Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5,477 changes: 4,028 additions & 1,449 deletions .gitbook/assets/mimoto (1).json

Large diffs are not rendered by default.

Binary file modified .gitbook/assets/verify-decode.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified .gitbook/assets/wallet-encode.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 3 additions & 3 deletions SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,9 @@
* [Specifications](inji-wallet/inji-mobile/technical-overview/specifications/README.md)
* [Face SDK Specifications](inji-wallet/inji-mobile/technical-overview/specifications/face-sdk-specifications.md)
* [Backend Services](inji-wallet/inji-mobile/technical-overview/backend-services/README.md)
* [Mimoto](inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md)
* [eSignet](inji-wallet/inji-mobile/technical-overview/backend-services/esignet.md)
* [Inji Certify](inji-wallet/inji-mobile/technical-overview/backend-services/inji-certify.md)
* [Inji Wallet Backend (Mimoto)](inji-wallet/inji-mobile/technical-overview/backend-services/mimoto.md)
* [Authorization Server for Authentication Using Inji Wallet Credentials](inji-wallet/inji-mobile/technical-overview/backend-services/login-using-credential.md)
* [Credential Issuer](inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md)
* [Customizations](inji-wallet/inji-mobile/technical-overview/customization-overview/README.md)
* [Workflow customization](inji-wallet/inji-mobile/technical-overview/customization-overview/workflow-customization.md)
* [UI customization](inji-wallet/inji-mobile/technical-overview/customization-overview/ui-customization.md)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ This section contains the guides and information that could benefit the develope

For more information on backend systems, read through:

1. [Mimoto service](mimoto.md)
2. [esignet service](esignet.md)
3. [Inji Certify](inji-certify.md#overview)
1. [Inji Wallet Backend (Mimoto)](./mimoto.md)
2. [Authorization Server for Authentication Using Inji Wallet Credentials](./login-using-credential.md)
3. [Credential Issuer](issuer.md#overview)

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Issuer

## Overview

The **Issuer** is one of the backend services that Inji Wallet interacts with to obtain Verifiable Credentials (VCs). As defined by the **OpenID for Verifiable Credential Issuance (OpenID4VCI)** specification, an Issuer is responsible for issuing credentials to eligible users.

Within the Inji ecosystem, **Inji Certify** acts as the Issuer. It exposes the OpenID4VCI endpoints that Inji Wallet uses to request and download issued Verifiable Credentials. User authentication is handled by a separate authorization server (eSignet) before the credential issuance process begins. Once downloaded, Inji Wallet securely stores and manages these credentials on the user's device.

Comment thread
coderabbitai[bot] marked this conversation as resolved.
## Credential Download Flow

The following steps describe how Inji Wallet downloads a Verifiable Credential from an Issuer.

1. The user opens the **Add New Card** screen in Inji Wallet and selects an issuer (for example, *Republic of Veridonia National ID Department*).

2. Inji Wallet initiates the authorization flow.
* The wallet redirects the user to the authorization server configured for the selected issuer (for example, **eSignet**).
* The user authenticates using the configured authentication mechanism, such as a unique identifier and a One-Time Password (OTP).
* Upon successful authentication, the authorization server redirects the user back to Inji Wallet with an authorization code.
* Inji Wallet exchanges the authorization code for an access token.

3. Using the access token, Inji Wallet invokes the Issuer's credential endpoint exposed by **Inji Certify** to download the issued Verifiable Credential.

### Credential Endpoint

The credential issuance endpoint is designed in accordance with the OpenID for Verifiable Credential Issuance (OpenID4VCI) specification. The endpoint URL is provided in the Issuer Metadata response through the `credential_endpoint` attribute.

#### VC Issuance Endpoint

{% openapi-operation spec="api" path="/vci/credential" method="post" %}
[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)
{% endopenapi-operation %}

> **For more details**: Refer to the [Inji Certify Documentation](../../../../inji-certify/overview/README.md) to understand credential issuance workflows.
Comment on lines +29 to +33

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift

Replace the signed OpenAPI asset link.

