/entra-sandbox

Primary LanguageCSSApache License 2.0Apache-2.0

Issuer web for Microsoft Entra Verified ID

About

A sample implementation of issuer web application for Microsoft Entra Verified ID.
Working demo is running here

Setup

  • Basically following steps on Microsoft's official documents. here

0. Prerequirements

  • Valid Microsoft Azure Subscription and working Entra Verified ID environment.
    • Setup Entra Verified ID tenant and define Verifiable Credential issuance settings. Following information will be required during setting this issuer web.
      • Azure AD tenant ID
      • client_id
      • client_secret
      • issuer DID
      • VC manifest url
  • OpenID Provider such as Azure AD B2C, Auth0, etc.
    • Create client and get following information.
      • issuer uri
      • client_id
      • client_secret

1. Clone Repository

git clone https://github.com/did-developer-community/entra-sandbox.git

2. Install required modules

npm Install

3. Setup environments

rename .env.sample to .env and fill out required parameters regarding your environments.

# Basic configuration
baseURL='https://d6fb-2.....7-906c.ngrok.io'
cookie_secret_key='cookie_secret_key'
# Entra Verified Id API client application configuration
vcApp_azTenantId='b9a.....6486a'
vcApp_client_id='21b3.....619423a5'
vcApp_client_secret='FqG8.....OdrZ'
vcApp_scope='3db474b9-6a0c-4840-96ac-1fceb342124f/.default' <= do not change this value
# OIDC client configuration for user authentication
oidc_auth_client_id='4230d....005e1f'
oidc_auth_issuerBaseURL='https://xxxx.b2clogin.com/xxxx.onmicrosoft.com/B2C_1A_SUSI/v2.0'
oidc_auth_secret='FqG8.....OdrZ'
# VC Issuer configuration
issuance_requestTemplate='./config/issuance_request_template.json'
issuance_authority='did:web:vc.diddc.co'
issuance_registration_clientName='DID Developer Community Entra Issuer'
issuance_registration_logoUrl='https://didwebstorage.blob.core.windows.net/logo/diddc_logo.png'
issuance_registration_termsOfServiceUrl='https://www.microsoft.com/ja-jp/legal/terms-of-use'
issuance_type='["DIDCMemberCredential"]'
issuance_CredentialManifest='https://verifiedid.did.msidentity.com/v1.0/tenants/b9a84eb8-a888-4f41-bb75-43447e36486a/verifiableCredentials/contracts/YjlhODRlYjgtYTg4OC00ZjQxLWJiNzUtNDM0NDdlMzY0ODZhZGlkZGMgbWVtYmVy/manifest'

note) If you run ths issuer on your local environment, please use ngrok url as baseURL in the .env file.