feat: add /v1/configurations/credential_configurations endpoint (#83)

* feat: add Metadata `config.yml` file

* test: fix "id_token" tests

* style: rename `CredentialsSupportedCreated` to `CredentialConfigurationCreated`

* feat: add `/v1/configurations/credential_configurations` endpoint

* fix: ensure that batch credentials is still disabled

* test: add `/v1/configurations/credential_configurations` to Postman collection

* docs: update changelog

* docs: deprecate `AGENT_ISSUANCE_CREDENTIAL_NAME` and `AGENT_ISSUANCE_CREDENTIAL_LOGO_URL`

* feat: add Metadata `config.yml` file

* test: fix "id_token" tests

* chore: remove unused import

* fix: minor improvements

* chore: remove unnecessary `vec![]`

Author: nanderstabel

.env.example

@@ -3,8 +3,6 @@ AGENT_CONFIG_EVENT_STORE=postgres
 AGENT_APPLICATION_URL=https://my-domain.example.org
 AGENT_CONFIG_URL=https://my-domain.example.org
 AGENT_APPLICATION_ENABLE_CORS=false
-AGENT_ISSUANCE_CREDENTIAL_NAME="Demo Credential"
-AGENT_ISSUANCE_CREDENTIAL_LOGO_URL=https://my-domain.example.org/credential_logo.png
 AGENT_SECRET_MANAGER_STRONGHOLD_PATH="test.stronghold"
 AGENT_SECRET_MANAGER_STRONGHOLD_PASSWORD="secure_password"
 AGENT_SECRET_MANAGER_ISSUER_DID="did:key:z6Mkv5KkqNHuR6bPVT8fud3m9JaHBSEjEmiLp7HuGAwtbkk6"

CHANGELOG.md

@@ -1,3 +1,26 @@
+### 20-16-2024
+Deprecated the following environment variables:
+* `AGENT_ISSUANCE_CREDENTIAL_NAME`
+* `AGENT_ISSUANCE_CREDENTIAL_LOGO_URL`
+
+Both can now be dynamically configured through the `/v1/configurations/credential_configurations` endpoint. Example:
+```json
+// HTTP POST: /v1/configurations/credential_configurations
+{
+  "display": [{
+    "name": "Identity Credential", // <-- Credential Name
+        "locale": "en",
+        "logo": {
+          "url": "https://impierce.com/images/logo-blue.png", // <-- Credential Logo URL
+            "alt_text": "UniCore Logo"
+        }
+    }],
+    "credentialConfigurationId": ...,
+    "format": ...,
+    "credential_definition": ...
+}
+```
+
 ### 18-06-2024
 Deprecated the following environment variables, which can now be configured in the `agent_application/config.yml` file:
 * `AGENT_CONFIG_DEFAULT_DID_METHOD`: The first item in the `subject_syntax_types_supported` sequence will be used as the

agent_api_rest/postman/ssi-agent.postman_collection.json

@@ -6,6 +6,51 @@
 		"_exporter_id": "24972330"
 	},
 	"item": [
+		{
+			"name": "Configurations",
+			"item": [
+				{
+					"name": "credential_configurations",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									""
+								],
+								"type": "text/javascript",
+								"packages": {}
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"credentialConfigurationId\":\"{{CREDENTIAL_CONFIGURATION_ID}}\",\n    \"format\": \"jwt_vc_json\",\n    \"credential_definition\": {\n        \"type\": [\n            \"VerifiableCredential\"\n        ]\n    },\n    \"display\": [{\n        \"name\": \"Identity Credential\",\n        \"locale\": \"en\",\n        \"logo\": {\n            \"url\": \"https://impierce.com/images/logo-blue.png\",\n            \"alt_text\": \"UniCore Logo\"\n        }\n    }]\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{HOST}}/v1/configurations/credential_configurations",
+							"host": [
+								"{{HOST}}"
+							],
+							"path": [
+								"v1",
+								"configurations",
+								"credential_configurations"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
 		{
 			"name": "Issuance",
 			"item": [
@@ -553,6 +598,11 @@
 			"value": "http://192.168.1.127:3033",
 			"type": "string"
 		},
+		{
+			"key": "CREDENTIAL_CONFIGURATION_ID",
+			"value": "identity_credential",
+			"type": "string"
+		},
 		{
 			"key": "PRE_AUTHORIZED_CODE",
 			"value": "INITIAL_VALUE",

