[INJIMOB-2109] - create component and sequence diagram for Inji Wallet #1641
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # **Inji Wallet Components** | ||
|
|
||
| <!-- TOC --> | ||
|
|
||
| - [**Inji Wallet Components**](#inji-wallet-components) | ||
| _ [**Inji Wallet UI**](#inji-wallet-ui) | ||
| [**Mimoto**](#mimoto) | ||
| _ [**Native Components**](#native-components) | ||
| <!-- TOC --> | ||
|
|
||
| ### **Inji Wallet UI** | ||
|
|
||
| This is a mobile application for Android and iOS developed in react native. | ||
|
|
||
| - It offers a secure, trustworthy, and dependable mobile Verifiable Credentials wallet designed to fulfil the following functions | ||
| - Download and store Verifiable Credentials | ||
| - Share Verifiable Credentials | ||
| - Enable users to log in to relying parties with their credential | ||
| - Generate a QR code for the credential to be shared offline with relying parties. | ||
|
|
||
| ### **Mimoto** | ||
|
|
||
| Mimoto is a BFF(Backend for Frontend) for Inji Wallet. It's being used to serve default configuration, list of trusted issuers and few other services as mentioned below: | ||
|
|
||
| - Gives default properties needed by Inji Wallet | ||
| - Gives the list of issuers supported by the Inji Wallet through mimoto-issuers-config.json | ||
| - Gives access token based on authorization code to download credential | ||
| - Allows wallet binding so that user can log in to relying party | ||
|
|
||
| ### **Native Components** | ||
|
|
||
| There are many components which are being used to build Inji wallet. Each of these components supports some specification or use-cases required by Inji Wallet. | ||
|
|
||
| - **Secure-Keystore** is a module to create and store keys in android hardware keystore and helps to do encryption, decryption, and hmac calculation. Please find more details [here](https://docs.mosip.io/inji/inji-wallet/technical-overview/components#id-3.-secure-keystore) | ||
| - **Tuvali** is a module for the OpenID for Verifiable Presentations over BLE implementation to support sending vc/vp using Bluetooth Low Energy local channel. Please find more details [here](https://docs.mosip.io/inji/inji-wallet/technical-overview/components#id-1.-tuvali-sharing-via-ble) | ||
| - **Pixelpass** is a module to generate QR code from VC data and decode from QR to get VC data. Please find more details [here](https://docs.mosip.io/inji/inji-wallet/technical-overview/components#id-5.-pixelpass) | ||
| - **VCI client** is a module to support OpenId4VCI specification for downloading the credential. Please find more details [here](https://docs.mosip.io/inji/inji-wallet/technical-overview/components#id-5.-pixelpass) | ||
| - **Face Match** is a module which supports offline face verification. Please find more details [here](https://docs.mosip.io/inji/inji-wallet/technical-overview/components#id-2.-face-match) | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # **Understanding the workflow** | ||
|
|
||
| ### **Inji Wallet** | ||
|
|
||
| - The user installs the application on Android or iOS device. | ||
| - Application link is available in our sandbox env https://collab.mosip.net/ | ||
| - After installation, user will be asked to select unlock method as passcode or biometric to add security to the application | ||
| - After selecting unlock method, user will be navigated to Home screen. | ||
| - After this, user can download the verifiable credentials for trusted issuers configured in mimoto. | ||
| - Mimoto maintains a list of trusted issuers and that is sourced from [mimoto-issuers-configuration](https://github.com/mosip/inji-config/blob/collab/mimoto-issuers-config.json) | ||
| - Use can tap on plus icon on home screen. It will fetch the trusted issuer list from mimoto and display it. | ||
|
|
||
| ### **Selection of Issuer and credential type:** | ||
|
|
||
| - The users can select an Issuer from the list of trusted issuers | ||
| - On clicking the issuer, user will be redirected to credential Types, where user will be displayed with list of credentials supported by the selected issuer. | ||
| - Credential Types of the issuers are sourced from the issuers wellknown **"/.well-known/openid-credential-issuer"** | ||
| - The users can select a credential type from the available options provided by the issuers. | ||
|
|
||
| **Sequence Diagram for the Inji Wallet is mentioned here** | ||
|
|
||
|  | ||
|
|
||
| ### **Authorization** | ||
|
|
||
| - When the user selects any credential type, user is redirected to the authorization page for that specific issuer. | ||
|
There was a problem hiding this comment. We need more technical details like the webview part |
