Skip to content
Merged
Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
b436c08
Update location and variability of template files
Gavinok Feb 4, 2025
51caf0f
Relocate templates and configure helm charts
Gavinok Feb 4, 2025
5a888c4
Improve config to now set template directory and overrides
Gavinok Feb 6, 2025
3c6974f
Remove default config files as they are already in image
Gavinok Feb 6, 2025
f5b2a01
Remove minikube settings
Gavinok Feb 6, 2025
6c6443e
Relocate docs to ConfigurationGuide.md
Gavinok Feb 7, 2025
f992e6d
Merge branch 'main' into user-defined-templates
Gavinok Feb 7, 2025
f678eb1
Correct /etc to /tmp for templates directory
Gavinok Feb 7, 2025
022e618
Minor corrections
Gavinok Feb 7, 2025
9eab049
remove tsconfig
Gavinok Feb 7, 2025
8d188a3
Merge branch 'main' into user-defined-templates
Gavinok Feb 10, 2025
af6d44a
Correct grammar and relocate /tmp/templates to /etc/templates
Gavinok Feb 10, 2025
7155e4a
Update repository image in helm charts
Gavinok Feb 11, 2025
52aea62
migrate /etc/templates to /etc/controller-config/templates
Gavinok Feb 11, 2025
01b70e3
Removed the need for mounting an empty configmap
Gavinok Feb 13, 2025
d90d88d
Removed htmlFileOverrides
Gavinok Feb 13, 2025
aa08d14
move to configmap name rather than manually entering from values
Gavinok Feb 18, 2025
8192ca0
Merge branch 'main' into user-defined-templates
Gavinok Feb 18, 2025
5cee75e
Correct the missing customHtmlConfigMapName comments
Gavinok Feb 18, 2025
e80e918
Update docs/ConfigurationGuide.md
Gavinok Feb 19, 2025
31eb720
Merge branch 'main' into user-defined-templates
Gavinok Feb 19, 2025
abaa448
apply esun's doc suggestions
Gavinok Feb 19, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -337,3 +337,4 @@ oidc-controller/static/
oidc-controller/signing-keys/

wallet.txt
/charts/vc-authn-oidc/charts/.helm_ls_cache/
8 changes: 7 additions & 1 deletion charts/vc-authn-oidc/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,10 @@ data:
sessiontimeout.json: |
{{ .Values.controller.sessionTimeout.config | toJson }}
user_variable_substitution.py: |
{{ .Values.controller.userVariableSubsitution | nindent 4 }}
{{ .Values.controller.userVariableSubsitution | nindent 4 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "global.fullname" . }}-template-overrides
data:
9 changes: 9 additions & 0 deletions charts/vc-authn-oidc/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ spec:
- name: controller-config
configMap:
name: {{ include "global.fullname" . }}-controller-config
- name: controller-templates
projected:
sources:
- configMap:
name: {{ include "global.fullname" . }}-template-overrides
containers:
- name: {{ .Chart.Name }}
securityContext:
Expand Down Expand Up @@ -76,6 +81,8 @@ spec:
value: /etc/controller-config/user_variable_substitution.py
- name: CONTROLLER_PRESENTATION_CLEANUP_TIME
value: {{ .Values.controller.sessionTimeout.duration | quote }}
- name: CONTROLLER_TEMPLATE_DIR
value: {{ .Values.controller.templateDirectory | quote }}
- name: ACAPY_AGENT_URL
value: {{ include "acapy.agent.url" . }}
- name: ACAPY_ADMIN_URL
Expand Down Expand Up @@ -134,6 +141,8 @@ spec:
mountPath: /opt/token
- name: controller-config
mountPath: /etc/controller-config
- name: controller-templates
mountPath: {{ .Values.controller.templateDirectory }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
1 change: 1 addition & 0 deletions charts/vc-authn-oidc/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ controller:
- expired
- failed
- abandoned
templateDirectory: /tmp/templates
userVariableSubsitution: |-
# This is a default placeholder Python file
# Add any extensions to user variables here. Example below:
Expand Down
3 changes: 2 additions & 1 deletion docker/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ services:
- CONTROLLER_PRESENTATION_CLEANUP_TIME=${CONTROLLER_PRESENTATION_CLEANUP_TIME}
- CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE=${CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE}
- CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE=${CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE}
- CONTROLLER_TEMPLATE_DIR=${CONTROLLER_TEMPLATE_DIR}
- ACAPY_TENANCY=${AGENT_TENANT_MODE}
- ACAPY_AGENT_URL=${AGENT_ENDPOINT}
- ACAPY_ADMIN_URL=${AGENT_ADMIN_URL}
Expand All @@ -44,8 +45,8 @@ services:
- 5678:5678
volumes:
- ../oidc-controller:/app:rw
- ./oidc-controller/config/sessiontimeout.json:/etc/controller-config/sessiontimeout.json
- ./oidc-controller/config/user_variable_substitution.py:/etc/controller-config/user_variable_substitution.py
- ./oidc-controller/config/sessiontimeout.json:/etc/controller-config/sessiontimeout.json
networks:
- vc_auth

Expand Down
3 changes: 3 additions & 0 deletions docker/manage
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,9 @@ configureEnvironment() {
# Extend Variable Substitutions
export CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE="/etc/controller-config/user_variable_substitution.py"

