Skip to content

[INJIWEB-1793] Technical documentation for VC Status check design#995

Open
jackjain wants to merge 23 commits into
inji:developfrom
tw-mosip:INJIWEB-1793
Open

[INJIWEB-1793] Technical documentation for VC Status check design#995
jackjain wants to merge 23 commits into
inji:developfrom
tw-mosip:INJIWEB-1793

Conversation

@jackjain

@jackjain jackjain commented Jan 16, 2026

Copy link
Copy Markdown
Contributor
  • Added possible flow/sequence diagram for different scenarios
  • Added API contract
  • Added Cache design
  • Added design for vc-verifier library change

Summary by CodeRabbit

  • Documentation
    • Added comprehensive VC status-check design and expanded docs for Google OAuth2 login, wallet unlock errors, and PIN-based data encryption flows.
  • Chores
    • Bumped project/module/chart/image versions and release tags; updated packaged JAR examples.
    • Updated deployment/Helm/docker-compose configs and installer scripts; renamed database environment keys.
  • Configuration
    • Extended issuer configuration with OpenID4VCI/OIDC fields and added status caching strategy details.

Signed-off-by: jackjain <jackjain1995@gmail.com>
…check endpoints

Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
…add caching strategy

Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: jackjain <jackjain1995@gmail.com>
@coderabbitai

coderabbitai Bot commented Jan 16, 2026

Copy link
Copy Markdown

Walkthrough

A new design document adds a complete Verifiable Credentials (VC) status-check system: workflows for view-time, user-initiated, and add-time checks; API contracts; DB schema additions and migration notes; a 24-hour status-list credential cache; and VC Verifier library adjustments to accept and return status-list credentials.

Changes

Cohort / File(s) Summary
VC Status Check Design Documentation
docs/VCStatusCheckDesign.md
Adds new design doc detailing three status-check flows (view, user-check, add-time), API response shapes (isSchemaAndSignatureValid, isExpired, statusChecks, lastCheckedAt, detailed single-check responses), DB schema additions (is_expired, is_schema_signature_valid, status_checks, status_last_checked_at) and migration plan, 24h TTL status-list cache structure, and VC Verifier API/DTO changes.
Versioning & Release metadata
pom.xml, api-test/pom.xml, api-test/README.md, helm/mimoto/Chart.yaml, helm/mimoto/values.yaml, deploy/*/install.sh
Bump project and module versions from snapshot/develop to released 0.22.0 / specific chart versions; update shaded JAR filename and apitest dependency from SNAPSHOT to release.
Deployment & Config keys
deploy/mimoto/values.yaml, deploy/mimoto/keygen-mimoto.yaml, deploy/mimoto/install.sh, deploy/mimoto-apitestrig/install.sh, partner-onboarder/install.sh, docker-compose/docker-compose.yml, db_scripts/init_values.yaml
Rename DB env/property keys from MOSIP_MIMOTO_*INJI_MIMOTO_*, update chart versions and image tags to 0.22.0, and adjust Helm/chart install versions.
Issuer configuration additions
docker-compose/config/mimoto-issuers-config.json, src/main/resources/mimoto-issuers-config.json
Extend issuer entries with OpenID4VCI/OIDC fields: wellknown_endpoint, redirect_uri, authorization_audience, proxy_token_endpoint, and explicit credential_issuer.
Application properties
src/main/resources/application-default.properties, src/main/resources/application-local.properties
Repoint JDBC and application DB property keys to use inji.mimoto.database.* instead of mosip.mimoto.database.*.
Documentation updates
docs/GoogleOauth2LoginIntegration.md, docs/UserDataEncryptionWithPinBasedKey.md, docs/WalletUnlockProcess.md
Add detailed flow diagrams, error tables, and expanded OAuth2 and encryption/unlock process documentation.
Misc / Init config
docker-compose/config/mimoto-issuers-config.json, docker-compose/...
Small config changes to issuer entries and service image tags in docker-compose and related configs.

Sequence Diagram(s)

sequenceDiagram
    participant Client as Client
    participant API as API
    participant DB as Database
    participant Cache as StatusListCache
    participant Verifier as VCVerifier
    participant External as ExternalStatusList

    Client->>API: Request credential(s) with status
    API->>DB: Fetch stored VC records
    DB-->>API: Return VC(s)
    API->>Cache: Check status-list credential (per VC)
    alt Cache hit
        Cache-->>API: Return cached status-list credential
    else Cache miss
        API->>Verifier: Request status-list credential (verify & fetch)
        Verifier->>External: Fetch status-list credential
        External-->>Verifier: Return status-list credential
        Verifier-->>API: Return status-list credential result
        API->>Cache: Store status-list credential (24h TTL)
    end
    API->>Verifier: Verify VC schema/signature and check status using status-list credential
    Verifier-->>API: Return isSchemaAndSignatureValid, isExpired, statusChecks
    API->>DB: Optionally update `status_checks` and `status_last_checked_at`
    API-->>Client: Respond with VC(s) + status fields
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • swatigoel

