Skip to content

Commit

Permalink
docs: complete getting started
Browse files Browse the repository at this point in the history
Signed-off-by: Pat Losoponkul <[email protected]>
  • Loading branch information
Pat Losoponkul committed Jun 12, 2024
1 parent 2b24b11 commit 29b7038
Showing 1 changed file with 23 additions and 19 deletions.
42 changes: 23 additions & 19 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@

![CI](https://github.com/hyperledger/identus-keycloak-plugins/actions/workflows/unit-tests.yml/badge.svg)

## Overview
# Overview

This repository provides a Keycloak Plugin that extends Keycloak's functionality to handle Self-Sovereign Identity (SSI) tasks, including OpenID for verifiable credential issuance.
The plugin is designed to integrate with the Identus cloud agent, enabling a comprehensive SSI ecosystem.
This repository provides a Keycloak Plugin that extends Keycloak's functionality to handle Self-Sovereign Identity (SSI) tasks,
including OpenID for verifiable credential issuance.

## Getting started
# Getting started

### Using published docker image
## Using published docker image

__Default Keycloak plugin image__
### Default Keycloak plugin image

The plugin is available as a pre-bundled Docker image.
This image includes Keycloak and the plugin enabled for basic use cases.
For more complex setup, the JAR file published in the Maven repository should be used to build a custom Keycloak image.
The docker-compose configuration below allows spinning up a basic Keycloak instance with the plugin enabled as part of the idendus cloud agent stack.
For a more complex setup, the JAR file published in the Maven repository should be used to build a custom Keycloak image.
The docker-compose configuration below allows spinning up a basic Keycloak instance with the plugin enabled as part of the Identus cloud agent stack.

```yaml
services:
Expand All @@ -39,47 +39,51 @@ services:
# Identus cloud agent and other services below
```

__Customized Keycloak plugin image__
### Customized Keycloak plugin image

In many cases, Keycloak customization is necessary for branding or to meet custom
authentication and authorization requirements. The default plugin image can be used
in conjunction with docker multi-stage builds to extract the Keycloak plugin JARs and
create a customized Keycloak image.

The image contains plugin JARs in `/opt/keycloak/providers` directory
The image contains plugin JARs in the `/opt/keycloak/providers` directory

For example
Example `Dockerfile`

```
FROM ghcr.io/hyperledger/identus-keycloak-plugins:0.1.0 AS dist
FROM quay.io/keycloak/keycloak:23.0.7
COPY --from=dist /opt/keycloak/providers/<PLUGIN_FILE>.jar /opt/keycloak/providers/<PLUGIN_FILE>.jar
# customized and copy assets / provideres
COPY ./
# more steps to customize assets / themes / providers
RUN /opt/keycloak/bin/kc.sh build
ENTRYPOINT [ "/opt/keycloak/bin/kc.sh" ]
```

Please refer to the official [Keycloak documentation](https://www.keycloak.org/server/containers)
for customization using JAR providers.

### Using published JAR
## Using published JAR

TODO
Each plugin is available individually on [Github maven packages](https://github.com/orgs/hyperledger/packages?repo_name=identus-keycloak-plugins),
for easy integration with your build process and fine-grained control over which plugins are included when customizing Keycloak.

Please refer to the official [Keycloak documentation](https://www.keycloak.org/server/containers)
for customization using JAR providers.

## Available Plugins
# Available Plugins

### `identus-keycloak-oid4vci`
## `identus-keycloak-oid4vci`

Extends Keycloak for integration with Identus cloud agent in [OID4VCI](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html) flow.
The Keycloak instance to use this is the Issuer Authorization Server where the plugin takes care of
the OpenID extension in the issuance flow.
The plugin supports the Authorization Endpoint and Token Endpoint according to the specification.
Additionally, the plugin communicates with the cloud agent during holder authorization to coordinate the issuance session.

#### Features
### Features

- [Authorization code flow](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-authorization-code-flow)
- _AuthorizationRequest_ supported parameters
Expand All @@ -90,7 +94,7 @@ Additionally, the plugin communicates with the cloud agent during holder authori
- [Pre-authorized-code flow](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-pre-authorized-code-flow)
- Not yet supported

#### Environment Variables
### Environment Variables

|Name|Description|
|-|-|
Expand Down

0 comments on commit 29b7038

Please sign in to comment.