/findy-agent-auth

Authentication services for Findy agency

Primary LanguageGoApache License 2.0Apache-2.0

findy-agent-auth

test codecov last-commit

Findy Agency is an open-source project for a decentralized identity agency. OP Lab developed it from 2019 to 2024. The project is no longer maintained, but the work will continue with new goals and a new mission. Follow the blog for updates.

Authentication services for Findy agency.

Getting Started

Findy Agency is a collection of services (Core, this service, Findy Vault and Web Wallet) that provide full SSI agency along with a web wallet for individuals. To start experimenting with Findy Agency we recommend you to start with the documentation and set up the agency to your localhost environment.

Server

This project provides FIDO2/WebAuthn authentication service for findy agency clients. The service implements the WebAuthn protocol providing means to securely

  • initiate user registration,
  • finish user registration,
  • initiate authentication and
  • finish authentication.

The authentication service can be utilized for example by any web app running in a compatible browser.

During a successful registration the user is onboarded to findy core agency and an Aries compatible cloud agent is allocated for the user. After registration, user can generate a token for findy agency with this authentication service. This token is required by agency API.

Usage

$ go run . \
    --port 8088 \                       # port for this service
    --origin http://localhost:3000 \    # origin for browser requests
    --cors=true \                       # use CORS headers
    --agency localhost \                # core agency GRPC server address
    --gport 50051 \                     # core agency GRPC server port
    --cert-path /path/to/agency/cert \  # path to agency GRPC cert
    --jwt-secret agency-jwt-secret \    # agency JWT secret
    --admin agency-admin-id             # agency admin ID

Client

This project provides also library for authenticating headless clients. Headless authenticator is needed when implementing (organisational) services needing cloud agents. Check agency CLI for reference implementation.