Poem

I hop through schemas, flags held high, 🐰
Caching lists beneath the sky,
I check a VC with careful glance,
Update the records, skip and dance,
A rabbit's nod to verification nigh.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title directly corresponds to the main addition: a technical design document for VC status checks. It is concise, clear, and accurately summarizes the primary change.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🤖 Fix all issues with AI agents
In `@docs/VCStatusCheckDesign.md`:
- Line 300: The NOT NULL constraint on the status_last_checked_at column will
block inserting newly created credentials before an async status check; update
the schema or docs so insertion succeeds by either making status_last_checked_at
nullable or assigning a sensible default (e.g., set status_last_checked_at =
created_at) during credential creation, and clearly document the chosen behavior
in the VCStatusCheckDesign.md (referencing status_last_checked_at and the
credential creation flow/Flow 3) so implementers know whether the check is async
and when the column is populated.
- Line 66: The doc shows inconsistent lastCheckedAt semantics: Flow 1 sets
lastCheckedAt to the cache creation time while Flow 2 sets it to the current
time; pick a single authoritative behavior (either always set lastCheckedAt to
the actual check time or always use the cache creation timestamp) and update the
design text to standardize it (or explicitly document the intentional
difference). Update the sections referencing lastCheckedAt (the Flow 1
description that ties it to "cache creation time" and the Flow 2 description
that sets it to "current time") so both flows use the chosen convention and add
a brief note explaining the rationale and any impact on cache staleness or
auditability.
- Around line 341-345: The field naming is inconsistent: update the data class
CredentialStatusResult to reflect that multiple status list credentials may be
returned by renaming statusListCredential to statusListCredentials and changing
its type to List<JsonLDObject>? (or MutableList/Sequence as appropriate), then
update all references, usages and documentation (design text lines mentioning
"status list credential(s)" and "status list credential cache") to use the
plural name and iterate over the list where multiple lists are expected so
callers handle zero/one/many uniformly; alternatively, if you intend a
single-entry result, adjust the design text to explicitly state it's only one
credential and keep the singular name across code and docs.
- Line 297: The is_expired column should not be nullable: change the schema for
is_expired to NOT NULL with a sensible default (e.g., DEFAULT FALSE) and add a
migration to backfill existing NULL values (compute expiration from the
credential's expires_at or set FALSE if unknown); update any code paths that
create or refresh credentials to explicitly compute and set is_expired based on
current time and the credential expiry field so it remains deterministic;
alternatively, if NULL must be preserved for a documented state, add
documentation explaining exactly when is_expired can be NULL instead of changing
the schema.
- Around line 302-305: The migration currently sets
verifiable_credential.is_schema_signature_valid = true and
status_last_checked_at = now() for all rows which misrepresents unverified
credentials; change the migration to initialize is_schema_signature_valid to
NULL (or add a new enum/status value like "not_yet_verified") and set
status_last_checked_at = NULL, enqueue all credential IDs for asynchronous
verification via the existing status-check worker (or create a background job)
to update is_schema_signature_valid and status_last_checked_at when verified,
and update docs/UI to surface the "not_yet_verified" state so users know which
credentials have not been verified yet.
- Around line 155-162: The sequence diagram's Flow 3 contradictorily returns an
error and then proceeds to store the credential and show a success—fix by
treating "status list not applicable" as a normal (non-error) path: remove the
error-return and user-error steps (the lines where "Mimoto-->>InjiWeb: return
error" and "InjiWeb-->User: Show error message to the user") so the flow remains
Mimoto->>Database: Store credential (verifiable_credential table) ->
Database-->>Mimoto: Acknowledgement -> Mimoto-->>InjiWeb: Success ->
InjiWeb-->User: Show success message; ensure only the success branch stores the
credential and not the error branch.
🧹 Nitpick comments (5)
docs/VCStatusCheckDesign.md (5)

15-17: Clarify the cache availability requirement and its implications.

The design states that if the status list cache is missing or partially available, the status check will be skipped. Consider documenting:

  • What happens to the user experience when status checks are skipped?
  • Should there be a background job to populate missing cache entries?
  • How will users be informed that their credential status wasn't verified?

16-16: Clarify the "minimum time" logic for multiple status lists.

The statement "if there are multiple list involved then minimum time will be updated in the database" is ambiguous. Consider clarifying:

  • Why is the minimum time chosen rather than the maximum or the time of the most recent check?
  • Could this lead to confusion where lastCheckedAt doesn't reflect when some status lists were actually verified?

320-346: Clarify why statusListCredential is null when using cache.