agent_api_rest/src/configurations/credential_configurations.rs

@@ -0,0 +1,191 @@
+use agent_issuance::{
+    server_config::{command::ServerConfigCommand, queries::ServerConfigView},
+    state::{IssuanceState, SERVER_CONFIG_ID},
+};
+use agent_shared::handlers::{command_handler, query_handler};
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+use oid4vci::{
+    credential_format_profiles::{CredentialFormats, WithParameters},
+    credential_issuer::credential_issuer_metadata::CredentialIssuerMetadata,
+};
+use serde::{Deserialize, Serialize};
+use serde_json::Value;
+use tracing::info;
+
+#[derive(Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct CredentialConfigurationsEndpointRequest {
+    pub credential_configuration_id: String,
+    #[serde(flatten)]
+    pub credential_format_with_parameters: CredentialFormats<WithParameters>,
+    #[serde(default)]
+    pub display: Vec<serde_json::Value>,
+}
+
+#[axum_macros::debug_handler]
+pub(crate) async fn credential_configurations(
+    State(state): State<IssuanceState>,
+    Json(payload): Json<Value>,
+) -> Response {
+    info!("Request Body: {}", payload);
+
+    let Ok(CredentialConfigurationsEndpointRequest {
+        credential_configuration_id,
+        credential_format_with_parameters,
+        display,
+    }) = serde_json::from_value(payload)
+    else {
+        return (StatusCode::BAD_REQUEST, "invalid payload").into_response();
+    };
+
+    let command = ServerConfigCommand::AddCredentialConfiguration {
+        credential_configuration_id,
+        credential_format_with_parameters,
+        display,
+    };
+
+    if command_handler(SERVER_CONFIG_ID, &state.command.server_config, command)
+        .await
+        .is_err()
+    {
+        return StatusCode::INTERNAL_SERVER_ERROR.into_response();
+    }
+
+    match query_handler(SERVER_CONFIG_ID, &state.query.server_config).await {
+        Ok(Some(ServerConfigView {
+            credential_issuer_metadata:
+                Some(CredentialIssuerMetadata {
+                    credential_configurations_supported,
+                    ..
+                }),
+            ..
+        })) => (StatusCode::OK, Json(credential_configurations_supported)).into_response(),
+        Ok(None) => StatusCode::NOT_FOUND.into_response(),
+        _ => StatusCode::INTERNAL_SERVER_ERROR.into_response(),
+    }
+}
+
+#[cfg(test)]
+pub mod tests {
+    use std::collections::HashMap;
+
+    use crate::{app, tests::BASE_URL};
+
+    use super::*;
+    use agent_issuance::{startup_commands::startup_commands, state::initialize};
+    use agent_shared::metadata::{load_metadata, set_metadata_configuration};
+    use agent_store::in_memory;
+    use agent_verification::services::test_utils::test_verification_services;
+    use axum::{
+        body::Body,
+        http::{self, Request},
+        Router,
+    };
+    use jsonwebtoken::Algorithm;
+    use oid4vci::{
+        credential_format_profiles::{w3c_verifiable_credentials::jwt_vc_json::CredentialDefinition, Parameters},
+        credential_issuer::credential_configurations_supported::CredentialConfigurationsSupportedObject,
+        proof::KeyProofMetadata,
+        ProofType,
+    };
+    use serde_json::json;
+    use tower::Service;
+
+    pub async fn credential_configurations(app: &mut Router) {
+        let response = app
+            .call(
+                Request::builder()
+                    .method(http::Method::POST)
+                    .uri("/v1/configurations/credential_configurations")
+                    .header(http::header::CONTENT_TYPE, mime::APPLICATION_JSON.as_ref())
+                    .body(Body::from(
