User defined templates

.gitignore

@@ -337,3 +337,4 @@ oidc-controller/static/
 oidc-controller/signing-keys/
 
 wallet.txt
+/charts/vc-authn-oidc/charts/.helm_ls_cache/

charts/vc-authn-oidc/templates/configmap.yaml

@@ -7,4 +7,10 @@ data:
   sessiontimeout.json: |
     {{ .Values.controller.sessionTimeout.config | toJson }}
   user_variable_substitution.py: |
-    {{ .Values.controller.userVariableSubsitution | nindent 4 }}
+    {{ .Values.controller.userVariableSubsitution | nindent 4 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "global.fullname" . }}-template-overrides
+data:

charts/vc-authn-oidc/templates/deployment.yaml

@@ -39,6 +39,11 @@ spec:
         - name: controller-config
           configMap:
             name: {{ include "global.fullname" . }}-controller-config
+        - name: controller-templates
+          projected:
+            sources:
+              - configMap:
+                  name: {{ include "global.fullname" . }}-template-overrides
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -76,6 +81,8 @@ spec:
               value: /etc/controller-config/user_variable_substitution.py
             - name: CONTROLLER_PRESENTATION_CLEANUP_TIME
               value: {{ .Values.controller.sessionTimeout.duration | quote }}
+            - name: CONTROLLER_TEMPLATE_DIR
+              value: {{ .Values.controller.templateDirectory | quote }}
             - name: ACAPY_AGENT_URL
               value: {{ include "acapy.agent.url" . }}
             - name: ACAPY_ADMIN_URL
@@ -134,6 +141,8 @@ spec:
               mountPath: /opt/token
             - name: controller-config
               mountPath: /etc/controller-config
+            - name: controller-templates
+              mountPath: {{ .Values.controller.templateDirectory }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/vc-authn-oidc/values.yaml

@@ -50,6 +50,7 @@ controller:
       - expired
       - failed
       - abandoned
+  templateDirectory: /tmp/templates
   userVariableSubsitution: |-
     # This is a default placeholder Python file 
     # Add any extensions to user variables here. Example below:

docker/docker-compose.yaml

@@ -27,6 +27,7 @@ services:
       - CONTROLLER_PRESENTATION_CLEANUP_TIME=${CONTROLLER_PRESENTATION_CLEANUP_TIME}
       - CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE=${CONTROLLER_SESSION_TIMEOUT_CONFIG_FILE}
       - CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE=${CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE}
+      - CONTROLLER_TEMPLATE_DIR=${CONTROLLER_TEMPLATE_DIR}
       - ACAPY_TENANCY=${AGENT_TENANT_MODE}
       - ACAPY_AGENT_URL=${AGENT_ENDPOINT}
       - ACAPY_ADMIN_URL=${AGENT_ADMIN_URL}
@@ -44,8 +45,8 @@ services:
       - 5678:5678
     volumes:
       - ../oidc-controller:/app:rw
-      - ./oidc-controller/config/sessiontimeout.json:/etc/controller-config/sessiontimeout.json
       - ./oidc-controller/config/user_variable_substitution.py:/etc/controller-config/user_variable_substitution.py
+      - ./oidc-controller/config/sessiontimeout.json:/etc/controller-config/sessiontimeout.json
     networks:
       - vc_auth
 

docker/manage

@@ -182,6 +182,9 @@ configureEnvironment() {
   # Extend Variable Substitutions
   export CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE="/etc/controller-config/user_variable_substitution.py"
 
+  # template configuration
+  export CONTROLLER_TEMPLATE_DIR="/tmp/templates"
+
   #controller app settings
   export INVITATION_LABEL=${INVITATION_LABEL:-"VC-AuthN"}
   export SET_NON_REVOKED="True"

docker/oidc-controller/Dockerfile

@@ -9,6 +9,7 @@ COPY pyproject.toml poetry.lock README.md ./
 RUN poetry install --only main
 