Line 347 states: "The new field will be null when status list credential is fetched from cache or if its not applicable for the credential."

However, when the status list credential is fetched from cache, the actual credential data is available in the cache. Why not return it in CredentialStatusResult? This would:

  • Provide consistency regardless of cache hits/misses
  • Allow callers to access the status list credential without additional cache lookups
  • Simplify downstream logic

If there's a specific reason for this design choice (e.g., performance, avoiding duplication), please document it in the design.


318-318: Document the rationale for 24-hour cache TTL.

A 24-hour TTL for revocation status seems long from a security perspective, as credentials could remain accessible for up to a day after being revoked. While this may be acceptable for performance reasons, consider:

  • Documenting the security vs. performance trade-off
  • Noting whether this aligns with industry standards for VC status checking
  • Clarifying whether this TTL is appropriate for all status purposes (revocation, suspension, etc.)

9-9: Address documentation formatting issues.

Static analysis tools have identified minor formatting issues:

  1. Line 9: "High level" should be hyphenated as "high-level" when used as an adjective
  2. Line 5: Heading level jumps from h1 to h3, skipping h2 (should use ## instead of ###)
  3. Line 314: Bare URL should be enclosed in angle brackets or proper markdown link syntax

These are minor documentation quality issues that improve readability.

📝 Proposed formatting fixes
-### Overview
+## Overview

-### High level user flow
+### High-level user flow

-- **Value**:
-  - `statusListCredential`: The actual bitstring retrieved from the status list credential
+- **Value**:
+  - `statusListCredential`: The actual bitstring retrieved from the status list credential (e.g., <https://injicertify-farmer.dev-int-inji.mosip.net/v1/certify/credentials/status-list/a7b3ac9a-861a-4fa3-9c85-27e79d35fad3>)

Also applies to: 5-5, 314-314

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84f1790 and d96b961.

📒 Files selected for processing (1)
  • docs/VCStatusCheckDesign.md
🧰 Additional context used
🪛 LanguageTool
docs/VCStatusCheckDesign.md

[grammar] ~9-~9: Use a hyphen to join words.
Context: ...rent status of the credential. ### High level user flow #### Flow : User lands ...

(QB_NEW_EN_HYPHEN)

🪛 markdownlint-cli2 (0.18.1)
docs/VCStatusCheckDesign.md

5-5: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)


314-314: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build-maven-apitest-mimoto / maven-build

✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.

Comment thread docs/VCStatusCheckDesign.md
Comment thread docs/VCStatusCheckDesign.md
Comment thread docs/VCStatusCheckDesign.md Outdated
Comment thread docs/VCStatusCheckDesign.md
Comment thread docs/VCStatusCheckDesign.md
Comment thread docs/VCStatusCheckDesign.md
jackjain and others added 10 commits January 16, 2026 08:07
Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
…n deployment scripts and docker image version updates (inji#1070)

* [INJIWEB-1883] Add placeholder db script files, helm chart versions for deployment and update images used in the docker-compose

Signed-off-by: jackjain <jackjain1995@gmail.com>

* [INJIWEB-1883] Update chart version to 1.5.0 for mimoto-apitrstrig

Signed-off-by: jackjain <jackjain1995@gmail.com>

---------

Signed-off-by: jackjain <jackjain1995@gmail.com>
… hostname and port (inji#1071)

Signed-off-by: jackjain <jackjain1995@gmail.com>
Signed-off-by: Nitin Hegde <nitin.k@cyberpwn.com>
Signed-off-by: Nitin Hegde <165893206+hegdenitin@users.noreply.github.com>
Signed-off-by: Rudhhi Shah <rudhhi.shah@thoughtworks.com>
…nji#1086)

* fix(issuers-config): Revert Issuers V1 Endpoint attributes

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

* fix(issuers-config): Revert Issuers V1 Endpoint attributes in release

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>

---------

Signed-off-by: Durgesh Konga <kongadurgesh20@gmail.com>
Signed-off-by: Prafulrakhade <prafulrakhade02@gmail.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@deploy/mimoto/keygen-mimoto.yaml`:
- Around line 7-10: The environment variable INJI_MIMOTO_DATABASE_HOSTNAME in
the keygen deployment defaults is set to a misspelled hostname
("postgres-postresql.postgres"); update the value to match the correct sibling
hostname ("postgres-postgresql.postgres") so the deployment uses the correct DB
service name—locate the INJI_MIMOTO_DATABASE_HOSTNAME entry in the
keygen-mimoto.yaml and correct the hostname string accordingly.

