This guide contains the procedure to install and set up the backend required for the Inji App to download PBMS Beneficiary VCs.
- eSignet is available with the National ID system and is ready for authentication. If not available, a mock eSignet can be installed with PBMS.
- G2P OpenID VCI: Base, G2P OpenID VCI: Programs, G2P OpenID VCI: Rest API odoo modules are installed on PBMS.
(Only required for testing. Not required for production.)
- Create an eSignet OIDC client with the following parameters:
- clientId: mimoto-oidc
- clientName: Inji Wallet
- logoUrl:https://raw.githubusercontent.com/mosip/mosip-file-server/master/mosip-file-server/inji-model/inji-home-logo.png
- redirectUris:
io.mosip.residentapp.inji://oauthredirect. - relyingPartyId:
mpartner-default-mimoto.
- Create an eSignet OIDC client with the following parameters:
- clientId:
openg2p-mimoto-oidc - clientName:
Inji Wallet - logoUrl: https://raw.githubusercontent.com/mosip/mosip-file-server/master/mosip-file-server/inji-model/inji-home-logo.png
- redirectUris:
io.mosip.residentapp.inji://oauthredirect. - relyingPartyId:
openg2p-auth-partner.
- clientId:
- Fork this repository https://github.com/OpenG2P/mosip-config.
- Edit mimoto-issuers-config.json with appropriate names and URLs.
(Only required for testing. Not required for production.)
-
Collect public-key-private-key pairs from both the OIDC clients created above.
-
Create a P12 file using KeyStore Explorer.
- Import the Mimoto OIDC client key pair with the name
mpartner-default-mimotooidcand an appropriate password (The rest of this guide assumes this password isopeng2p123). - Import the OpenG2P Mimoto OIDC client key pair with the name
openg2p-mimotooidcwith the same password as the one for the above key pair,openg2p123. - Set keystore password. The password should be the same as the above,
openg2p123.
- Import the Mimoto OIDC client key pair with the name
-
Create a K8s secret with the name
mimoto-oidc-secret, for the above P12 file:kubectl -n <namespace> create secret generic mimoto-oidc-secret \ --from-file=oidckeystore.p12=<path to above p12 file>
-
Install Mimoto in your OpenG2P namespace using Rancher:
- Go to Rancher -> Apps -> Repositories. Add a repository with this URL if it doesn't exist https://openg2p.github.io/openg2p-helm (name can be given as
openg2p-extras). - Select the namespace in the Rancher namespace filter.
- Go to Rancher -> Apps -> Charts. Refresh all charts. Search and select Mimoto. Choose version 0.13.0 or higher. On the config page, give the name of the Kubernetes secret containing the OIDC keystore, the keystore password, URL of the mosip-config repo from step 3.1, along with any other details asked. Finish installation.
- Go to Rancher -> Apps -> Repositories. Add a repository with this URL if it doesn't exist https://openg2p.github.io/openg2p-helm (name can be given as
- Go to PBMS -> Settings -> VCI Issuers. Create one VC Issuer for each program for which VC download should be supported. Configure VC Issuer with the following parameters:
- Name: Name to identify the VC Issuer and to be displayed on the Inji App when downloading.
- Scope: Scope should be one of the entries present in the
scopes_supportedfield in mimoto-issuers-config.json. - Issuer Type: Beneficiary
- Program: Choose the relevant program
- Auth Subject ID Type: NATIONAL ID TOKEN.
- Auth Allowed Issuers: eSignet Issuer URL (Example: https://esignet.explore.openg2p.org.)
- Leave the rest of the fields with default values and save. Upon saving all the other fields will get auto-populated.
- Download Inji App version 0.13.0 or higher.
- Go to Inji -> Settings -> Credential Registry. Edit :
- Credential Registry: Mimoto Base URL given in step 4.4. (Example: https://mimoto.explore.openg2p.org)
- Esignet Host: eSignet Base URL (Example: https://esignet.explore.openg2p.org)
Now the Inji App should be ready to download Beneficiary credentials. (Beneficiary should be enrolled in the program and should be an active beneficiary to be able to download the card.)