+                        serde_json::to_vec(&json!({
+                            "credentialConfigurationId": "badge",
+                            "format": "jwt_vc_json",
+                            "credential_definition": {
+                                "type": [
+                                    "VerifiableCredential",
+                                    "OpenBadgeCredential"
+                                ]
+                            },
+                            "display": [{
+                                "name": "Badge",
+                                "logo": {
+                                    "url": "https://example.com/logo.png",
+                               }
+                            }]
+                        }))
+                        .unwrap(),
+                    ))
+                    .unwrap(),
+            )
+            .await
+            .unwrap();
+
+        assert_eq!(response.status(), StatusCode::OK);
+        assert_eq!(response.headers().get("Content-Type").unwrap(), "application/json");
+
+        let body = axum::body::to_bytes(response.into_body(), usize::MAX).await.unwrap();
+        let credential_configurations_supported: HashMap<String, CredentialConfigurationsSupportedObject> =
+            serde_json::from_slice(&body).unwrap();
+
+        assert_eq!(
+            credential_configurations_supported,
+            HashMap::from_iter([(
+                "badge".to_string(),
+                CredentialConfigurationsSupportedObject {
+                    credential_format: CredentialFormats::JwtVcJson(Parameters {
+                        parameters: (
+                            CredentialDefinition {
+                                type_: vec!["VerifiableCredential".to_string(), "OpenBadgeCredential".to_string()],
+                                credential_subject: Default::default(),
+                            },
+                            None,
+                        )
+                            .into(),
+                    }),
+                    cryptographic_binding_methods_supported: vec![
+                        "did:key".to_string(),
+                        "did:key".to_string(),
+                        "did:iota:rms".to_string(),
+                        "did:jwk".to_string(),
+                    ],
+                    credential_signing_alg_values_supported: vec!["EdDSA".to_string()],
+                    proof_types_supported: HashMap::from_iter([(
+                        ProofType::Jwt,
+                        KeyProofMetadata {
+                            proof_signing_alg_values_supported: vec![Algorithm::EdDSA],
+                        },
+                    )]),
+                    display: vec![json!({
+                        "name": "Badge",
+                        "logo": {
+                            "url": "https://example.com/logo.png"
+                        }
+                    })],
+                    ..Default::default()
+                }
+            )])
+        );
+    }
+
+    #[tokio::test]
+    #[tracing_test::traced_test]
+    async fn test_credential_configurations() {
+        set_metadata_configuration("did:key");
+
+        let issuance_state = in_memory::issuance_state(Default::default()).await;
+
+        let verification_state = in_memory::verification_state(test_verification_services(), Default::default()).await;
+
+        initialize(&issuance_state, startup_commands(BASE_URL.clone(), &load_metadata())).await;
+
+        let mut app = app((issuance_state, verification_state));
+
+        credential_configurations(&mut app).await;
+    }
+}