In `@docs/GoogleOauth2LoginIntegration.md`:
- Around line 145-146: The property name "googleIdToken" is Google-specific and
may confuse users switching identity providers; update the docs and any
references to use a provider-agnostic name like "idpTokenEndpoint" (or
explicitly state that "googleIdToken" is used for all providers) by renaming the
property in the Global Properties section and adjusting all mentions/examples to
"idpTokenEndpoint" (or add a clear note next to "googleIdToken" explaining its
provider-agnostic use) so the configuration is unambiguous.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7caab332-adfb-47fa-ad7f-2391407318a8

📥 Commits

Reviewing files that changed from the base of the PR and between e586ba6 and 95651d0.

📒 Files selected for processing (22)
  • api-test/README.md
  • api-test/pom.xml
  • db_scripts/init_values.yaml
  • db_upgrade_script/inji_mimoto/sql/0.21.0_to_0.22.0_rollback.sql
  • db_upgrade_script/inji_mimoto/sql/0.21.0_to_0.22.0_upgrade.sql
  • deploy/mimoto-apitestrig/install.sh
  • deploy/mimoto-apitestrig/values.yaml
  • deploy/mimoto/install.sh
  • deploy/mimoto/keygen-mimoto.yaml
  • deploy/mimoto/values.yaml
  • docker-compose/config/mimoto-issuers-config.json
  • docker-compose/docker-compose.yml
  • docs/GoogleOauth2LoginIntegration.md
  • docs/UserDataEncryptionWithPinBasedKey.md
  • docs/WalletUnlockProcess.md
  • helm/mimoto/Chart.yaml
  • helm/mimoto/values.yaml
  • partner-onboarder/install.sh
  • pom.xml
  • src/main/resources/application-default.properties
  • src/main/resources/application-local.properties
  • src/main/resources/mimoto-issuers-config.json
✅ Files skipped from review due to trivial changes (10)
  • db_scripts/init_values.yaml
  • deploy/mimoto/install.sh
  • partner-onboarder/install.sh
  • deploy/mimoto-apitestrig/install.sh
  • helm/mimoto/Chart.yaml
  • src/main/resources/mimoto-issuers-config.json
  • docs/WalletUnlockProcess.md
  • api-test/README.md
  • api-test/pom.xml
  • docker-compose/config/mimoto-issuers-config.json

Comment on lines +7 to 10
- name: INJI_MIMOTO_DATABASE_HOSTNAME
value: postgres-postresql.postgres
- name: MOSIP_MIMOTO_DATABASE_PORT
- name: INJI_MIMOTO_DATABASE_PORT
value: "5432"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Potential DB hostname typo in keygen env defaults (Line 8).

postgres-postresql.postgres appears misspelled and differs from the sibling deployment value (postgres-postgresql.postgres). If this default is ever used, DB connectivity will fail.

Suggested fix
-  - name: INJI_MIMOTO_DATABASE_HOSTNAME
-    value: postgres-postresql.postgres
+  - name: INJI_MIMOTO_DATABASE_HOSTNAME
+    value: postgres-postgresql.postgres
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: INJI_MIMOTO_DATABASE_HOSTNAME
value: postgres-postresql.postgres
- name: MOSIP_MIMOTO_DATABASE_PORT
- name: INJI_MIMOTO_DATABASE_PORT
value: "5432"
- name: INJI_MIMOTO_DATABASE_HOSTNAME
value: postgres-postgresql.postgres
- name: INJI_MIMOTO_DATABASE_PORT
value: "5432"
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@deploy/mimoto/keygen-mimoto.yaml` around lines 7 - 10, The environment
variable INJI_MIMOTO_DATABASE_HOSTNAME in the keygen deployment defaults is set
to a misspelled hostname ("postgres-postresql.postgres"); update the value to
match the correct sibling hostname ("postgres-postgresql.postgres") so the
deployment uses the correct DB service name—locate the
INJI_MIMOTO_DATABASE_HOSTNAME entry in the keygen-mimoto.yaml and correct the
hostname string accordingly.

Comment on lines +145 to +146
#### D. Global Properties (in `application.properties`)
* `googleIdToken` – Update this URL to point to the new provider's token endpoint

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Clarify the googleIdToken property naming for provider-agnostic context.

The property googleIdToken has a Google-specific name but is being used in a section that discusses switching to any identity provider. This could confuse implementers when configuring non-Google providers.

Consider either:

  1. Renaming the property to something provider-agnostic (e.g., idpTokenEndpoint), or
  2. Adding a note that despite the Google-specific name, this property is used for all providers.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@docs/GoogleOauth2LoginIntegration.md` around lines 145 - 146, The property
name "googleIdToken" is Google-specific and may confuse users switching identity
providers; update the docs and any references to use a provider-agnostic name
like "idpTokenEndpoint" (or explicitly state that "googleIdToken" is used for
all providers) by renaming the property in the Global Properties section and
adjusting all mentions/examples to "idpTokenEndpoint" (or add a clear note next
to "googleIdToken" explaining its provider-agnostic use) so the configuration is
unambiguous.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants