LCRB Digital Age Verification Service (lcrb-dav)
A verifier application to enable the Digital Age Verification process involving the BC Person credential. This application is designed so that it can also be used for other use cases involving different presentation request template.
See here for more background and architectural info.
Running lcrb-dav will standup an aca-py service with it's associated storage, controller service with it's FastAPI backend, vanilla JavaScript frontend relying on Jinja2 template and polling GET endpoints, and Mongo database.
Retirement Notice
The Digital Age Verification service was built as a usable prototype to validate the age verification use-case and provide implementers with an example to be used as reference when implementing age verification. The project has been retired as it is not going to be actively maintained, but still serves its purpose of demonstrating the technical stack and potential integration patterns.
Pre-requisites
Configuring Ngrok
Each developer must apply for an Ngrok token here. Then place the token into the .env-dev file within the docker directory.
NGROK_AUTHTOKEN=<your token here>Running lcrb-dav
If you want to run the project in production mode, follow the instructions here.
To run the project in local development mode, open a shell in the docker folder and run the following commands:
./manage build: this command will build the controller image. This step is required the first time the project is run, and when dependencies in change in the requirements file(s)../manage start: this will start the project.- To reset everything (including removing container data and selected options in the
envfile) execute./manage rm.
A list of all available commands is visible by executing ./manage -h.
The project is set-up to run without needing any external dependencies by default, using a standalone agent in read-only that will target the ledgers specified in ledgers.yaml.
Using lcrb-dav
Before starting up lcrv-dav, a couple of things need to be considered:
- A proof configuration yaml proof_config.yaml is located at
/docker/dav-controller/proof_config.yaml. This specifies the proof request template which will be used to generate the actual requests and corresponding QR codes. As seen with example yaml config below, it is possible to specify multiple proof request templates:age-verification-bc-person-credentialandage-verification-bc-person-credential-more-infoare the proof config identifiers.proof-requestspecifies the template for the proof request generation.- Certain values related to datetime need to calculated in realtime and dynmaically updated before proof request is created.
$now[current datetime as integer] and$threshold_date_19[19 yr back birthdate as integer] are currently supported for this. - Labels for
request_attributesandrequest_predicatesare autogenerated and updated. ui-revealed-attribsspecifies which attribs need to be revealed in the UIdisplay-textspecifies the header text to shown in the UIage-verification-bc-person-credential: proof-request: name: age-verification version: "1.0" requested_attributes: - names: - picture restrictions: - schema_name: Person non_revoked: from: $now to: $now requested_predicates: - name: birthdate_dateint p_type: <= p_value: $threshold_date_19 restrictions: - schema_name: Person non_revoked: from: $now to: $now ui-revealed-attribs: - picture display-text: Scanning this QR code will verify age and identity. age-verification-bc-person-credential-more-info: proof-request: name: age-verification-more-info version: "1.0" requested_attributes: - names: - picture - given_names - family_name - country restrictions: - schema_name: Person non_revoked: from: $now to: $now requested_predicates: - name: birthdate_dateint p_type: <= p_value: $threshold_date_19 restrictions: - schema_name: Person non_revoked: from: $now to: $now ui-revealed-attribs: - picture - given_names - family_name - country display-text: Scanning this QR code will verify age and reveal name, country and picture.
- lcrb-dav verifier application currently only supports one proof type at runtime. This is specified by updating the following in /docker/manage L145-146
## proof configuration selection export DAV_PROOF_CONFIG_ID="age-verification-bc-person-credential" - When running locally the application will be accessible at
http://localhost:5000/. Scan the QR code with BC Wallet application and proceed with the on screen instruction to complete the present-proof exchange and verify yourself. If needed, you can obtain a Person Credential from the BC Wallet Showcase by completing the lawyer demo.
Environment Variables
Several functions in lcrb-dav can be tweaked by using the following environment variables.
| Variable | Type | What it does | NOTES |
|---|---|---|---|
| USE_OOB_PRESENT_PROOF | bool | if True, the present-proof request will be provided as a an out of band invitation with a present-proof request inside. If False, the present-proof request will be use the service-decorator | TRUE: BC Wallet supports our OOB Message with a minor glitch, BiFold, Lissi, Trinsic, and Estatus all read the QR code as 'Invalid' FALSE: Works with |
| LOG_WITH_JSON | bool | If True, logging output should printed as JSON if False it will be pretty printed. | Default behavior will print as JSON. |
| LOG_TIMESTAMP_FORMAT | string | determines the timestamp formatting used in logs | Default is "iso" |
| LOG_LEVEL | "DEBUG", "INFO", "WARNING", or "ERROR" | sets the minimum log level that will be printed to standard out | Defaults to DEBUG |
| DAV_PROOF_CONFIG_ID | "age-verification-bc-person-credential" | sets the proof template config to be used | Defaults to "age-verification-bc-person-credential" |