO" + } + }, + "missingClaims": { + "type": "array", + "description": "List of claims that are required but not available in any credential", + "items": { + "type": "string" + } + } + } + }, + "AvailableCredentialDTO": { + "type": "object", + "properties": { + "credentialId": { + "type": "string", + "description": "Unique identifier of the credential" + }, + "credentialTypeDisplayName": { + "type": "string", + "description": "Display name of the credential type" + }, + "credentialTypeLogo": { + "type": "string", + "format": "uri", + "description": "Logo URL for the credential type" + }, + "format": { + "type": "string", + "description": "Format of the credential (e.g., ldp_vc, vc+sd-jwt, dc+sd-jwt)", + "example": "ldp_vc" + } + } + }, + "TrustedVerifierRequest": { + "type": "object", + "properties": { + "verifierId": { + "type": "string", + "description": "Unique client id of the verifier" + } + }, + "required": [ + "verifierId" + ] + }, + "TrustedVerifierResponseDTO": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Unique ID generated after creating database record for the verifier" + } + }, + "required": [ + "id" + ] + } + , + "SubmitPresentationResponseDTO": { + "type": "object", + "properties": { + "status": { "type": "string", "description": "Status of the presentation submission request (for example success, error)" }, + "message": { "type": "string", "description": "Human readable message describing the result for successful submission or rejected by user" }, + "redirectUri": { "type": "string", "description": "Redirect URI provided to the verifier", "nullable": true } + }, + "required": [ "status", "message" ] } } - } -} + }, + "x-internal": true +} \ No newline at end of file diff --git a/.gitbook/assets/verify-decode.png b/.gitbook/assets/verify-decode.png index e37b2f8..64bc248 100644 Binary files a/.gitbook/assets/verify-decode.png and b/.gitbook/assets/verify-decode.png differ diff --git a/.gitbook/assets/wallet-encode.png b/.gitbook/assets/wallet-encode.png index 0dbf86e..6159db3 100644 Binary files a/.gitbook/assets/wallet-encode.png and b/.gitbook/assets/wallet-encode.png differ diff --git a/SUMMARY.md b/SUMMARY.md index 71b4c3a..3d900f5 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -114,9 +114,9 @@ * [Specifications](inji-wallet/inji-mobile/technical-overview/specifications/README.md) * [Face SDK Specifications](inji-wallet/inji-mobile/technical-overview/specifications/face-sdk-specifications.md) * [Backend Services](inji-wallet/inji-mobile/technical-overview/backend-services/README.md) - * [Mimoto](inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md) - * [eSignet](inji-wallet/inji-mobile/technical-overview/backend-services/esignet.md) - * [Inji Certify](inji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.md) + * [Inji Wallet Backend (Mimoto)](inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md) + * [Authorization Server for Authentication Using Inji Wallet Credentials](inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md) + * [Credential Issuer](inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md) * [Customizations](inji-wallet/inji-mobile/technical-overview/customization-overview/README.md) * [Workflow customization](inji-wallet/inji-mobile/technical-overview/customization-overview/workflow-customization.md) * [UI customization](inji-wallet/inji-mobile/technical-overview/customization-overview/ui-customization.md) diff --git a/inji-wallet/inji-mobile/technical-overview/backend-services/README.md b/inji-wallet/inji-mobile/technical-overview/backend-services/README.md index f2acc16..de39adc 100644 --- a/inji-wallet/inji-mobile/technical-overview/backend-services/README.md +++ b/inji-wallet/inji-mobile/technical-overview/backend-services/README.md @@ -4,6 +4,6 @@ This section contains the guides and information that could benefit the develope For more information on backend systems, read through: -1. [Mimoto service](mimoto.md) -2. [esignet service](esignet.md) -3. [Inji Certify](inji-certify.md#overview) +1. [Inji Wallet Backend (Mimoto)](./mimoto.md) +2. [Authorization Server for Authentication Using Inji Wallet Credentials](./login-using-credential.md) +3. [Credential Issuer](issuer.md#overview) diff --git a/inji-wallet/inji-mobile/technical-overview/backend-services/esignet.md b/inji-wallet/inji-mobile/technical-overview/backend-services/esignet.md deleted file mode 100644 index e714a11..0000000 --- a/inji-wallet/inji-mobile/technical-overview/backend-services/esignet.md +++ /dev/null @@ -1,31 +0,0 @@ -# eSignet - -The eSignet service is utilized by Inji Wallet for online login. Users have the ability to log in to any service provider portal that is integrated with eSignet. - -## Online login - -### QR code scanning and login to the service provider portal - -The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code. - -After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code. - -#### Link Transaction endpoint V2 - -{% openapi-operation spec="api" path="/linked-authorization/v2/link-transaction" method="post" %} -[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) -{% endopenapi-operation %} - -After successfully completing the offline face authentication and selecting the required and optional information, the two specified APIs are invoked. - -#### Linked Authentication Endpoint V2 - -{% openapi-operation spec="api" path="/linked-authorization/v2/authenticate" method="post" %} -[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) -{% endopenapi-operation %} - -#### Linked Consent Endpoint V2 - -{% openapi-operation spec="api" path="/linked-authorization/v2/consent" method="post" %} -[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) -{% endopenapi-operation %} diff --git a/inji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.md b/inji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.md deleted file mode 100644 index 8b3ddfa..0000000 --- a/inji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.md +++ /dev/null @@ -1,26 +0,0 @@ -# Inji Certify - -## Overview - -The Inji Certify service is utilized by Inji Wallet for downloading the VC. - -### Download VC - -The user is currently on the `Add new card` screen and chooses an issuer(For example, Republic of Veridonia National ID Department). - -* Inji Wallet utilizes the `react-native-app-auth` library for authorization flow. - * It first redirects the user to the authorization server configured respective to the Issuer (For example, e-Signet). - * The user performs authentication (For example, on the eSignet UI, the input the necessary information such as a unique ID and OTP (One-time Password)). - * Post successful authentication, the user is redirected back to the Inji Wallet app with an authorization code. - * Inji Wallet then exchanges the authorization code for an access token. -* Using the