Skip to content

privacybydesign/uniqueid-issuer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
conf.example.json
conf.example.json
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
server.go
server.go
 
 

Repository files navigation

UniqueID issuer

An IRMA issuer of randomly generated login codes that can be used as unique random usernames in for example a website.

Description

This project contains an HTTP server which issues an IRMA credential containing a random login code, and the name of the organization on behalf of which the login code was issued (the client), as follows:

  1. The client starts the session by invoking POST /session, authenticating itself using a pre-shared token in the Authorization HTTP header.
  2. Using a builtin IRMA server library, this server starts an issuance session for a credential containing a new random login code, and the client's organization name as specified by the configuration (see below). It responds to the client with an IRMA session package, who forwards it to its frontend. The irma-frontend library of the client's frontend uses that to show a QR code or universal link for the user's IRMA app.
  3. The user's IRMA app and this server perform the issuance session.

Getting Started

Installing

git clone github.com/privacybydesign/uniqueid-issuer
cd uniqueid-issuer
go install

Configuring

Using a JSON configuration file:

{
    // Any JSON-serialized member of the IRMA library configuration struct is accepted
    // https://pkg.go.dev/github.com/privacybydesign/irmago/server#Configuration
    // For example:
    "schemes_path": "/path/to/schemes", // optional
    "url": "https://example.com/",      // public URL to this server

    // Attribute IDs in which the login code and client name are to be issued
    // Must be part of the same credential type
    "logincode_attr": "irma-demo.sidn-pbdf.uniqueid.uniqueid",
    "client_attr": "irma-demo.sidn-pbdf.uniqueid.organization",
    
    "logincode_length": 12, // default value

    "listen_addr": "0.0.0.0",
    "port": 1234,
    "clients": {
        "SecretPresharedToken": {
            "name": "Client name (appears in 2nd attribute)",
            "domain": "https://example-client.com/"
        }
    },
    
    // optional (specify either both or none)
    // if present, enables TLS
    "tls_cert_file": "/path/to/cert.pem",
    "tls_privkey_file": "/path/to/privkey.pem"
}

See also conf.example.json.

The TLS configuration fields are optional. If present, the server will accept TLS connection. If not, in production this server must be run behind a reverse proxy that handles TLS for it.

Executing

You can run the issuer as follows.

uniqueid-issuer /path/to/config.json

For a quick start, you can use the example configuration.

uniqueid-issuer ./conf.example.json

Subsequently, you can start an issuing session using the irma CLI tool.

go install github.com/privacybydesign/irmago/irma@master
irma session --from-package $(curl -X POST -H "Authorization: SecretPresharedToken" http://localhost:1234/session)

About

AnonID issuer

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

9 watching

Forks

0 forks
Report repository

Releases 4

v1.0.3 Latest
Mar 22, 2024
+ 3 releases

Packages

No packages published

Contributors 5

Languages