smart-on-fhir / health-cards-tests Goto Github PK
View Code? Open in Web Editor NEWDemo for health wallet with Verifiable Credentials and Decentralized Identifiers
Home Page: https://c19.cards/
License: MIT License
Demo for health wallet with Verifiable Credentials and Decentralized Identifiers
Home Page: https://c19.cards/
License: MIT License
publicKey -> verifiactionMethod
"keyAgreement": ["#encryption-key-1"]
"authentication": ["#authentication-key-1"] --> rename to "assertionMethod"
What about key.type?
windows 10
npm 15
i get this error
[4/9] RUN npm ci:
#8 634.6 npm ERR! cb() never called!
#8 634.6
#8 634.6 npm ERR! This is an error with npm itself. Please report this error at:
#8 634.6 npm ERR! https://npm.community
#8 634.7
#8 634.7 npm ERR! A complete log of this run can be found in:
#8 634.7 npm ERR! /root/.npm/_logs/2021-01-16T20_27_55_657Z-debug.log
executor failed running [/bin/sh -c npm ci]: exit code: 1
See smart-on-fhir/health-cards#122
Update as appropriate given the referenced pull request
As an alternative to extension-based.
Also need to review for alignment with smart-on-fhir/health-cards#12
https://github.com/microsoft-healthcare-madison/health-wallet-demo/blob/master/test/vcs.test.ts#L46 tests should reflect this.
Right now, multiple clients will clobber the DID associated with Patient/sample-123
The format for .well-known/did-configuration.json has differed significantly from the pre-1.0 release included in this example app to the current version of the spec.
Here's an example payload for the current spec:
{
"@context": "https://identity.foundation/.well-known/did-configuration/v1",
"linked_dids": [
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://identity.foundation/.well-known/did-configuration/v1"
],
"issuer": "did:key:z6MkoTHsgNNrby8JzCNQ1iRLyW5QQ6R8Xuu6AA8igGrMVPUM",
"issuanceDate": "2020-12-04T14:08:28-06:00",
"expirationDate": "2025-12-04T14:08:28-06:00",
"type": [
"VerifiableCredential",
"DomainLinkageCredential"
],
"credentialSubject": {
"id": "did:key:z6MkoTHsgNNrby8JzCNQ1iRLyW5QQ6R8Xuu6AA8igGrMVPUM",
"origin": "https://identity.foundation"
},
"proof": {
"type": "Ed25519Signature2018",
"created": "2020-12-04T20:08:28.540Z",
"jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..D0eDhglCMEjxDV9f_SNxsuU-r3ZB9GR4vaM9TYbyV7yzs1WfdUyYO8rFZdedHbwQafYy8YOpJ1iJlkSmB4JaDQ",
"proofPurpose": "assertionMethod",
"verificationMethod": "did:key:z6MkoTHsgNNrby8JzCNQ1iRLyW5QQ6R8Xuu6AA8igGrMVPUM#z6MkoTHsgNNrby8JzCNQ1iRLyW5QQ6R8Xuu6AA8igGrMVPUM"
}
},
"eyJhbGciOiJFZERTQSJ9.eyJleHAiOjE3NjQ4Nzg5MDgsImlzcyI6ImRpZDprZXk6ejZNa29USHNnTk5yYnk4SnpDTlExaVJMeVc1UVE2UjhYdXU2QUE4aWdHck1WUFVNIiwibmJmIjoxNjA3MTEyNTA4LCJzdWIiOiJkaWQ6a2V5Ono2TWtvVEhzZ05OcmJ5OEp6Q05RMWlSTHlXNVFRNlI4WHV1NkFBOGlnR3JNVlBVTSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly9pZGVudGl0eS5mb3VuZGF0aW9uLy53ZWxsLWtub3duL2RpZC1jb25maWd1cmF0aW9uL3YxIl0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmtleTp6Nk1rb1RIc2dOTnJieThKekNOUTFpUkx5VzVRUTZSOFh1dTZBQThpZ0dyTVZQVU0iLCJvcmlnaW4iOiJpZGVudGl0eS5mb3VuZGF0aW9uIn0sImV4cGlyYXRpb25EYXRlIjoiMjAyNS0xMi0wNFQxNDowODoyOC0wNjowMCIsImlzc3VhbmNlRGF0ZSI6IjIwMjAtMTItMDRUMTQ6MDg6MjgtMDY6MDAiLCJpc3N1ZXIiOiJkaWQ6a2V5Ono2TWtvVEhzZ05OcmJ5OEp6Q05RMWlSTHlXNVFRNlI4WHV1NkFBOGlnR3JNVlBVTSIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEb21haW5MaW5rYWdlQ3JlZGVudGlhbCJdfX0.6ovgQ-T_rmYueviySqXhzMzgqJMAizOGUKAObQr2iikoRNsb8DHfna4rh1puwWqYwgT3QJVpzdO_xZARAYM9Dw"
]
}
Note the top-level linked_dids
key. Particularly because of the possibility of did-configuration.json resolution becoming a part of the QR embedding strategy, I think a good first step would be to have this reference app be spec-compliant.
