DDDC Credential Issuer API

Restful API for the Credential issuer of the Digital Democracy and Data Commons pilot project

Credential issuer API is part of the DDDC. Digital Democracy and Data Commons is a pilot participatory process oriented to test a new technology to improve the digital democracy platform Decidim and to collectively imagine the data politics of the future. This pilot takes place in the context of the European project DECODE (Decentralized Citizen Owned Data Ecosystem) that aims to construct legal, technological, and socioeconomic tools that allow citizens to take back control over their data and technological sovereignty. Our effort is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles using algorithms that can be deployed in any situation without any change.

🚩 Table of Contents (click to expand)

• Getting started
• Install
• Usage
• Docker
• API
• Configuration
• Testing
• Troubleshooting & debugging
• Acknowledgements
• Links
• Contributing
• License

---

🚀 Getting started

This requires docker to be installed

git clone --recursive https://github.com/DECODEproject/dddc-credential-issuer.git
cd dddc-credential-issuer
./start.sh

This will clone the project and all submodules of the project (--recursive is important) then by lunching the start.sh will create a docker container with all the dependencies correctly configured.

Head your browser to:

SWAGGER UI: http://0.0.0.0/docs/

API: http://0.0.0.0/

for the authentication in the SWAGGER UI over the calls, that need the OAuth2 and JWT token please use the following credentials:

username	password
demo	demo

NB: client_id and client_secret are not mandatory and should be empty

---

💾 Install

To locally run you need to run over a the API project over an ASGI server like uvicorn.

Assuming you are already cloned the project as described on Getting started with the submodules and already cd into your project directory dddc-credential-issuer you need the following steps

1. create a virtualenv
2. activate the virtualenv
3. upgrade the pip
4. install dependencies
5. install the ASGI serve
6. run locally the API

python3 -m venv venv
. venv/bin/activate
pip install --upgrade pip
pip install -e .
pip install uvicorn
uvicorn app.main:api --debug

---

🎮 Usage

This API server is meant for the Credential Issuing of the DDDC Project part of the

This will handle both the credential issuing with Coconut (for the wallet) and the interaction with the DDDC Site as described here

---

🐳 Docker

docker build -t dddc-credential-issuer .
docker run --rm -p 80:80 -e APP_MODULE="app.main:api" -e LOG_LEVEL="debug" -it dddc-credential-issuer

All the options are documented on here

---

🐝 API

All the parameters and format of the input are documented on the swagger, below you'll find a quick description of each endpoint

/token

This returns a valid JWT to be used over OAuth2 covered calls in the Bearer header

/authorizable_attribute

Creates an Authorizable Attibute as defined on here it contains an authorizable_attribute_id and a authorizable_attribute_info in form of a list of objects each one with a key and values

This will create the rules to allow people to obtain a credential. Each credential will have it's own keypair (in form of a Credential Issuer Keypair, Coconut flow 03) and the public verification_key will be printed as a result

IoT vs. DDDC the real difference between the two use-cases is to allowing reissue the credentials for the same user. To differenciate this behaviout each Authorizable Attibute has a boolean parameter reissuable that should be passed. IoT want to pass it as true to allow reissuing of the credentials.

/authorizable_attribute/{authorizable_attribute_id}

This allows to retrieve the Authorizable Attibute by the authorizable_attribute_id

This will contain the ruleset and the verification_key

/credential

This will check that the information provided are a correct subset of the information of the Authorizable Attribute and if they are correct it will sign (add a sigma_tilde) and release a credential for the user (coconut flow 05)

/uid

Gives back the Credential Issuer ci_unique_id a string that identifies the credential issue instance.

---

🔧 Configuration

All the configuration should be available under an .ini file. By default the configuration file is config.ini

User defined config.ini

Define a environment variable DDDC_CREDENTIAL_ISSUER_CONFIGFILE with the absolute path of the file like:

export DDDC_CREDENTIAL_ISSUER_CONFIGFILE=/srv/some/secure/place/production.ini

You are encouraged to do this and edit the config file with your real data.

Variables

name	description	values
debug	This should be off in production add some verbose logging	true or false
uid	The ci_unique_id. A string that identifies the credential issue instance	string
keypair	The secret keypair path of the Credential Issuer, if the file does not exists, it is created the first a request is run	file absolute path
contracts_path	The path of the Zencode smart contracts for now a submodule of dddc-pilot-contracts	directory absolute path
ALGORITHM	The algorithm used for the JWT generation	available algorithms
ACCESS_TOKEN_EXPIRE_MINUTES	Minutes of validity of the JWT tokens	int
SQLALCHEMY_DATABASE_URI	The url of your relational database (sqlite is tested by now)	SQLAlchemy Database URL

---

📋 Testing

python3 setup.py test

---

🐛 Troubleshooting & debugging

To run the credential-issuer in debug mode, please run it in local and activate --debug when you launch the ASGI uvicorn server.

Set the LOG_LEVEL="debug" ENVIRONMENT VARIABLE that is used by uvicorn and starlette.

Configure your config.ini and set the

debug = true

---

😍 Acknowledgements

Copyright ©️ 2019 by Dyne.org foundation, Amsterdam

Designed, written and maintained by Puria Nafisi Azizi Dyne.org.

With design contributions by Oleguer 'Ula' Sagarra dribia.com.

Special thanks to Denis 'Jaromil' Roio and Andrea D'Intino for their expert reviews.

This project is receiving funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement nr. 732546 (DECODE).

---

🌐 Links

https://decodeproject.eu/

https://dyne.org/

https://zenroom.dyne.org/

https://dddc.decodeproject.eu/

---

👥 Contributing

Please first take a look at the Dyne.org - Contributor License Agreement then

1. 🔀 FORK IT
2. Create your feature branch git checkout -b feature/branch
3. Commit your changes git commit -am 'Add some fooBar'
4. Push to the branch git push origin feature/branch
5. Create a new Pull Request
6. 🙏 Thank you

---

💼 License

DDDC Credential Issuer API
Copyright (c) 2019 Dyne.org foundation, Amsterdam

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.