Open pohutukawa opened 1 month ago
Hi @pohutukawa, glad to hear that you like the service and that it works for you :+1: Regarding the HTTPS issue, the tutorial, including the update flow should work as documented (https://dws.identinet.io/did-management/update-did/). If not, please let me know.
The flow works, because didkit's resolver makes an exception for did:web DIDs that refer to localhost
. However, not every resolver implementation includes this feature, because it's not part of the did:web specification. Therefore, I recommend that you follow the instructions to set up a TLS certificate that is valid on your computer: https://dws.identinet.io/deployment/self-hosting/ Please change the external domain name (DWS_EXTERNAL_HOSTNAME
) to did-web-server.localhost
. This is a valid domain name on every computer and resolves to 127.0.0.1
. However, it's different from localhost
so you won't get bitten by DID resolvers that disable HTTPS for localhost
;-)
Please let me know if you continue to experience difficulties.
Kia ora @jceb, thanks for the quick response. I have set my external host name to id.localhost
, so it should have fit your description above. I'll give it a try with 'vanilla' localhost
, too.
I was hoping to get around setting up a local/private CA with certs for testing to get on more quickly. But it's a good thing in general anyway for this type of stuff.
Vielen Dank nochmal! Ich probier's dann weiter :-)
Ah, that explains why it didn't work :-) I'll extend the documentation to cover the special case of just localhost
:-)
I've given the service a good trial run today. I quite like the approach, and things worked quite well and expected as documented. However, DID Web resolvers use the
https
protocol for resolution, but when giving it a simple test with the (Docker) container, onlyhttp
onlocalhost
is available.I've tried setting the
DWS_RESOLVER_OVERRIDE
environment variable to something likehttp://id.localhost:8000
, but it was still using the HTTPS resolution instead of the override.Is there a viable 'hack' to enable fuller testing of the service possible? I'm particularly interested in the update DID flow for this to register additional keys to the DID document (e.g. an X25519 key for
keyAgreement
).