search

bcgov / DITP-DevOps

Digital Identity and Trust Program Team's DevOps Documentation Repository
Apache License 2.0
2 stars 5 forks source link

VCauthN environment updates #199

Open loneil opened 3 weeks ago

loneil commented 3 weeks ago

Tracking current state and todos here for VCAuthN deployments regarding enabling new features.

Presentation Request settings

  1. Proof protocol: pres exchange protocol 1.0 or 2.0
  2. VCAuth version: Latest release tag is 2.2.0
  3. ACA-Py version: existing uses are 0.12.1, 1.0.0 is available now (2.0 protocol requires 1.0.0 for our uses)
  4. Use OOB: whether to use Connectionless Invitations or Out Of Band to communicate the proof request
  5. URL Deep Link handler: Use c_i format links with full encoded payload, or _url links with a redirect to the payload.
Env Protocol VCauth Version ACA-Py Use OOB Deep Link format
DEV 2.0 main branch code (2.2.0+) 1.0.0 True url
TEST 1.0 2.0.3 0.12.1 False c_i
PROD 1.0 2.0.3 0.12.1 False c_i

TTL Index

Needs to be added to Helm charts. This would result in older mongo records being pruned

https://github.com/bcgov/vc-authn-oidc/issues/539

Back to App link support

To allow calling apps to pass a safe return link there will need to be some additions in the keycloak config.

The back_to_url forwarded query param would need to be added in appropriate keycloak realms.

We control the access-to-court-materials-jag custom realms and could add there.

Some coordination (previously discussed with SSO team) would be needed to add this alongside our pres_req_conf_id param in common SSO setup to allow SSO integrations to use this.

loneil commented 3 weeks ago

@esune adding this to DITP repo since it's not code-based (our specific deployments) but could put in VCAuthN instead