 COPY ./oidc-controller .
+COPY ./html-templates /tmp/templates
 
 EXPOSE 5000
 

docs/ConfigurationGuide.md

@@ -164,3 +164,46 @@ After loading the python file during the service startup each new user
 defined variable is logged for confirmation. Any failures to load
 these changes will be logged. If no new definitions are found
 indication of this will also be logged
+
+# User Customized QR Page
+
+## ConfigMap Based Overrides
+
+By default the QR page shown to users uses OpenWallet branding users
+are capable of overriding any of these files using the
+`{{ include "global.fullname" . }}-template-overrides`
+[ConfigMap](../charts/vc-authn-oidc/templates/configmap.yaml) in the
+in the helm charts. These files will override the existing files seen
+in [html-templates](../html-templates/).
+
+## Complete Directory Overrides
+
+In addition to allow for more flexibility users are welcome to build
+an image based on `ghcr.io/bcgov/vc-authn-oidc` mounting their a
+complete directory with new assets.
+
+To inform the oidc controller of this new directory update
+[.Values.controller.templateDirectory](../charts/vc-authn-oidc/values.yaml)
+to the location of this new directory
+
+## HTML Template Formats
+
+The HTML templates use [Jinja2](https://pypi.org/project/Jinja2/) to
+insert the necessary information from the oidc controller.
+
+The provided template sections are
+
+- image_contents: a base64 encoded image used as the QR code
+- url_to_message: URL the QR code points to
+- callback_url: URL used when verification is complete
+- pres_exch_id: id of the presentation exchange for this authsession
+- pid: auth_session id 
+- controller_host: URL pointing to this controller
+- challenge_poll_uri: URL used for polling the authsessions state
+- wallet_deep_link: deep link used to integrate with bcwallet for mobile users
+- title: Title of the current proof request
+- claims: List of claims requested in this proof request
+
+For more information please see
+[oidc.py](../oidc-controller/api/routers/oidc.py) and
+[verified_credentials.html](../html-templates/verified_credentials.html)

docs/README.md

@@ -372,6 +372,7 @@ If no file is found no auth session cleanup is applied. If this config file is c
 
 The environment variable `CONTROLLER_PRESENTATION_CLEANUP_TIME` determined the frequency at which these sessions are deleted. It's value should contain an integer indicating the number of seconds each session will remain. By default it is set to `86400` (one day).
 
+
 ## Un-Answered questions
 
 - SIOP instead of DIDComm for the requests between the RP and IW?

oidc-controller/api/core/config.py

@@ -233,6 +233,9 @@ class GlobalConfig(BaseSettings):
     CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE: str | None = os.environ.get(
         "CONTROLLER_VARIABLE_SUBSTITUTION_OVERRIDE"
     )
+    CONTROLLER_TEMPLATE_DIR: str = os.environ.get(
+        "CONTROLLER_TEMPLATE_DIR", "/tmp/templates"
+    )
     model_config = ConfigDict(case_sensitive=True)
 
 

oidc-controller/api/main.py

@@ -47,7 +47,11 @@ def get_application() -> FastAPI:
 app = get_application()
 
 # Serve static assets for the frontend
-app.mount("/static", StaticFiles(directory="api/templates/assets"), name="static")
+app.mount(
+    "/static",
+    StaticFiles(directory=(settings.CONTROLLER_TEMPLATE_DIR + "/assets")),
+    name="static",
+)
 
 # Include routers
 app.include_router(ver_configs_router, prefix="/ver_configs", tags=["ver_configs"])

oidc-controller/api/routers/oidc.py

@@ -223,7 +223,9 @@ async def get_authorize(request: Request, db: Database = Depends(get_db)):
     }
 
     # Prepare the template
-    template_file = open("api/templates/verified_credentials.html", "r").read()
+    template_file = open(
+        settings.CONTROLLER_TEMPLATE_DIR + "/verified_credentials.html", "r"
+    ).read()
     template = Template(template_file)
 
     # Render and return the template

oidc-controller/api/routers/presentation_request.py

@@ -31,7 +31,8 @@ async def send_connectionless_proof_req(
         response = RedirectResponse(settings.CONTROLLER_CAMERA_REDIRECT_URL)
     else:
         template_file = open(
-            f"api/templates/{settings.CONTROLLER_CAMERA_REDIRECT_URL}.html", "r"
+            f"{settings.CONTROLLER_TEMPLATE_DIR}/{settings.CONTROLLER_CAMERA_REDIRECT_URL}.html",
+            "r",
         ).read()
 
         auth_session: AuthSession = await AuthSessionCRUD(db).get_by_pres_exch_id(

oidc-controller/api/verificationConfigs/router.py

@@ -14,6 +14,7 @@
 from ..core.auth import get_api_key
 from ..core.models import GenericErrorMessage, StatusMessage
 from ..db.session import get_db
+from ..core.config import settings
 
 router = APIRouter()
 
@@ -49,7 +50,9 @@ async def get_proof_request_explorer(db: Database = Depends(get_db)):
     data = {
         "title": "Presentation Request Explorer",
     }
-    template_file = open("api/templates/ver_config_explorer.html", "r").read()
+    template_file = open(
+        settings.CONTROLLER_TEMPLATE_DIR + "/ver_config_explorer.html", "r"
+    ).read()
     template = Template(template_file)
     #  get all from VerificationConfigCRUD and add to the jinja template
     ver_configs = await VerificationConfigCRUD(db).get_all()