access token, Inji Wallet makes a request to the credential endpoint from Inji Certify to download the credential. - -#### VC Issuance endpoint - -{% openapi-operation spec="api" path="/vci/credential" method="post" %} -[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) -{% endopenapi-operation %} - -For credential request, refer credential\_endpoint attribute in issuer's configuration response. - -Read More diff --git a/inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md b/inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md new file mode 100644 index 0000000..4fdb395 --- /dev/null +++ b/inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md @@ -0,0 +1,33 @@ +# Issuer + +## Overview + +The **Issuer** is one of the backend services that Inji Wallet interacts with to obtain Verifiable Credentials (VCs). As defined by the **OpenID for Verifiable Credential Issuance (OpenID4VCI)** specification, an Issuer is responsible for issuing credentials to eligible users. + +Within the Inji ecosystem, **Inji Certify** acts as the Issuer. It exposes the OpenID4VCI endpoints that Inji Wallet uses to request and download issued Verifiable Credentials. User authentication is handled by a separate authorization server (eSignet) before the credential issuance process begins. Once downloaded, Inji Wallet securely stores and manages these credentials on the user's device. + +## Credential Download Flow + +The following steps describe how Inji Wallet downloads a Verifiable Credential from an Issuer. + +1. The user opens the **Add New Card** screen in Inji Wallet and selects an issuer (for example, *Republic of Veridonia National ID Department*). + +2. Inji Wallet initiates the authorization flow. + * The wallet redirects the user to the authorization server configured for the selected issuer (for example, **eSignet**). + * The user authenticates using the configured authentication mechanism, such as a unique identifier and a One-Time Password (OTP). + * Upon successful authentication, the authorization server redirects the user back to Inji Wallet with an authorization code. + * Inji Wallet exchanges the authorization code for an access token. + +3. Using the access token, Inji Wallet invokes the Issuer's credential endpoint exposed by **Inji Certify** to download the issued Verifiable Credential. + +### Credential Endpoint + +The credential issuance endpoint is designed in accordance with the OpenID for Verifiable Credential Issuance (OpenID4VCI) specification. The endpoint URL is provided in the Issuer Metadata response through the `credential_endpoint` attribute. + +#### VC Issuance Endpoint + +{% openapi-operation spec="api" path="/vci/credential" method="post" %} +[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) +{% endopenapi-operation %} + +> **For more details**: Refer to the [Inji Certify Documentation](../../../../inji-certify/overview/README.md) to understand credential issuance workflows. diff --git a/inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md b/inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md new file mode 100644 index 0000000..51cb0c4 --- /dev/null +++ b/inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md @@ -0,0 +1,79 @@ +# Online Login + +## Overview + +**Online Login** enables users to securely access digital services using a verifiable credential stored in the Inji Wallet. Instead of using traditional usernames and passwords, users can authenticate themselves by presenting a trusted digital credential, completing user verification, and consenting to share only the required information with the service provider. + +--- + +## Example Use Case +This use case is applicable to any service provider portal that supports wallet-based authentication through a compatible Authorization Server (AS). + +The following example demonstrates the online login flow within the Inji ecosystem using **eSignet** as the Authorization Server. + +* **Authorization Server (AS):** eSignet +* **Service Provider:** Health ID Services Portal +* **Credential Issuer:** Republic of Veridonia National ID Department +* **Credential:** Veridonia National ID + +In this example, a user downloads the Veridonia National ID credential into the Inji Wallet and later uses it to securely sign in to the Health ID Services Portal. + +--- + +## User Journey + +1. Open the **Inji Wallet** application. +2. Tap the **+** button and download a credential from the **Republic of Veridonia National ID Department**. +3. After the credential is downloaded, open the credential menu (⋮) and activate it. +4. Open the **Health ID Services** portal and select **Sign in with eSignet**. +5. A QR code is displayed on the portal. Using the Inji Wallet, scan the QR code from the **Share** tab or the credential's **QR Login** option. +6. Complete the face authentication. +7. Review the requested claims and choose the information to share. +8. Provide consent. +9. The requested claims are securely shared, and the user is successfully signed in to the Health ID Services portal. + +--- + +## APIs Involved + +The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code. + + +### Link Login Transaction +After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code. + +{% openapi-operation spec="api" path="/linked-authorization/v2/link-transaction" method="post" %} +[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) +{% endopenapi-operation %} + +### Authenticate User + +After successful face authentication, the wallet authenticates the user. + +{% openapi-operation spec="api" path="/linked-authorization/v2/authenticate" method="post" %} +[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) +{% endopenapi-operation %} + +### Submit User Consent + +Once the user approves the requested claims, the wallet submits the consent. + +{% openapi-operation spec="api" path="/linked-authorization/v2/consent" method="post" %} +[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) +{% endopenapi-operation %} + +--- + +## Benefits + +* Passwordless authentication using digital credentials. +* User-controlled sharing of identity attributes. +* Explicit consent before any information is shared. +* Reusable across multiple service provider portals. +* Secure authentication using trusted verifiable credentials. + +--- + +## Reference + +For details about the Wallet Authentication APIs, refer to the [eSignet Wallet Authenticator documentation](https://docs.esignet.io/esignet-authentication/develop/integration/wallet/wallet-authenticator#wallet-authentication-apis) diff --git a/inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md b/inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md index 3438314..67d63b1 100644 --- a/inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md +++ b/inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md @@ -1,4 +1,4 @@ -# Mimoto +# Inji Wallet Backend - Mimoto Mimoto is a BFF(Backend for Frontend) for Inji Wallet. It's being used to get default configuration, download verifiable credentials (VC) and activate VC.