agent_api_rest/src/configurations/mod.rs

@@ -0,0 +1,3 @@
+pub mod credential_configurations;
+
+pub(crate) use credential_configurations::credential_configurations;

agent_api_rest/src/issuance/credential_issuer/well_known/openid_credential_issuer.rs

@@ -25,12 +25,11 @@ pub(crate) async fn openid_credential_issuer(State(state): State<IssuanceState>)
 mod tests {
     use std::collections::HashMap;
 
-    use crate::{app, tests::BASE_URL};
+    use crate::{app, configurations::credential_configurations::tests::credential_configurations, tests::BASE_URL};
 
     use super::*;
     use agent_issuance::{startup_commands::startup_commands, state::initialize};
     use agent_shared::{
-        config,
         metadata::{load_metadata, set_metadata_configuration},
         UrlAppendHelpers,
     };
@@ -101,16 +100,16 @@ mod tests {
                             "did:jwk".to_string(),
                         ],
                         credential_signing_alg_values_supported: vec!["EdDSA".to_string()],
-                        proof_types_supported: HashMap::from_iter(vec![(
+                        proof_types_supported: HashMap::from_iter([(
                             ProofType::Jwt,
                             KeyProofMetadata {
                                 proof_signing_alg_values_supported: vec![Algorithm::EdDSA],
                             },
                         )]),
                         display: vec![json!({
-                           "name": config!("credential_name", String).unwrap(),
+                           "name": "Badge",
                            "logo": {
-                                "url": config!("credential_logo_url", String).unwrap()
+                                "url": "https://example.com/logo.png",
                            }
                         })],
                     }
@@ -134,6 +133,8 @@ mod tests {
 
         let mut app = app((issuance_state, verification_state));
 
+        credential_configurations(&mut app).await;
+
         let _credential_issuer_metadata = openid_credential_issuer(&mut app).await;
     }
 }

agent_api_rest/src/lib.rs

@@ -1,3 +1,4 @@
+mod configurations;
 mod issuance;
 mod verification;
 
@@ -43,6 +44,10 @@ pub fn app(state: ApplicationState) -> Router {
 
     Router::new()
         // Agent Issuance Preparations
+        .route(
+            &path("/v1/configurations/credential_configurations"),
+            post(configurations::credential_configurations),
+        )
         .route(&path("/v1/credentials"), post(credentials))
         .route(&path("/v1/credentials/:credential_id"), get(get_credentials))
         .route(&path("/v1/offers"), post(offers))

agent_application/docker/README.md

@@ -13,11 +13,8 @@ docker build -f docker/Dockerfile -t ssi-agent ..
 Inside the folder `/agent_application/docker`:
 
 1. Inside `docker-compose.yml` replace the environment value: `AGENT_APPLICATION_URL` with your actual local IP address or URL (such as http://192.168.1.234:3033)
-2. Optionally, add the following environment variables:
-   - `AGENT_ISSUANCE_CREDENTIAL_NAME`: To set the name of the credentials that will be issued.
-   - `AGENT_ISSUANCE_CREDENTIAL_LOGO_URL`: To set the URL of the logo that will be used in the credentials.
 > [!IMPORTANT] 
-> 3. By default, UniCore currently uses a default Stronghold file which is used for storing secrets. Using this default
+> 2. By default, UniCore currently uses a default Stronghold file which is used for storing secrets. Using this default
 >    Stronghold is for testing purposes only and should not be used in production. To use your own Stronghold file, you
 >    need to mount it in the `docker-compose.yml` file by replacing the default volume. Example:
 > ```yaml
@@ -33,15 +30,15 @@ Inside the folder `/agent_application/docker`:
 >     is recommended to not change this environment variable.
 >   - `AGENT_SECRET_MANAGER_STRONGHOLD_PASSWORD`: To set the password
 >   - `AGENT_SECRET_MANAGER_ISSUER_KEY_ID`: To set the key id
-1. Optionally it is possible to configure an HTTP Event Publisher that can listen to certain events in `UniCore`
+3. Optionally it is possible to configure an HTTP Event Publisher that can listen to certain events in `UniCore`
    and publish them to a `target_url`. More information about the HTTP Event Publisher can be found [here](../../agent_event_publisher_http/README.md).
-2. To start the **SSI Agent**, a **Postgres** database along with **pgadmin** (Postgres Admin Interface) simply run:
+4. To start the **SSI Agent**, a **Postgres** database along with **pgadmin** (Postgres Admin Interface) simply run:
 
 ```bash
 docker compose up
 ```
 
-6. The REST API will be served at `http://0.0.0.0:3033`
+5. The REST API will be served at `http://0.0.0.0:3033`
 
 > [!NOTE]
 > If you don't have rewrite rules enabled on your reverse proxy, you can set the `AGENT_CONFIG_BASE_PATH` to a value such as `ssi-agent`.

agent_event_publisher_http/README.md

@@ -46,7 +46,7 @@ CredentialResponseCreated
 
 ```
 ServerMetadataLoaded
-CredentialsSupportedCreated
+CredentialConfigurationAdded
 ```
 
 #### `authorization_request`