Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Testing the service locally without HTTPS problems on resolving #1

Open
pohutukawa opened this issue Jul 15, 2024 · 3 comments
Open

Testing the service locally without HTTPS problems on resolving #1

pohutukawa opened this issue Jul 15, 2024 · 3 comments

Comments

@pohutukawa
Copy link

I've given the service a good trial run today. I quite like the approach, and things worked quite well and expected as documented. However, DID Web resolvers use the https protocol for resolution, but when giving it a simple test with the (Docker) container, only httpon localhost is available.

I've tried setting the DWS_RESOLVER_OVERRIDE environment variable to something like http://id.localhost:8000, but it was still using the HTTPS resolution instead of the override.

Is there a viable 'hack' to enable fuller testing of the service possible? I'm particularly interested in the update DID flow for this to register additional keys to the DID document (e.g. an X25519 key for keyAgreement).
@jceb
Copy link
Member

jceb commented Jul 15, 2024
edited
Loading

Hi @pohutukawa, glad to hear that you like the service and that it works for you 👍
Regarding the HTTPS issue, the tutorial, including the update flow should work as documented (https://dws.identinet.io/did-management/update-did/). If not, please let me know.

The flow works, because didkit's resolver makes an exception for did:web DIDs that refer to localhost. However, not every resolver implementation includes this feature, because it's not part of the did:web specification. Therefore, I recommend that you follow the instructions to set up a TLS certificate that is valid on your computer: https://dws.identinet.io/deployment/self-hosting/ Please change the external domain name (DWS_EXTERNAL_HOSTNAME) to did-web-server.localhost. This is a valid domain name on every computer and resolves to 127.0.0.1. However, it's different from localhost so you won't get bitten by DID resolvers that disable HTTPS for localhost ;-)

Please let me know if you continue to experience difficulties.

@pohutukawa
Copy link
Author

Kia ora @jceb, thanks for the quick response. I have set my external host name to id.localhost, so it should have fit your description above. I'll give it a try with 'vanilla' localhost, too.

I was hoping to get around setting up a local/private CA with certs for testing to get on more quickly. But it's a good thing in general anyway for this type of stuff.

Vielen Dank nochmal! Ich probier's dann weiter :-)

@jceb
Copy link
Member

jceb commented Jul 16, 2024
edited
Loading

Ah, that explains why it didn't work :-) I'll extend the documentation to cover the special case of just localhost :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jceb @pohutukawa