\ It provides all necessary APIs to the Inji Wallet and acts as a proxy for resident services. Mimoto gets the request from Inji Wallet, performs all the validations and forwards it to respective services. Additionally, it subscribes to the web-sub event to be able to download the VC once it's ready. @@ -7,49 +7,126 @@ Detailed API documentation of Mimoto is available [here](https://mosip.stoplight ## Support for downloading VC from multiple Issuers -* To get a list of issuers, [this](https://mosip.stoplight.io/docs/mimoto/67ec1f78ee034-list-issuers) API is called. For retrieving the credential types and display properties, `.well-known` location is referred for every issuer from the [mimoto-issuers-config.json](https://github.com/mosip/mosip-config/blob/collab/mimoto-issuers-config.json) +### Issuers Listing + +The user is currently on the `+` button on the Home screen, which will open `Add new card` screen, where all the issuers are displayed Below issuers list API gives out all the issuers list + +{% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/issuers" method="get" %} +[mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) +{% endswagger %} + +### Retrieve accessToken for OIDC flow +This endpoint exchanges an OAuth 2.0 authorization code for an access token as part of the OpenID4VCI authorization flow for a Mimoto client registered with an Authorization Server (AS). + +The issuer name is used to resolve the corresponding Authorization Server and its token endpoint from the issuer configuration (`issuers-config.json`). The client authenticates with the Authorization Server using the same cryptographic key pair that was registered during client registration. The token request includes a signed client assertion JWT to authenticate the client before the Authorization Server issues an access token. + +{% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/get-token/{issuer}" method="post" %} +[mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) +{% endswagger %} -### Download via eSignet +## Online Login -Inji Wallet allows the users to download VC by redirecting the user to eSignet UI. Multiple APIs are being called to complete the process in the backend. +A use case exists where a credential is activated or bound to an Authorization Server, enabling users to access an online service by authenticating with that bound credential. -* Inji Wallet initiates authenticate API by redirecting users to eSignet UI. On eSignet UI, user is given option to enter the unique ID, the user is asked to enter an OTP on the next screen. In the backend, token API is called to get a token. Refer [here](https://docs.esignet.io/integration/wallet/credential-holder) for more details. -* After getting a token response, Inji Wallet initiates a download request. Refer[ here](https://docs.mosip.io/inji/inji-mobile-wallet/backend-services/esignet#download-vc) +Within the Inji ecosystem, this is available as the **Veridonia National ID use case**. In this flow, **eSignet** acts as the Authorization Server for the MOSIP/National ID credential issued through **Inji Certify**. Users can use this credential to authenticate and log in to service such as Health ID platforms. + + +### Activate credentials -## Activate credentials Credentials have to be activated in order to use them for online login. When a user selects **Activate** option, an OTP is sent to the user and credentials are activated. * To send an OTP to a user, the below API is called. -{% openapi src="../../../../.gitbook/assets/mimoto (1).json" path="/binding-otp" method="post" %} -[mimoto (1).json](<../../../../.gitbook/assets/mimoto (1).json>) -{% endopenapi %} +{% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/binding-otp" method="post" %} +[mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) +{% endswagger %} * After successful OTP validation, a keypair is generated in the phone and the public key is synced with server. The mimoto receives a certificate and create thumbprint which it stores in the keystore securely. This is called as the **activation process.** -{% openapi src="../../../../.gitbook/assets/mimoto (1).json" path="/wallet-binding" method="post" %} -[mimoto (1).json](<../../../../.gitbook/assets/mimoto (1).json>) -{% endopenapi %} +{% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/wallet-binding" method="post" %} +[mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) +{% endswagger %} + ## Configuration -The configurable properties for mimoto can be found at [mimoto-default.properties](https://github.com/mosip/mosip-config/blob/collab1/mimoto-default.properties). This property file is maintained as one for each deployment environment. On [this](https://github.com/mosip/mosip-config) repository, each environment configuration is placed in a corresponding branch specific to that environment. +The configurable properties for mimoto can be found at [mimoto-default.properties](https://github.com/inji/inji-config/blob/collab/mimoto-default.properties). This property file is maintained as one for each deployment environment. On [this](https://github.com/inji/inji-config) repository, each environment configuration is placed in a corresponding branch specific to that environment. -> Refer to [mimoto-default.properties](https://github.com/mosip/mosip-config/blob/collab1/mimoto-default.properties) of Collab environment. +> Refer to [mimoto-default.properties](https://github.com/inji/inji-config/blob/collab1/mimoto-default.properties) of Collab environment. The implementers can choose to use the existing configurations or add new configurations to them. -### Issuers Listing +# Wallet Configurations -The user is currently on the `+` button on the Home screen, which will open `Add new card` screen, where all the issuers are displayed Below issuers list API gives out all the issuers list +The Inji wallet configurations are defined in the [inji-default.properties](https://github.com/inji/inji-config/blob/collab/inji-default.properties) file, which acts as the source of default configuration values. These configurations are exposed through the Mimoto `allProperties` API and are consumed by the Inji wallet at runtime. + +The properties retrieved through the `allProperties` API control various wallet functionalities, including credential downloads, storage validation, caching, and OpenID4VP capabilities. + + +{% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/allProperties" method="get" %} +[mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) +{% endswagger %} + +```properties +# Timeout for VC download API via OpenID4VCI flow in milliseconds +mosip.inji.openId4VCIDownloadVCTimeout=30000 +# Inji documentation URL +mosip.inji.aboutInjiUrl=https://docs.inji.io/inji-wallet/inji-mobile +# Minimum storage space required for making audit entries in MB +mosip.inji.minStorageRequiredForAuditEntry=2 +# Minimum storage space required for downloading/receiving VCs in MB +mosip.inji.minStorageRequired=2 +# Specifies whether to perform client validation during the OpenID4VP sharing flow +mosip.inji.openid4vpClientValidation=false +# Defines the lifetime of cached data in storage, measured in milliseconds +mosip.inji.cacheTTLInMilliSeconds=3600000 + +# Specifies whether to perform credential offer VC verification in OpenID4VCI flow (To be removed in future releases) +mosip.inji.disableCredentialOfferVcVerification=true + +# OpenID4VP wallet configuration defining the wallet capabilities +mosip.inji.openid4vpWalletConfig={"response_types_supported":["vp_token"],"vp_formats_supported":{"mso_mdoc":{"issuerauth_alg_values":[-7],"deviceauth_alg_values":[-7]},"ldp_vc":{"proof_type_values":["Ed25519Signature2020","JsonWebSignature2020"]},"dc+sd-jwt":{"sd-jwt_alg_values":["EdDSA","ES256"],"kb-jwt_alg_values":["ES256","EdDSA"]},"vc+sd-jwt":{"sd-jwt_alg_values":["EdDSA","ES256"],"kb-jwt_alg_values":["ES256","EdDSA"]}},"client_id_prefixes_supported":["redirect_uri","decentralized_identifier","pre-registered"],"request_object_signing_alg_values_supported":["EdDSA"],"authorization_encryption_alg_values_supported":["ECDH-ES"],"authorization_encryption_enc_values_supported":["A256GCM"],"presentation_definition_uri_supported":true,"request_uri_methods_supported":["get","post"]} +``` + +### Property Descriptions + +1. **`cacheTTLInMilliSeconds`**: Defines the cache expiration time, in milliseconds, for API fallback. If an API request fails, the SDK uses the cached response for the APIs listed in the table below, provided the cache entry has not expired. + +**API Fallbacks available as cache** + +| API | Endpoint | +|:-------------------------------------------|:---------------------------| +| **getAllProperties** | `/v1/mimoto/allProperties` | +| **fetchIssuers** | `/v1/mimoto/issuers` | +| **fetchTrustedVerifiersList** | `/v1/mimoto/verifiers` | +| **fetchIssuerWellknownConfig** | `{issuer}/.well-known/...` | +| **fetchIssuerAuthorizationServerMetadata** | `{server}/.well-known/...` | + +2. **`minStorageRequired`**: Defines the minimum available device storage required for operations such as VC downloads and VC backup restoration. If sufficient storage is not available, the operation cannot proceed, and an error screen is displayed. +3. **`minStorageRequiredForAuditEntry`**: Defines the minimum available device storage required before initiating operations such as VC sharing, QR-based sharing, and BLE-based VC sharing, as these operations create audit history entries. +4. **`aboutInjiUrl`**: Defines the "About Inji" URL, which is displayed on the application's "About Inji" page. +5. VC Download-related Properties + 1. **`openId4VCIDownloadVCTimeout`**: Timeout, in milliseconds, for downloading a Verifiable Credential (VC) using the OpenID4VCI flow. + 2. **`disableCredentialOfferVcVerification`**: Disables verification of Verifiable Credentials (VCs) received through the OpenID4VCI credential offer flow. +6. OpenID4VP-related Properties + 1. **`openid4vpWalletConfig`**: Defines wallet-specific configuration for the OpenID4VP flow. + 2. **`openid4vpClientValidation`**: Enables or disables client validation against the pre-registered client list for the OpenID4VP flow. + 1. true – validate clients against the pre-registered list. + 2. false – skip client validation. + 3. For more information, see [Inji Wallet Usage](https://github.com/inji/inji-wallet/blob/master/docs/openid4vp/openid4vp-support.md#wallet-configuration-for-the-openid4vp-flow) + + +### Wallet's Trusted / Pre-registered Verifier list + +The Inji Wallet retrieves the list of pre-registered (trusted) verifiers from the Mimoto backend service. + +- **Backend Service:** Mimoto +- **API:** `/v1/mimoto/verifiers` -{% openapi src="../../../../.gitbook/assets/mimoto (1).json" path="/issuers" method="get" %} -[mimoto (1).json](<../../../../.gitbook/assets/mimoto (1).json>) -{% endopenapi %} +The API response provides the list of trusted verifiers, which is then embedded into the `walletConfig`. This configuration is supplied to the Inji OpenID4VP library to execute **client validation** during the OpenID4VP flow. -To get complete configuration of the specific issuer, below api is called. +{% swagger src="../../../../.gitbook/assets/mimoto (1).json" path="/verifiers" method="get" %} +[mimoto (1).json](<../../../../.gitbook/assets/mimoto%20(1).json>) +{% endswagger %} -{% openapi src="../../../../.gitbook/assets/mimoto (1).json" path="/issuers/{issuer-id}" method="get" %} -[mimoto (1).json](<../../../../.gitbook/assets/mimoto (1).json>) -{% endopenapi %} diff --git a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/inji-vc-renderer.md b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/inji-vc-renderer.md new file mode 100644 index 0000000..ada6f3d --- /dev/null +++ b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/inji-vc-renderer.md @@ -0,0 +1,83 @@ +# Inji VC Renderer + +## Overview + +Inji VC Renderer is a library designed to render Verifiable Credentials (VCs) by converting SVG templates into visual SVG images. The library dynamically replaces placeholders in SVG templates with actual Verifiable Credential JSON data, strictly following the JSON Pointer Algorithm (RFC6901) for value extraction. + +**Key Responsibilities:** + +* **VC Rendering Library** + + * Downloads SVG templates from the VC's render method + * Replaces template placeholders with actual VC data + * Supports multiple rendering methods and generates visual credential displays + * Follows JSON Pointer Algorithm (RFC6901) for accurate data extraction + +* **Library Consumer App** + + * Provides the Verifiable Credential data + * Handles the display of credentials + + +## Supported Features + +### Core Capabilities + +* **SVG Template Processing**: Downloads SVG templates from URLs specified in the VC render method +* **Dynamic Placeholder Replacement**: Replaces Mustache-style placeholders with actual VC data using JSON Pointer Algorithm (RFC6901) +* **VC Data Model 2.0 Support**: Compatible with the latest Verifiable Credential specification +* **QR Code Embedding**: Optionally embeds QR codes within SVG templates for credential verification + +### Supported Credential Formats + +Currently supported credential format: +- **ldp_vc** - Linked Data Proofs Verifiable Credentials + +## Libraries Available In + +Inji VC Renderer is available in Kotlin and Swift, supporting Android, JVM and iOS platforms. + +- **Kotlin**: [Android (AAR) & JVM (JAR)](https://github.com/inji/inji-vc-renderer/tree/master/kotlin) +- **Swift**: [iOS](https://github.com/inji/inji-vc-renderer-ios-swift/tree/master) + +### Core Methods + +The library provides a primary API for rendering credential display content: + +#### `generateCredentialDisplayContent()` + +Converts a Verifiable Credential into visual SVG representation by processing render methods and replacing template placeholders. + +**Parameters:** + +* `credentialFormat` - Enum specifying the credential format (currently supports `ldp_vc`) +* `vcJsonString` - The Verifiable Credential in stringified JSON format +* `wellKnownJson` (Optional) - Well-known metadata in stringified JSON format +* `qrCodeData` (Optional) - Custom data for QR code generation. If provided, QR code is generated using this value; if not provided or empty, the full VC JSON string is used as fallback. **Note**: `qrCodeData` should be pre-encoded (e.g., Base45-encoded) + +**Returns:** + +* List of rendered SVG templates as strings +* Multiple SVG templates are returned if multiple render methods are present in the VC + +> **For comprehensive API documentation and detailed usage examples, refer to the respective repository documentation:** +> - [Kotlin/Java Repository](https://github.com/inji/inji-vc-renderer/tree/master/kotlin#api) +> - [Swift/iOS Repository](https://github.com/inji/inji-vc-renderer-ios-swift/tree/master#api) + +### Rendering Process Flow + +The library follows these steps to render credential display content: + +1. **Render Method Extraction** - Extracts render method information from the VC JSON +2. **SVG Template Download** - Downloads the SVG template from the URL specified in the render method +3. **Placeholder Replacement** - Uses JSON Pointer Algorithm (RFC6901) to extract values from VC JSON and replace placeholders in the SVG +4. **QR Code Generation** - Optionally generates and embeds a QR code (if `qrCodeData` is provided) +5. **Output Generation** - Returns the fully rendered SVG as a string + +If multiple render methods exist in the VC, this process is repeated for each, and all rendered SVGs are returned as a list. + +--- + +> Refer to the [Inji Certify documentation](../../../../../inji-certify/overview/features/README.md#9-svg-rendering-support) for details on issuing credentials with SVG Rendering Support and the corresponding credential structure. + + diff --git a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/openid4vp.md b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/openid4vp.md index d6084bf..21107b8 100644 --- a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/openid4vp.md +++ b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/openid4vp.md @@ -2,79 +2,112 @@ ## OpenID4VP - Online Sharing -This library enables consumer applications (mobile wallet) to share users Verifiable Credentials with Verifiers who request them online. It adheres to the OpenID4VP [specification](https://openid.net/specs/openid-4-verifiable-presentations-1_0-23.html) draft version 23, which outlines the standards for requesting and presenting Verifiable Credentials. +This library for **wallet-side** processing of [OpenID for Verifiable Presentations](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) (OpenID4VP). This library validates incoming authorization requests, helps build Verifiable Presentations (with signing delegated to your app), and sends responses to the verifier. -#### Library Functionalities: Processing the Request from Decoding to Verifier Response +**Key Responsibilities:** -1. Receives the Verifier's Authorization Request sent by the consumer application (mobile wallet). -2. Validates the received Authorization Request to check if the required details are present or not, and then returns the Authorization Request to the consumer application once all the validations are successful. -3. Receives the list of Verifiable Credentials from the consumer application which are selected by the consumer application end-user based on the credentials requested as part of Verifier Authorization request. -4. Constructs the vp\_token without proof section and sends it back to the consumer application for generating Json Web Signature (JWS). -5. Receives the generated signature along with the other details and generates vp\_token with proof section & presentation\_submission. -6. Sends a POST request with generated vp\_token and presentation\_submission to the received Verifier's response\_uri endpoint. -7. Below sections details on the steps for integrating the Kotlin and Swift packages into the app. Below sections details on the steps for integrating the Kotlin and Swift packages into the app. +* **OpenID4VP Library** -**Supported features** + * Handles OpenID4VP protocol workflows and compliance + * Simplifies Verifiable Presentation creation and response exchange + * Reduces development complexity and integration time -| Feature | Supported values | -| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Device flow | Cross device flow, Same device flow (only `direct_post` and `direct_post.jwt` supported) | -| Client id scheme | `pre-registered`, `redirect_uri`, `did` | -| Signed authorization request verification algorithms | Ed25519 | -| Obtaining authorization request |

- By value : both signed (via request param) and unsigned (via URL encoded parameters)
- By reference ( via request_uri method)
Note: The use of signed or unsigned requests, is determined by the client_id_scheme associated with the client.

| -| Obtaining presentation definition in authorization request | By value, By reference (via `presentation_definition_uri`) | -| Authorization Response content encryption algorithms | `A256GCM` | -| Authorization Response key encryption algorithms | `ECDH-ES` | -| Credential formats | `ldp_vc`, `mso_mdoc`, `dc+sd-jwt`, `vc+sd-jwt` | -| Authorization Response mode | `direct_post`, `direct_post.jwt` (with encrypted & unsigned responses) and `iar-post` (unencrypted response), `iar-post.jwt` (Encrypted and unsigned response) | -| Authorization Response type | `vp_token` | +* **Library Consumer App** -### Android: Kotlin package for OpenID4VP: + * Owns user consent and credential selection + * Performs secure cryptographic signing -#### Repository +Build OpenID4VP capabilities faster with a library designed to remove protocol complexity, reduce implementation risk, and accelerate your journey toward interoperable digital credentials. -* inji-openid4vp kotlin repo - [here](https://github.com/inji/inji-openid4vp) +## Supported features -#### Installation +### Feature Matrix by Specification Version -Snapshot builds are available - [aar](https://central.sonatype.com/artifact/io.inji/inji-openid4vp-aar) and [jar](https://central.sonatype.com/artifact/io.inji/inji-openid4vp-jar) +**Legend:** ✅ = Supported | ❌ = Not Implemented | N/A = Not Applicable -{% hint style="info" %} -Note: