Demo agent setup
Table of contents
Example Demo Agent Configuration Guide
Welcome to the agent setup guide. This document will walk you through configuring your agent module by leveraging the settings defined in your .env file. Specifically, the
CONF_PATH property in your .env file dictates where the agent retrieves its configuration from.
Be aware that this agent configuration is for demo purposes only. The expectation is that you create the code around the agent yourself, or integrate the agent in your own application.
The agent code being used in this README is available in the following repository: https://github.com/Sphereon-Opensource/web-wallet
Configuration Directory Structure
Within your packages/agent/conf directory, navigate to the examples subfolder. Here, you will find six key directories, each integral to the agent’s configuration:
1. dids
This directory is designated for storing Decentralized Identifiers (DIDs) documents. These DID documents will be used throughout or oid4vci and oid4vp/siop process. An example using did:jwk can be found here
2. oid4vci_metadata
In this folder, you’ll find JSON files that detail the metadata required by the VCI specification and
some values that are essential for configuring this agent. Following is a table of values that should be set for a json file inside oid4vci_metadata:
Be aware that each file you put in this directory represents an actual exposed separate credential issuer instance. There is a distinction between OID4VCI issuer metadata and OAuth2 Authorization server metadata files. You need both typically unless you are using an external Authorization Server.
Example OID4VCI metadata can be found here and OAuth2 Authorization Server metadata here
| Variable | Sub-Variable | Description |
|---|---|---|
correlationId | This value maps different configuration files onto the same internal issuer or verifier. So a correlationId between an options file and for instance a metadata file end up in the same issuer/verifier instance and DB. | |
metadataType | ”issuer” for VCI Issuer metadata, “authorizationServer”, for internal OAuth2 authorization server metadata support. | |
overwriteExisting | Determines whether to replace existing OID4VCI metadata stored in the database with new values coming from the metadata configuration file. | |
metadata | Contains configuration details and specifications for credential issuance. | |
credential_issuer | The Credential Issuer’s identifier. | |
credential_endpoint | URL of the Credential Issuer’s Credential Endpoint. This URL MUST use the https scheme and MAY contain port, path and query parameter components. | |
display | (optional) An array of objects, where each object contains display properties of a Credential Issuer for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included: name (optional) string and locale (optional) string | |
credentials_supported | A JSON array containing a list of JSON objects, each of them representing metadata about a separate credential type that the Credential Issuer can issue. The JSON objects in the array MUST conform to the structure of the OID4VCI spec. | |
credential_supplier_config | Configuration settings for the provider of the credentials. |
3. oid4vci_options
This is the directory where custom OID4VCI options are maintained. An example can be found here
| Variable | Sub-Variable | Description |
|---|---|---|
definitionId | Unique identifier for the credential definition. | |
correlationId | This value maps different configuration files onto the same internal issuer or verifier. So a correlationId between an options file and for instance a metadata file end up in the same issuer/verifier instance and DB. | |
overwriteExisting | (optional) Boolean flag indicating whether existing storage should be overwritten. Defaults to true | |
ttl | (optional) A number how long to store the value in milliseconds. If not provided will be stored indefinitely | |
storeId | (optional) String specifying the store identifier for using different storage solutions side by side. | |
namespace | (optional) Namespace for the current instance. | |
issuerOpts | Object containing configuration details and options for credential issuance. | |
didOpts | Options related to the Decentralized Identifier (DID) of the issuer. | |
userPinRequired | (optional) Boolean indicating if a user PIN is required for operations. | |
cNonceExpiresIn | (optional) Number specifying the expiration time for the client nonce in the issuance process. |
4. oid4vp_options
Here, you will store configuration files related to OpenID for Verifiable Presentations (OID4VP). Be aware that any configuration file in this directory represents an individual Relying Party instance. Also be aware that a single Relying Party can host multiple Presentation definitions at the same time.
| Variable | Sub-Variable | Description |
|---|---|---|
definitionId | Unique identifier associated with a specific credential definition. | |
rpOpts | Configuration options for the Relying Party (RP). | |
responseMode | (optional) Specifies the method that the RP uses to receive the response from the OpenID Provider. | |
supportedVersions | (optional) Lists the versions supported by the RP. | |
sessionManager | (optional) An instance of IRPSessionManager from Sphereon’s SIOP-OID4VP library managing session state. | |
expiresIn | (optional) Defines the duration after which the RP’s request or session should expire. | |
eventEmitter | (optional) An object used to handle events, enabling asynchronous event-driven programming. | |
didOpts | Options related to the Decentralized Identifier (DID) of the verifier. |
5. presentation_definitions
The content of this directory is essential for defining how the agent understands and processes presentation requests. This is only applied if your demo application is asking the user for their VerifiableCredential(s) from the wallet. For an in-depth explanation of presentation_definition, refer to the Presentation Exchange Documentation. To understand its role in the context of the OID4VP specification, please consult the provided link.
6. templates
This directory features templates designed to dynamically create Verifiable Credentials. We use Handlebars to fill the templates with data received from the demo application. Ensure that your form configuration/ requested VerifiableCredential (in above section) provides the necessary data for this process. Examples within this directory illustrate how to implement this approach. Below is one such example:
Each directory plays a critical role in the configuration of the agent and the successful deployment of the verifiable credential issuance ecosystem within your application. It is essential to carefully craft the contents of these directories in alignment with your specific use cases and the standards of the decentralized identity space.
.env variables
Your .env.local file should contain the following variables with values tailored to your setup:
| Variable | Description |
|---|---|
NODE_ENV | Defines the running environment of the application, typically development, production, or local. |
HOSTNAME | Specifies the hostname or IP address for the application, used mainly for constructing callback URLs and server binding. |
PORT | Determines the port on which the application will listen for incoming requests. |
COOKIE_SIGNING_KEY | Secret key for signing cookies, ensuring session security. |
DB_TYPE (required) | The DB type supported. Either sqlite or postgres |
DB_CONNECTION_NAME | Identifies the database connection within multi-database setups. |
DB_SQLITE_FILE | Path to the SQLite database file if using SQLite. |
DB_ENCRYPTION_KEY | Key for encrypting database contents. |
OID4VP_ENABLED | Boolean value for enabling OpenID for Verifiable Presentations (OID4VP). |
OID4VP_WEBAPP_BASE_URI | Base URI for the web application managing OID4VP. |
OID4VP_AGENT_BASE_URI | Base URI for the agent’s API endpoints handling OID4VP. |
AUTH_REQUEST_EXPIRES_AFTER_SEC | Time in seconds before an authentication request expires. |
OID4VCI_ENABLED | Boolean to activate OpenID for Verifiable Credentials Issuance (OID4VCI). |
CONF_PATH | Path to the agent’s configuration files, detailed above. |
UNIVERSAL_RESOLVER_RESOLVE_URL | Endpoint URL for the universal resolver service for resolving DIDs. |
Note: If you intend to access the agent through a mobile device, ensure that you do not use localhost or 127.0.0.1. Instead, use a local IP address that is reachable from
your mobile device within the same network.
Starting the agent
To start your agent:
- Create the above-mentioned folders at the location specified by
CONF_PATHin your.envor.env.localfile. - Populate the folders with your specific configurations, such as credential metadata and presentation definitions.
- Launch your agent using either
start:devfor development orstart:prodfor production environments.