Skip to content

Installation

This article outlines the steps required to set up a local instance of the credential issuance service.

To issue verifiable credentials through the credential issuance service you must also create a credential configuration.

Before installing a credential issuance service instance you must:

  • Obtain a valid license for the Partisia Platform. Please book a call with us to obtain yours.
  • Have Docker installed on your machine
  • Be logged in to the gitlab registry to pull the images. This can be done by running the command: 
    docker login registry.gitlab.com
  • Have access to a Partisia Platform to use for testing. Our default configuration below uses Partisia Blockchain's testnet. Another option is to use your own Partisia Platform deployment. You can follow this guide on how to setup and run your deployment.

Configuring storage

The credential issuance service uses an instance of the Partisia Platform as its storage solution. It's role within My Data Activation is to hold information for each and every issuance session.

For more information on how to start Partisia Platform for storage see Configuring Storage.

Configuring the Credential issuance Service

To use the Docker image of the credential issuance service, a configuration file is required. This file handles all aspects of your credential issuance service instance configuration. Create a JSON file containing the necessary settings. The following example, referred to as server.json, can be used as a starting point for testing:

Example configuration file:
server.json
   {
     "port": 9201 // (1)!
     "baseUrl": "http://localhost:9201", // (2)!
     "authorizationServer": { // (3)!
       "baseUrl": "http://localhost:8083"
     },
     "issuer": { // (4)!
       "id": "0036098ee97ca46468f4c445216d594497d0298989",
       "privateKey": "MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCCO3C+zqJI11xnK3bnCoUZRZ2FpT/plNF/J5zTJZQ6I8A=="
     },
     "state": { // (5)!
       "baseUrl": "http://localhost:9432",
       "privateKey": "de0be2b33786f6b855308bb5284522726e70bb528776fc2c3e021ea90175ceb"
     }
   }
  1. REST endpoint port to access the service.
  2. The base url of the credential issuance service. This is required for the issuer to handle communication with the wallet
  3. Optional: authorization server used to issue OAuth tokens. If left empty, the issuance service will play the part of the authorization server.
  4. Configures information about the issuer.
    • id the issuers identifier on the registry
    • privateKey used to sign credentials
  5. Configuration of storage solution.
    • For more information see article on configuring storage.

The optional authorization server

The issuance protocol requires an OAuth2.0 authorization server to ensure that credentials are only issued to authorized holders. This authorization server must be able to support the Pre-authorized code flow.

if you don't want to set up your own OAuth2.0 server, the authorizationServer field of the server.json configuration file can be left out. If the field is not set, the issuance service will play the part of the authorization server during the issuance protocol.

Downloading and Running the docker image

We have to mount the config file into the container running the project. This can be done by running the following command:

docker run -d -p 9201:9201 -v PATH_TO_YOUR_SERVER.JSON:/conf/server.json registry.gitlab.com/secata/platform/did/did-issuer-backend:latest

Navigate to http://localhost:9201/openapi to start interacting with the credential issuance service.

You can interact with the credential issuance service by calling the different endpoints through the user interface. As an example you can create a new credential configuration.

What's next?

The credential issuance service is now configured to interact with wallets and issue credentials. To make the most of your credential issuance service setup, follow these actions based on your needs:

  1. Issuing a verifiable credential: To issue a verifiable credential to a wallet, you must first create a credential configuration.

  2. Integrating the credential issuance service with your application: To integrate your application and receive issued credentials for management, follow these steps.