implementation "io.inji:inji-openID4VP:0.7.0" -{% endhint %} +| Feature | Draft 23 | Version 1.0 | Notes | +|-----------------------------------------------|:---------:|:-----------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------| +| **Device Flow** | | | | +| — Cross device flow | ✅ | ✅ | Wallet scans QR code and passes data to this library | +| — Same device flow | ✅ | ✅ | Wallet receives VP request via deeplink | +| **Client ID Prefix** | | | Equivalent to Client ID Scheme in draft 23 | +| — pre-registered | ✅ | ✅ | Validated via `WalletConfig.trustedVerifiers` | +| — redirect_uri | ✅ | ✅ | | +| — decentralized_identifier | ✅ (`did`) | ✅ | | +| **Authorization Request Delivery** | | | Per [RFC 9101](https://www.rfc-editor.org/info/rfc9101/#name-authorization-request) | +| — By value (signed request) | ✅ | ✅ | | +| — By value (unsigned request) | ✅ | ✅ | Via URL-encoded parameters | +| — By reference (request_uri) | ✅ | ✅ | Fetched via HTTP GET/POST | +| — Request signing algorithms | ✅ | ✅ | Ed25519 | +| **Presentation Request** | | | | +| — DCQL Query | ❌ | ✅ | | +| — Presentation Definition | ✅ | ❌ | By value or via `presentation_definition_uri` | +| — Scope parameter | ❌ | ❌ | Not implemented | +| **VP Response Modes** | | | | +| — direct_post | ✅ | ✅ | | +| — direct_post.jwt | ✅ | ✅ | Unsigned and Encrypted response | +| — iar-post / iae_post | ✅ | ✅ | | +| — iar-post.jwt / iae_post.jwt | ✅ | ✅ | Unsigned and Encrypted response | +| **VP Response Type** | | | | +| — vp_token | ✅ | ✅ | | +| — vp_token id_token | ❌ | ❌ | Not implemented | +| — code | ❌ | ❌ | Not implemented | +| **Authorization Response Encryption** | | | For `direct_post.jwt` and `iar-post.jwt` / `iae_post.jwt` modes | +| — Encryption algorithm (content) | ✅ | ✅ | A256GCM | +| — Key agreement algorithm | ✅ | ✅ | ECDH-ES | +| **VP Token Generation** | | | | +| — DCQL Query-based | ❌ | ✅ | | +| — Presentation Definition-based | ✅ | ❌ | | +| — Error responses | ✅ | ✅ | Any failure during VP request validation / user consent rejection / VP response preparation is prepared as Authorization Error response and sent to Verifier | +| **Supported Verifiable Presentation Formats** | | | | +| — ldp_vp | ✅ | ✅ | | +| — mso_mdoc | ✅ | ✅ | | +| — vc+sd-jwt / dc+sd-jwt | ✅ | ✅ | | -### iOS: Swift package for OpenID4VP: -#### Repository +## Libraries Available in -* inji-openid4vp-ios-swift swift repo -> [here](https://github.com/inji/inji-openid4vp-ios-swift) +This library is available in Kotlin and Swift, supporting Android, JVM and iOS platforms. -#### Installation +- **Kotlin**: [Android (AAR) & JVM (JAR)](https://github.com/inji/inji-openid4vp/tree/master/kotlin) +- **Swift**: [iOS](https://github.com/inji/inji-openid4vp-ios-swift) -1. Clone the repo. -2. In your swift application go to file > add package dependency > add the https://github.com/inji/inji-openid4vp-ios-swift in git search bar > add package. -3. Import the library and use. +### Core Methods -### APIs +The library provides the following methods organized into different workflow patterns: -The OpenID4VP library provides the following APIs for implementing the OpenID4VP flow: +#### Primary Flow Methods -| API Method | Use Case | -| ---------------------------- | -------------------------------------------------------------------------------------------------- | -| `authenticateVerifier` | Validate and decode the verifier's authorization request | -| `constructUnsignedVPToken` | Create unsigned VP tokens (V1 API) from verifiable credentials for signing by the wallet | -| `constructUnsignedVPTokenV2` | Create flattened list of unsigned VP tokens (V2 API) with signing metadata for simplified workflow | -| `constructVPResponse` | Construct the VP response (V1 API) with signed tokens ready to be sent to the verifier | -| `constructVPResponseV2` | Construct the VP response (V2 API) from simplified signing results | -| `sendVPResponseToVerifier` | Construct VP response and send it to the verifier via HTTP POST | -| `constructErrorInfo` | Construct an authorization error response as per OpenID4VP specification | -| `sendErrorInfoToVerifier` | Construct and send error response to the verifier via HTTP POST | +| Method | Purpose | +|----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------| +| **`authenticateVerifier()`** | Validates incoming authorization requests from verifiers. Resolves request objects, verifies signatures, and returns a structured request. | +| **`getMatchingCredentials()`** | *(DCQL Helper)* Evaluates DCQL queries against your wallet's credentials to determine which satisfy the verifier's requirements. | +| **`constructUnsignedVPToken()`** | Prepares VP tokens based on selected credentials. Returns unsigned data that your wallet must sign. | -> **For detailed API reference including parameters, response structures, examples, and exceptions, refer to the** [**Kotlin API Reference**](https://github.com/inji/inji-openid4vp/tree/master/kotlin#apis) **or** [**Swift API Reference**](https://github.com/inji/inji-openid4vp-ios-swift?tab=readme-ov-file#apis) **accordingly.** +#### Response Submission — Two Patterns Available -#### OpenID4VP library and Inji Wallet integration: +**Option 1: Construct & Send (Recommended)** — SDK handles VP Response submission -The below diagram shows the interactions between Inji Wallet, Verifier and OpenID4VP library. +| Method | Purpose | +|----------------------------------|----------------------------------------------------------------------------------------------------------| +| **`sendVPResponseToVerifier()`** | Assembles signed VP tokens into an OpenID4VP response **and submits it** to the verifier. | +| **`sendErrorInfoToVerifier()`** | Constructs and sends error/rejection responses to the verifier (e.g., user denial, validation failures). | + +**Option 2: Construct Only (Advanced)** — You handle VP Response submission yourself + +| Method | Purpose | +|-----------------------------|--------------------------------------------------------------------------------------| +| **`constructVPResponse()`** | Constructs the VP response **without sending**. You handle VP Response submission. | +| **`constructErrorInfo()`** | Constructs an error response **without sending**. You handle VP Response submission. | + + +> **For detailed API reference including parameters, response structures, examples, and exceptions, refer to the** [**Kotlin API Reference**](https://github.com/inji/inji-openid4vp/tree/master/docs/integration-guide.md) **or** [**Swift API Reference**](https://github.com/inji/inji-openid4vp-ios-swift/docs/integration-guide.md) **accordingly.** + +--- + +#### OpenID4VP library and Wallet integration: + +The below diagram shows the interactions between Wallet, Verifier and OpenID4VP library. ```mermaid sequenceDiagram @@ -103,17 +136,14 @@ sequenceDiagram activate Wallet Note over Wallet: Sign VP Token - Note over Wallet: Construct JWS Token deactivate Wallet - Wallet-->>Library: Send Signed JWS Token + Wallet-->>Library: Send Signed data activate Library - Note over Library: Construct Proof Object - Note over Library: Attach Proof to VP Token + Note over Library: Create Verifiable Presentation + Note over Library: Populate VP response deactivate Library - Library-->>Verifier: HTTP POST Request with:
1. VP Token
2. Presentation Submission
3. State - -``` + Library-->>Verifier: HTTP POST Request with: VP Response -_Note: Currently, the `vp_token` uses the `Ed25519Signature2020` type for digital signatures._ +``` \ No newline at end of file diff --git a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/pixelpass.md b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/pixelpass.md index 94f0a0d..61fb8a0 100644 --- a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/pixelpass.md +++ b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/pixelpass.md @@ -4,167 +4,97 @@ PixelPass is a versatile and easy-to-use library designed to simplify working with QR codes and data compression. It allows you to generate QR codes from any given data with just a single function. If you’re working with JSON, PixelPass can take that data, compress it, and convert it into a compact format using CBOR encoding, making it smaller and more efficient for QR code generation. The library can also decode this compressed data, turning CBOR back into the original JSON format. Additionally, for more complex use cases, PixelPass offers the ability to map your JSON data to a specific structure, compress it, and encode it into CBOR. Later, you can also reverse this process, decoding the CBOR back into its mapped JSON structure. With these capabilities, PixelPass makes managing, compressing, and encoding data for QR codes easy and efficient. -PixelPass has NPM, Kotlin, Swift and Java artifacts available. +### Availability + +PixelPass is available across multiple platforms and programming languages, making it accessible for diverse development environments: + +- **[Node.js/JavaScript](https://github.com/inji/pixelpass/tree/master/js)**: Available as an NPM package for web and Node.js applications +- **[Kotlin/Android](https://github.com/inji/pixelpass/tree/master/kotlin)**: Published as an AAR (Android Archive) library for native Android development +- **[Java](https://github.com/inji/pixelpass/tree/master/kotlin)**: Available as a JAR (Java Archive) for Java backend applications +- **[Swift/iOS](https://github.com/inji/pixelpass-ios-swift)**: Available as a Swift package for native iOS development + ### Features +PixelPass provides essential features for efficient data encoding and QR code generation: + * Compresses data using zlib with the highest compression level (level 9). * Encodes and decodes data with the base45 format. * For JSON data, applies CBOR encoding/decoding to achieve additional size reduction. * With JSON and a Mapper provided, maps the JSON and then performs CBOR encoding/decoding to further shrink the data size. +* Supports multiple output formats including base64-encoded PNG images and base45-encoded strings. +* Provides comprehensive error handling for robust data processing. -### Usage - -1. As a node project: - -`npm i @mosip/pixelpass` - -2. As a Kotlin/Java dependency: - -_Gradle_ - -`implementation("io.mosip:pixelpass:0.5.0")` - -_Maven_ - -``` - - io.mosip - pixelpass - 0.5.0 - -``` - -3. To include PixelPass in your Swift project, follow the below steps: - 1. Clone the PixelPass library locally. - 2. Create a new Swift project. - 3. Add package dependency: PixelPass - -## APIs - -Below are the APIs provided by the PixelPass library: - -**generateQRCode( data, ecc , header )** - -The `generateQRCode` takes a data, ECC (Error correction level) which when not passed defaults to L and header which defaults to empty string if not passed. Returns a base64 encoded PNG image. - -* `data` - Data needs to be compressed and encoded. -* `ecc` - Error Correction Level for the QR generated. defaults to `"L"`. -* `header` - Data header need to be prepend to identify the encoded data. defaults to `""`. - -```javascript -import { generateQRCode } from '@mosip/pixelpass'; - -const data = "Hello"; -const qrCode = generateQRCode(data, ecc, header); - -// ecc is Error Correction Level for the QR generated. defaults to "L". -// header defaults to empty string if not passed. -``` - -**generateQRData( data, header )** +### APIs Overview -The `generateQRData` takes a valid JSON string and a header which when not passed defaults to an empty string. This API will return a base45 encoded string which is `Compressed > CBOR Encoded > Base45 Encoded`. +PixelPass exposes six primary APIs for different use cases: -* `data` - Data needs to be compressed and encoded. -* `header` - Data header need to be prepend to identify the encoded data. defaults to `""`. +- **generateQRCode**: Creates a visual QR code (base64 PNG) from compressed and encoded data +- **generateQRData**: Produces base45-encoded strings suitable for raw data transfer +- **decode**: Reverses the encoding process to retrieve original JSON from base45 strings +- **decodeBinary**: Decompresses binary zip data +- **getMappedData**: Transforms JSON using a mapper and applies optional CBOR encoding for reduced size +- **decodeMappedData**: Reverses mapped and encoded data back to original JSON structure +- **toJson(base64UrlEncodedCborEncodedString: String)**: Decodes base64 URL-encoded CBOR data and converts it into its JSON structure. -```javascript -import { generateQRData } from '@mosip/pixelpass'; +These APIs support multiple compression and encoding strategies, allowing developers to choose the approach that best fits their credential sharing scenarios. -const jsonString = "{\"name\":\"Steve\",\"id\":\"1\",\"l_name\":\"jobs\"}"; -const header = "jsonstring"; +> **Note**: For comprehensive API documentation and detailed usage examples, refer to the API sections in the respective repositories: +> - [JavaScript/Node.js API Guide](https://github.com/inji/pixelpass/tree/master/js#apis) +> - [Kotlin/Android API Guide/Java API Guide](https://github.com/inji/pixelpass/blob/master/kotlin/Readme.md#apis) +> - [Swift/iOS API Guide](https://github.com/inji/pixelpass-ios-swift#api-reference) -const encodedCBORData = generateQRData(jsonString, header); -// header defaults to empty string if not passed. -``` +## Use Cases -**decode( data )** +### 1. Sharing Credentials as QR Codes -The `decode` will take a `string` as parameter and gives us decoded JSON string which is Base45 `Decoded > CBOR Decoded > Decompressed`. +Credential sharing as QR codes is a core use case that leverages the PixelPass library. A Wallet application encodes credential data using `pixelPass.generateQRData(data, header)` into a QR code, which can then be shared with or scanned by a Verifier application. The Verifier uses PixelPass to decode and validate the credential data. -* `data` - Data needs to be decoded and decompressed without header. +This use case is available within the Inji Ecosystem with the following components: -```javascript -import { decode } from '@mosip/pixelpass'; +- **Wallet**: Inji Wallet +- **Verifier**: Inji Verify +- **Issuer**: Inji Certify +- **Applicable Credential Formats**: + - ldp_vc -const b45EncodedData = "NCFWTL$PPB$PN$AWGAE%5UW5A%ADFAHR9 IE:GG6ZJJCL2.AJKAMHA100+8S.1"; -const jsonString = decode(b45EncodedData); -``` +**User Flow** -**decodeBinary( data )** +1. User downloads a credential from Inji Certify via Inji Wallet +2. User opens the credential detail view, which displays a QR code +3. User opens Inji Verify and chooses to scan or upload the credential QR code: + - **Scan Option**: Select the "Scan QR Code" tab and allow Inji Verify to scan the QR code using the device camera + - **Upload Option**: Select the "Upload QR Code" tab and upload the QR code image downloaded from Inji Wallet +4. After scanning or uploading, Inji Verify decodes the QR data, validates the credential, and displays it in the UI -The `decodeBinary` will take a `UInt8ByteArray` as parameter and gives us unzipped string. Currently only zip binary data is only supported. +**PixelPass & Inji Wallet Integration:** -* `data` - Data needs to be decoded and decompressed without header. - -```javascript -import { decodeBinary } from '@mosip/pixelpass'; - -const zipdata = ; -const decompressedData = decodeBinary(zipdata); -``` - -**getMappedData( jsonData, mapper, cborEnable )** - -The `getMappedData` takes 3 arguments a JSON and a map with which we will be creating a new map with keys and values mapped based on the mapper. The third parameter is an optional value to enable or disable CBOR encoding on the mapped data. - -* `jsonData` - A JSON data. -* `mapper` - A Map which is used to map with the JSON. -* `cborEnable` - A Boolean which is used to enable or disable CBOR encoding on mapped data. Defaults to `false` if not provided. - -```javascript -import { getMappedData } from '@mosip/pixelpass'; - -const jsonData = {"name": "Jhon", "id": "207", "l_name": "Honay"}; -const mapper = {"id": "1", "name": "2", "l_name": "3"}; - -const byteBuffer = getMappedData(jsonData, mapper,true); - -const cborEncodedString = byteBuffer.toString('hex'); -``` - -The example of a converted map would look like, `{ "1": "207", "2": "Jhon", "3": "Honay"}` - -**decodeMappedData( data, mapper )** - -The `decodeMappedData` takes 2 arguments a string which is CBOR Encoded or a mapped JSON and a map with which we will be creating a JSON by mapping the keys and values. If the data provided is CBOR encoded string the API will do a CBOR decode first ad then proceed with re-mapping the data. - -* `data` - A CBOREncoded string or a mapped JSON. -* `mapper` - A Map which is used to map with the JSON. +The below diagram shows how Inji Wallet utilises PixelPass library. -```javascript -import { decodeMappedData } from '@mosip/pixelpass'; +
-const cborEncodedString = "a302644a686f6e01633230370365486f6e6179"; -const mapper = {"1": "id", "2": "name", "3": "l_name"}; +**PixelPass & Inji Verify Integration:** -const jsonData = decodeMappedData(cborEncodedString, mapper); -``` +The below diagram shows how Inji Verify utilises PixelPass library. -The example of the returned JSON would look like, `{"name": "Jhon", "id": "207", "l_name": "Honay"}` +
-### Errors / Exceptions +For more details on this use case, refer to the [detailed guide](../../../../../inji-verify/build-and-deploy/creating-verifiable-credentials-and-generating-qr-codes.md). -Shall you encounter any errors while using the APIs, please refer to the below: +### 2. Displaying mDoc Credential Data -1. **Cannot read properties of null (reading 'length')** - This error denotes that the string passed to encode is null. -2. **Cannot read properties of undefined (reading 'length')** - This error denotes that the string passed to encode is undefined. -3. **byteArrayArg is null or undefined.** - This error denotes that the string passed to encode is null or undefined. -4. **utf8StringArg is null or undefined**. - This error denotes that the string passed to decode is null or undefined. -5. **utf8StringArg has incorrect length**. - This error denotes that the string passed to decode is of invalid length. -6. **Invalid character at position X**. - This error denotes that the string passed to decode is invalid with an unknown character then base45 character set. Also denotes the invalid character position. -7. **incorrect data check** - This error denotes that the string passed to decode is invalid. +For credentials in the `mso_mdoc` format, the Issuer provides credentials as base64 URL-encoded CBOR data. Wallet applications can use the `toJson(base64UrlEncodedCborEncodedString)` API to convert the CBOR data to JSON format for display in the UI. -## PixelPass & Inji Wallet Integration: +This use case is available within the Inji Ecosystem with the following components: -The below diagram shows how Inji Wallet utilises PixelPass library. +- **Wallet**: Inji Wallet +- **Issuer**: Inji Certify -
+**User Flow** -## PixelPass & Inji Verify Integration: +1. User downloads a Mobile Driving License from Inji Certify via Inji Wallet +2. User opens the credential detail view where the mDoc data is displayed in a readable format -The below diagram shows how Inji Verify utilises PixelPass library. +--- -
diff --git a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/tuvali/tuvali-inji.md b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/tuvali/tuvali-inji.md index 6de384d..8a34e19 100644 --- a/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/tuvali/tuvali-inji.md +++ b/inji-wallet/inji-mobile/technical-overview/integration-guide/building-verifiable-credentials-wallet-with-inji-libraries/tuvali/tuvali-inji.md @@ -18,7 +18,7 @@ The Verifier device generates a URI using the `startAdvertisement()` method and OPENID4VP://connect?name=STADONENTRY&key=8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a ``` -URI structure can be found in the [spec](https://bitbucket.org/openid/connect/src/master/openid-4-verifiable-presentations-over-ble/openid-4-verifiable-presentations-over-ble-1_0.md). Currently the library doesnot support iOS as a verifier.But it can act as a wallet for android verifier. +URI structure can be found in the [spec](https://bitbucket.org/openid/connect/src/master/openid-4-verifiable-presentations-over-ble/openid-4-verifiable-presentations-over-ble-1_0.md). Currently, the library doesn't support iOS as a verifier.But it can act as a wallet for android verifier. ``` var verifier = Verifier()