Skip to content

Latest commit

 

History

History
48 lines (35 loc) · 3.25 KB

configure-loginstrategy.md

File metadata and controls

48 lines (35 loc) · 3.25 KB
Raw

Configuring LoginStrategy

LoginStrategy constructor expects the following parameters for initialisation :

  1. LoginStrategyOptions
  2. IssuerResolver
  3. RevokerResolver
  4. CredentialResolver
  5. verifyProof (method)

1. LoginStrategyOptions

LoginStrategy accepts number of attributes (optional and non-optional).

Attributes Allowed values use case
claimField string field name which holds the claim in request
rpcUrl string rpc url for the blockchain, ewc or volta
cacheServerUrl string ssi-hub url
privateKey string PrivateKey of the user
ensResolvers Resolver contract address, used to resolve RoleDefinition (RoleDefinitionREsolverV2 contract)
didContractAddress string DID Registry contract address (ERC1056)
ensRegistryAddress string ENS Contract address
ipfsUrl string IPFS Gateway
acceptedRoles string[] Roles needed to get authorised
includeAllRoles boolean If set to true, all holder's are required for authorisation
jwtSecret string Jwt secret required to encode response
jwtSignOptions
siweMessageUri string uri used in siwe message payload

Addresses for deployed contracts are exported by @energyweb/credential-governance. One can choose the addresses based on the chain they want to operate upon.

To be able to use LoginStrategy to authorise DIDs based on role credentials -

  • one can provide one of the two values - either flag includeAllRoles (verifies all the role credential issued to given DID) attribute to true
  • or provide set of acceptedRoles (DID needs to have atleast one of the metioned role credential issued to it) while initialising LoginStrategy. includeAllRoles will override acceptedRoles in case both values are provided.

Resolvers

LoginStrategy relies on IssuerVerification internally for verification of the roles credential.

In order to use LoginStrategy, one needs to intialise and provide :

  1. RoleIssuerResolver - Resolves issuer/s for a RoleDefinition.
  2. RoleRevokerResolver - Resolves revoker/s for a RoleDefinition.
  3. RoleCredentialResolver - Resolves credentials of a holder.

It is also possible to provide own implementation of these resolvers by implementing these Interfaces. The purpose of these resolvers are to resolve authorities responsible for issuance and revocation of these role credentials.