# template configuration
export CONTROLLER_TEMPLATE_DIR="/tmp/templates"

#controller app settings
export INVITATION_LABEL=${INVITATION_LABEL:-"VC-AuthN"}
export SET_NON_REVOKED="True"
Expand Down
1 change: 1 addition & 0 deletions docker/oidc-controller/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ COPY pyproject.toml poetry.lock README.md ./
RUN poetry install --only main

COPY ./oidc-controller .
COPY ./html-templates /tmp/templates

EXPOSE 5000

Expand Down
43 changes: 43 additions & 0 deletions docs/ConfigurationGuide.md
Original file line number Diff line number Diff line change
Expand Up @@ -164,3 +164,46 @@ After loading the python file during the service startup each new user
defined variable is logged for confirmation. Any failures to load
these changes will be logged. If no new definitions are found
indication of this will also be logged

# User Customized QR Page

## ConfigMap Based Overrides

By default the QR page shown to users uses OpenWallet branding users
are capable of overriding any of these files using the
`{{ include "global.fullname" . }}-template-overrides`
[ConfigMap](../charts/vc-authn-oidc/templates/configmap.yaml) in the
in the helm charts. These files will override the existing files seen
in [html-templates](../html-templates/).

## Complete Directory Overrides

In addition to allow for more flexibility users are welcome to build
an image based on `ghcr.io/bcgov/vc-authn-oidc` mounting their a
complete directory with new assets.

To inform the oidc controller of this new directory update
[.Values.controller.templateDirectory](../charts/vc-authn-oidc/values.yaml)
to the location of this new directory

## HTML Template Formats

The HTML templates use [Jinja2](https://pypi.org/project/Jinja2/) to
insert the necessary information from the oidc controller.

The provided template sections are

- image_contents: a base64 encoded image used as the QR code
- url_to_message: URL the QR code points to
- callback_url: URL used when verification is complete
- pres_exch_id: id of the presentation exchange for this authsession
- pid: auth_session id
- controller_host: URL pointing to this controller
- challenge_poll_uri: URL used for polling the authsessions state
- wallet_deep_link: deep link used to integrate with bcwallet for mobile users
- title: Title of the current proof request
- claims: List of claims requested in this proof request

For more information please see
[oidc.py](../oidc-controller/api/routers/oidc.py) and
[verified_credentials.html](../html-templates/verified_credentials.html)
1 change: 1 addition & 0 deletions docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,7 @@ If no file is found no auth session cleanup is applied. If this config file is c

The environment variable `CONTROLLER_PRESENTATION_CLEANUP_TIME` determined the frequency at which these sessions are deleted. It's value should contain an integer indicating the number of seconds each session will remain. By default it is set to `86400` (one day).


## Un-Answered questions

- SIOP instead of DIDComm for the requests between the RP and IW?
Expand Down
3 changes: 3 additions & 0 deletions oidc-controller/api/core/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,9 @@ class GlobalConfig(BaseSettings):
CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE: str | None = os.environ.get(
"CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE"
)
CONTROLLER_TEMPLATE_DIR: str = os.environ.get(
"CONTROLLER_TEMPLATE_DIR", "/tmp/templates"
)
model_config = ConfigDict(case_sensitive=True)


Expand Down
6 changes: 5 additions & 1 deletion oidc-controller/api/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,11 @@ def get_application() -> FastAPI:
app = get_application()

# Serve static assets for the frontend
app.mount("/static", StaticFiles(directory="api/templates/assets"), name="static")
app.mount(
"/static",
StaticFiles(directory=(settings.CONTROLLER_TEMPLATE_DIR + "/assets")),
name="static",
)

# Include routers
app.include_router(ver_configs_router, prefix="/ver_configs", tags=["ver_configs"])
Expand Down
4 changes: 3 additions & 1 deletion oidc-controller/api/routers/oidc.py
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,9 @@ async def get_authorize(request: Request, db: Database = Depends(get_db)):
}

# Prepare the template
template_file = open("api/templates/verified_credentials.html", "r").read()
template_file = open(
settings.CONTROLLER_TEMPLATE_DIR + "/verified_credentials.html", "r"
).read()
template = Template(template_file)

# Render and return the template
Expand Down
3 changes: 2 additions & 1 deletion oidc-controller/api/routers/presentation_request.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ async def send_connectionless_proof_req(
response = RedirectResponse(settings.CONTROLLER_CAMERA_REDIRECT_URL)
else:
template_file = open(
f"api/templates/{settings.CONTROLLER_CAMERA_REDIRECT_URL}.html", "r"
f"{settings.CONTROLLER_TEMPLATE_DIR}/{settings.CONTROLLER_CAMERA_REDIRECT_URL}.html",
"r",
).read()

auth_session: AuthSession = await AuthSessionCRUD(db).get_by_pres_exch_id(
Expand Down
Empty file.
5 changes: 4 additions & 1 deletion oidc-controller/api/verificationConfigs/router.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from ..core.auth import get_api_key
from ..core.models import GenericErrorMessage, StatusMessage
from ..db.session import get_db
from ..core.config import settings

router = APIRouter()

Expand Down Expand Up @@ -49,7 +50,9 @@ async def get_proof_request_explorer(db: Database = Depends(get_db)):
data = {
"title": "Presentation Request Explorer",
}
template_file = open("api/templates/ver_config_explorer.html", "r").read()
template_file = open(
settings.CONTROLLER_TEMPLATE_DIR + "/ver_config_explorer.html", "r"
).read()
template = Template(template_file)
# get all from VerificationConfigCRUD and add to the jinja template
ver_configs = await VerificationConfigCRUD(db).get_all()
Expand Down