-
Notifications
You must be signed in to change notification settings - Fork 4
docs: update backend services | libraries section for inji-mobile #15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
This file was deleted.
This file was deleted.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # Issuer | ||
|
|
||
| ## Overview | ||
|
|
||
| The **Issuer** is one of the backend services that Inji Wallet interacts with to obtain Verifiable Credentials (VCs). As defined by the **OpenID for Verifiable Credential Issuance (OpenID4VCI)** specification, an Issuer is responsible for issuing credentials to eligible users. | ||
|
|
||
| Within the Inji ecosystem, **Inji Certify** acts as the Issuer. It exposes the OpenID4VCI endpoints that Inji Wallet uses to request and download issued Verifiable Credentials. User authentication is handled by a separate authorization server (eSignet) before the credential issuance process begins. Once downloaded, Inji Wallet securely stores and manages these credentials on the user's device. | ||
|
|
||
| ## Credential Download Flow | ||
|
|
||
| The following steps describe how Inji Wallet downloads a Verifiable Credential from an Issuer. | ||
|
|
||
| 1. The user opens the **Add New Card** screen in Inji Wallet and selects an issuer (for example, *Republic of Veridonia National ID Department*). | ||
|
|
||
| 2. Inji Wallet initiates the authorization flow. | ||
| * The wallet redirects the user to the authorization server configured for the selected issuer (for example, **eSignet**). | ||
| * The user authenticates using the configured authentication mechanism, such as a unique identifier and a One-Time Password (OTP). | ||
| * Upon successful authentication, the authorization server redirects the user back to Inji Wallet with an authorization code. | ||
| * Inji Wallet exchanges the authorization code for an access token. | ||
|
|
||
| 3. Using the access token, Inji Wallet invokes the Issuer's credential endpoint exposed by **Inji Certify** to download the issued Verifiable Credential. | ||
|
|
||
| ### Credential Endpoint | ||
|
|
||
| The credential issuance endpoint is designed in accordance with the OpenID for Verifiable Credential Issuance (OpenID4VCI) specification. The endpoint URL is provided in the Issuer Metadata response through the `credential_endpoint` attribute. | ||
|
|
||
| #### VC Issuance Endpoint | ||
|
|
||
| {% openapi-operation spec="api" path="/vci/credential" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| > **For more details**: Refer to the [Inji Certify Documentation](../../../../inji-certify/overview/README.md) to understand credential issuance workflows. | ||
|
Comment on lines
+29
to
+33
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift Replace the signed OpenAPI asset link. This signed R2 URL is already past its expiry window, so the credential endpoint block will render a dead link in published docs. Please point it at a stable asset or regenerate the spec link during publishing. 🤖 Prompt for AI Agents |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| # Online Login | ||
|
|
||
| ## Overview | ||
|
|
||
| **Online Login** enables users to securely access digital services using a verifiable credential stored in the Inji Wallet. Instead of using traditional usernames and passwords, users can authenticate themselves by presenting a trusted digital credential, completing user verification, and consenting to share only the required information with the service provider. | ||
|
|
||
| --- | ||
|
|
||
| ## Example Use Case | ||
| This use case is applicable to any service provider portal that supports wallet-based authentication through a compatible Authorization Server (AS). | ||
|
|
||
| The following example demonstrates the online login flow within the Inji ecosystem using **eSignet** as the Authorization Server. | ||
|
|
||
| * **Authorization Server (AS):** eSignet | ||
| * **Service Provider:** Health ID Services Portal | ||
| * **Credential Issuer:** Republic of Veridonia National ID Department | ||
| * **Credential:** Veridonia National ID | ||
|
|
||
| In this example, a user downloads the Veridonia National ID credential into the Inji Wallet and later uses it to securely sign in to the Health ID Services Portal. | ||
|
|
||
| --- | ||
|
|
||
| ## User Journey | ||
|
|
||
| 1. Open the **Inji Wallet** application. | ||
| 2. Tap the **+** button and download a credential from the **Republic of Veridonia National ID Department**. | ||
| 3. After the credential is downloaded, open the credential menu (⋮) and activate it. | ||
| 4. Open the **Health ID Services** portal and select **Sign in with eSignet**. | ||
| 5. A QR code is displayed on the portal. Using the Inji Wallet, scan the QR code from the **Share** tab or the credential's **QR Login** option. | ||
| 6. Complete the face authentication. | ||
| 7. Review the requested claims and choose the information to share. | ||
| 8. Provide consent. | ||
| 9. The requested claims are securely shared, and the user is successfully signed in to the Health ID Services portal. | ||
|
|
||
| --- | ||
|
|
||
| ## APIs Involved | ||
|
|
||
| The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code. | ||
|
|
||
|
|
||
| ### Link Login Transaction | ||
| After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code. | ||
|
|
||
| {% openapi-operation spec="api" path="/linked-authorization/v2/link-transaction" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| ### Authenticate User | ||
|
|
||
| After successful face authentication, the wallet authenticates the user. | ||
|
|
||
| {% openapi-operation spec="api" path="/linked-authorization/v2/authenticate" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| ### Submit User Consent | ||
|
|
||
| Once the user approves the requested claims, the wallet submits the consent. | ||
|
|
||
| {% openapi-operation spec="api" path="/linked-authorization/v2/consent" method="post" %} | ||
| [OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject) | ||
| {% endopenapi-operation %} | ||
|
|
||
| --- | ||
|
|
||
| ## Benefits | ||
|
|
||
| * Passwordless authentication using digital credentials. | ||
| * User-controlled sharing of identity attributes. | ||
| * Explicit consent before any information is shared. | ||
| * Reusable across multiple service provider portals. | ||
| * Secure authentication using trusted verifiable credentials. | ||
|
|
||
| --- | ||
|
|
||
| ## Reference | ||
|
|
||
| For details about the Wallet Authentication APIs, refer to the [eSignet Wallet Authenticator documentation](https://docs.esignet.io/esignet-authentication/develop/integration/wallet/wallet-authenticator#wallet-authentication-apis) |
Uh oh!
There was an error while loading. Please reload this page.