||
| - This authorization page is managed by `OAuth Authorization server (eSignet)` and will be rendered in webview inside Inji App. | ||
| - User will be asked to provide details for authorization. | ||
| - Once authorization is successful, authorization server return the **"authorizationCode"** | ||
| - Inji Wallet sends the authorization code to authorization server through Mimoto to perform the client assertions. | ||
|
There was a problem hiding this comment. This part I believe need to be improve by a implementer to include assurance of the request indeed came from inji-wallet and not from post man. Do we have a store on this ? May in the sequence we should say that is required and need to implemented specific to inji wallet ? |
||
| - Once authorized, authorization server issues token response, which include **access_token**. | ||
| - The "access_token" will be used to download the credential through VCI. | ||
|
|
||
| ### **VC Issuance** | ||
|
|
||
| - Inji wallet generates a keypair using secure-keystore module and signs the credential request. | ||
| - It invokes the issuer's VCI endpoint and send this credential request along with access token issued during authorization. | ||
| - Inji Wallet receives the credential back, displays it and stores in internal storage to support offline transfer. | ||
|
|
||
| ### \*\*Display and Store Credential | ||
|
|
||
| - Inji Wallet uses the credential response and applies the issuers wellknown display properties to modify the template text and background colour. | ||
| - It also uses order field in wellknown to render the fields in the same order. | ||
|
|
||
| ### **Supported QR Codes** | ||
|
|
||
| - Inji Wallet uses Pixelpass libary to generate the QR to emded complete VC within the QR. | ||
| - This library supports the VC without biometric/face | ||
|
|
||
| ### **Offline BLE Sharing** | ||
|
|
||
| - Inji Wallet use Tuvali libary to support offline BLE sharing with relying parties or verifiers. | ||
| - The user can tap on kebab popup icon (three dots) and initiate the flow with share or share with selfie option. | ||
vishwa-vyom marked this conversation as resolved.
Show resolved
Hide resolved
There was a problem hiding this comment. In the sequence diagram, can we bring in the webview part also ? so it is little more clear that construction of authentication request is not part of the Inji wallet ? There was a problem hiding this comment. I think "opens webview" has to still explicitly come or it can be even a separate verticle line There was a problem hiding this comment. In sequence diagram, the generation QR code happens immediately after the VC is downloaded ? There was a problem hiding this comment. No,QR code generation happens once VC details page is opened and then it's cached. There was a problem hiding this comment. then the sequence diagram should be changed to give out the same understanding There was a problem hiding this comment. Ok, updated in sequence diagram |
||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| sequenceDiagram | ||
| actor User | ||
| User->>Inji Wallet: Launches Inji Wallet in mobile | ||
| Inji Wallet->>Mimoto: Fetch trusted issuers | ||
| Mimoto->>Inji Wallet: List of Issuers | ||
| User->>Inji Wallet: User chooses an issuer | ||
| Inji Wallet->>Issuer System / Inji Certify: Fetches issuers' well-known details | ||
| Issuer System / Inji Certify->>Inji Wallet: Provide List of Credential types | ||
| User->>Inji Wallet: User chooses a credential type | ||
| Inji Wallet->>OAuth Authorization server (eSignet): Authentication request | ||
| OAuth Authorization server (eSignet)->>Inji Wallet: Webview page is rendered to accept input for authentication | ||
| User->>OAuth Authorization server (eSignet): User provides details for authentication | ||
| OAuth Authorization server (eSignet)->>Inji Wallet: Authentication response with auth code | ||
| Inji Wallet->>Mimoto: Initiate Token request | ||
| Mimoto->>OAuth Authorization server (eSignet): Access Token request with client details | ||
| OAuth Authorization server (eSignet)->>Mimoto: Token response with access token | ||
| Mimoto->>Inji Wallet: Access token | ||
| Inji Wallet->>Issuer System / Inji Certify: Credential request with token | ||
| Issuer System / Inji Certify->>Inji Wallet: VC sent in response | ||
| Inji Wallet->>Inji Wallet: Store the VC and generate the QR code |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this link also points to pixelpass ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, my bad
copy/paste mistake, correcting it