This signed R2 URL is already past its expiry window, so the credential endpoint block will render a dead link in published docs. Please point it at a stable asset or regenerate the spec link during publishing.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@inji-wallet/inji-mobile/technical-overview/backend-services/issuer.md` around
lines 29 - 33, The credential endpoint block in issuer.md uses a signed OpenAPI
asset URL that has expired, so the rendered docs will contain a dead link.
Update the openapi-operation reference for /vci/credential to use a stable,
non-expiring asset source or a publishing-time generated link, keeping the
surrounding Inji Certify documentation reference intact.

Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Online Login

## Overview

**Online Login** enables users to securely access digital services using a verifiable credential stored in the Inji Wallet. Instead of using traditional usernames and passwords, users can authenticate themselves by presenting a trusted digital credential, completing user verification, and consenting to share only the required information with the service provider.

---

## Example Use Case
This use case is applicable to any service provider portal that supports wallet-based authentication through a compatible Authorization Server (AS).

The following example demonstrates the online login flow within the Inji ecosystem using **eSignet** as the Authorization Server.

* **Authorization Server (AS):** eSignet
* **Service Provider:** Health ID Services Portal
* **Credential Issuer:** Republic of Veridonia National ID Department
* **Credential:** Veridonia National ID

In this example, a user downloads the Veridonia National ID credential into the Inji Wallet and later uses it to securely sign in to the Health ID Services Portal.

---

## User Journey

1. Open the **Inji Wallet** application.
2. Tap the **+** button and download a credential from the **Republic of Veridonia National ID Department**.
3. After the credential is downloaded, open the credential menu (⋮) and activate it.
4. Open the **Health ID Services** portal and select **Sign in with eSignet**.
5. A QR code is displayed on the portal. Using the Inji Wallet, scan the QR code from the **Share** tab or the credential's **QR Login** option.
6. Complete the face authentication.
7. Review the requested claims and choose the information to share.
8. Provide consent.
9. The requested claims are securely shared, and the user is successfully signed in to the Health ID Services portal.

---

## APIs Involved

The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code.


### Link Login Transaction
After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code.

{% openapi-operation spec="api" path="/linked-authorization/v2/link-transaction" method="post" %}
[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)
{% endopenapi-operation %}

### Authenticate User

After successful face authentication, the wallet authenticates the user.

{% openapi-operation spec="api" path="/linked-authorization/v2/authenticate" method="post" %}
[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)
{% endopenapi-operation %}

### Submit User Consent

Once the user approves the requested claims, the wallet submits the consent.

{% openapi-operation spec="api" path="/linked-authorization/v2/consent" method="post" %}
[OpenAPI api](https://4401d86825a13bf607936cc3a9f3897a.r2.cloudflarestorage.com/gitbook-x-prod-openapi/raw/a642986d423ac4ddb8b24e8d67b93a4e7b72f36ba27efafa5dd7ad15507aba07.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=dce48141f43c0191a2ad043a6888781c%2F20260619%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260619T063153Z&X-Amz-Expires=172800&X-Amz-Signature=9b94089a8690b19e0b374d14c6d4fa809f268501594b2b68b212edd04cb0b2a0&X-Amz-SignedHeaders=host&x-amz-checksum-mode=ENABLED&x-id=GetObject)
{% endopenapi-operation %}

---

## Benefits

* Passwordless authentication using digital credentials.
* User-controlled sharing of identity attributes.
* Explicit consent before any information is shared.
* Reusable across multiple service provider portals.
* Secure authentication using trusted verifiable credentials.

---

## Reference

For details about the Wallet Authentication APIs, refer to the [eSignet Wallet Authenticator documentation](https://docs.esignet.io/esignet-authentication/develop/integration/wallet/wallet-authenticator#wallet-authentication-apis)
Loading