Issuer portal setup
Last updated
Was this helpful?
Last updated
Was this helpful?
To setup the issuer portal backend a few things may need to be considered and some configuration may be required, depending on your situation.
Since the issuer portal backend is implemented in the same service as the wallet backend, refer to the wallet backend setup section for .
The configuration of the issuer portal backend can be adapted, by modifying the file
config/issuer-config.json
Configure the URLs via which the issuer portal UI and backend API will be reachable from an external source, e.g. a web browser, or the wallet backend requesting credential issuance:
Configure the DID used to sign issued credentials. Refer to for options to initialize a DID for the backend.
By default, the issuer backend will choose the first available DID in its data store. To enforce, which DID to use, set it in the issuer-config.json like so:
The issuer portal supports an issuance flow, that is triggered directly from the issuer portal into the SSI wallet. To support this kind of issuance flow, you need to configure the known wallets and how to connect to them:
This example shows the known wallet configuration for the walt.id web wallet, in issuer-config.json:
Here's a complete example for the issuer-config.json:
Data, such as dids and keys, are currently stored in the issuer subfolder, like so:
<data_root>/data/issuer
In the future various options to configure the issuer data storage may be provided.
To set up an issuer portal backend, it is crucial to define the DID by which issued credentials should be signed.
The wallet backend intergrates a subset of commands from the walt.id SSI Kit, to accomplish simple key and DID management.
To manage keys and dids for the issuer, use the config command, with the command flag --as-issuer, or its shortcut -i:
The following examples show typical use cases and scenarios of setting up an issuer backend for various ecosystems.
Create a new _Secp256k1_** key**
Sample output
Create a new _did:ebsi_
Sample output
Register the DID on the EBSI blockchain
Set the _issuerDid_** config property**
issuer-config.json
Create a new _did:web_
Run the following command, replacing the _domain** (-d) and **path_** (-p) arguments**, matching your web server on which you can publish the did document:
Observe the command output:
Publish the DID document on the web server
Copy the DID document from the above command output, and publish it on your web server, on the path printed by that same command.
The DID document in this example should be resolvable from this URL:
https://walt.id/.well-known/my-issuer/did.json
The domain and path will be different in your case.
Set the _issuerDid_** config property**
issuer-config.json
If you want to use an existing DID, that you own, for issuance, you can import it, given that you have access to the associated private key and DID document. If the DID is resolvable through the standard mechanism of the given DID method, only the private key is required.
The private key should be available in JWK or PEM format.
Import private key from JWK file
In this example, we import a private key from the file priv.jwk:
Output
Now we can import the DID, either by importing the DID document from a local JSON file, OR by resolving it from a public registry or likewise, depending on the DID method.
Option 1: Resolve and import DID
In this example, we import a did:key, for which the DID document can be derived without external DID registry, and associate it with the previously imported key ID:
Option 2: Import DID document
In case, the DID document cannot be resolved or derived, we can also import the DID document from a local JSON file:
The relevant output for both import options, will look similar to this:
Output
Set the _issuerDid_** config property**
issuer-config.json
Since the issuer portal backend is implemented in the same service as the wallet backend, refer to the wallet backend setup section for .
Get the bearer token from , and then execute these commands:
Also refer to
Also refer to
Also refer to