From there, the Health Cards spec could decide to dictate that only long-form DIDs be listed in did-configuration.json and could norm on using either JWS or JSON-LD proof objects.
Happy to help with this as well if you agree and it's not on the docket already.
This is a little bit challenging because 1) the configuration will not be long-lived because it the key material resets on every deployment... But that would be okay as long as anyone using the demo issuer takes this into account and 2) the current deployment allows for an end-to-end encryption mode where keys only ever exist in the browser and every browser has its own separate keys, so when using it in that mode it would not make sense to have a centrally hosted configuration file. But that could just be an exception / limitation.
(To replace or in addition to the "Open portal" menu link.)
https://c19.cards/examples
to https://smarthealth.cards/examplesapplication/smart-health-card
MIME type for any .smart-health-cards
returned this way, to allow for testing of MIME type handling (e.g., for Android app routing)Generate JWT public key as X and Y coordinates, from a non-compact secp256k1 key
Generate a hash (input to signature algorithm) from bytes in a JWT header + payload
From chat discussions, the portal is being used by non-technical end-users as part of go-live procedures. It'd be good for us to have a full understanding of any tests that don't get surfaced in the portal, and then we can evaluate whether/how to close the gap.
One specific question that came up is whether CORS checks are performed
Can start with just a bullet list here if this makes sense to you @ljoy913
Some API calls right now just fail to return when an error occurs. Handlers should catch all.
E.g. when verifying a JWS, provide a way to specify the expected signer DID.
Looks like you recently updated the health card implementation guide to use ES256
instead of ES256K
for JWT signing, but that hasn't gotten updated yet in this example implementation. We assumed that this code base reflected the most up to date decisions, that seems incorrect based off of the Git history.
Call sites to update:
Happy to handle this change once you confirm this is desired.
cc @jmandel
Make sure current tests pass. issuanceDate shouldn't appear in the JWS (just nbf).
Maintain a cache of independent states, sharing keys as needed
Once you establish a set of VCs in the "Holder", you have the option to manually input a "verifier" URL to send them to by clicking the scanner button in the bottom-left.
I was attempting to navigate to this libs example verifier, when I came across the following issue.
Attempting to input a manual URL (and likely via QR code too), doesn't do anything except throw a console error.
Don't clone locally :)
@jmandel โ ๐ โ thanks for this awesome example app!
I'm working with a group that's introducing health card functionality into our android application and we're using this codebase as a reference.
In particular, I'm trying to better understand ION DID resolution.
My understanding so far:
holders need to verify SIOP requests sent from issuers/verifiers to ensure authenticity of entity behind SIOP requests. The entry-point to this verification is verifyJWS
verifyJWS
performs verification by calling the GET /api/did/:did
endpoint with the full did (e.g. did:ion:1234#key-id
)
This leads us to resolveDid
:
It seems like this resolveDid
implementation is incredibly similar to that implemented in the sidetree codebase itself, which I presume is your motivation in this implementation:
It seems like this mock create operation doesn't actually read or write to the Bitcoin blockchain during resolution (based off of my reading of the sidetree source and playing around with this resolver), but just automatically returns a DID Document that is verified.
Am I thinking about this correctly? If so, what would a more "production" implementation of DID creation / resolution look like?
I appreciate these sorts of questions are not exactly related to health cards / VCs, but I imagine you might have some context/pointers here!
This isn't part of the official https://identity.foundation/sidetree/spec/ ; we should be using add-public-keys
instead.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.