LCRB Digital Age Verification Service (lcrb-dav)
A verifier application to enable the Digital Age Verification process involving the BC Person credential. This application is designed so that it can also be used for other use cases involving different presentation request template.
See here for more background and architectural info.
Running lcrb-dav will standup an aca-py
service with it's associated storage, controller
service with it's FastAPI backend, vanilla JavaScript frontend relying on Jinja2 template and polling GET
endpoints, and Mongo database.
The Digital Age Verification service was built as a usable prototype to validate the age verification use-case and provide implementers with an example to be used as reference when implementing age verification. The project has been retired as it is not going to be actively maintained, but still serves its purpose of demonstrating the technical stack and potential integration patterns.
Each developer must apply for an Ngrok token here. Then place the token into the .env-dev file within the docker directory.
NGROK_AUTHTOKEN=<your token here>
If you want to run the project in production mode, follow the instructions here.
To run the project in local development mode, open a shell in the docker folder and run the following commands:
./manage build
: this command will build the controller image. This step is required the first time the project is run, and when dependencies in change in the requirements file(s)../manage start
: this will start the project.- To reset everything (including removing container data and selected options in the
env
file) execute./manage rm
.
A list of all available commands is visible by executing ./manage -h
.
The project is set-up to run without needing any external dependencies by default, using a standalone agent in read-only that will target the ledgers specified in ledgers.yaml.
Before starting up lcrv-dav, a couple of things need to be considered:
- A proof configuration yaml proof_config.yaml is located at
/docker/dav-controller/proof_config.yaml
. This specifies the proof request template which will be used to generate the actual requests and corresponding QR codes. As seen with example yaml config below, it is possible to specify multiple proof request templates:age-verification-bc-person-credential
andage-verification-bc-person-credential-more-info
are the proof config identifiers.proof-request
specifies the template for the proof request generation.- Certain values related to datetime need to calculated in realtime and dynmaically updated before proof request is created.
$now
[current datetime as integer] and$threshold_date_19
[19 yr back birthdate as integer] are currently supported for this. - Labels for
request_attributes
andrequest_predicates
are autogenerated and updated.
- Certain values related to datetime need to calculated in realtime and dynmaically updated before proof request is created.
ui-revealed-attribs
specifies which attribs need to be revealed in the UIdisplay-text
specifies the header text to shown in the UI
age-verification-bc-person-credential: proof-request: name: age-verification version: "1.0" requested_attributes: - names: - picture restrictions: - schema_name: Person non_revoked: from: $now to: $now requested_predicates: - name: birthdate_dateint p_type: <= p_value: $threshold_date_19 restrictions: - schema_name: Person non_revoked: from: $now to: $now ui-revealed-attribs: - picture display-text: Scanning this QR code will verify age and identity. age-verification-bc-person-credential-more-info: proof-request: name: age-verification-more-info version: "1.0" requested_attributes: - names: - picture - given_names - family_name - country restrictions: - schema_name: Person non_revoked: from: $now to: $now requested_predicates: - name: birthdate_dateint p_type: <= p_value: $threshold_date_19 restrictions: - schema_name: Person non_revoked: from: $now to: $now ui-revealed-attribs: - picture - given_names - family_name - country display-text: Scanning this QR code will verify age and reveal name, country and picture.
- lcrb-dav verifier application currently only supports one proof type at runtime. This is specified by updating the following in /docker/manage L145-146
## proof configuration selection export DAV_PROOF_CONFIG_ID="age-verification-bc-person-credential"
- When running locally the application will be accessible at
http://localhost:5000/
.
Scan the QR code with BC Wallet application and proceed with the on screen instruction to complete the present-proof exchange and verify yourself.
If needed, you can obtain a Person Credential from the BC Wallet Showcase by completing the lawyer demo.
Several functions in lcrb-dav can be tweaked by using the following environment variables.
Variable | Type | What it does | NOTES |
---|---|---|---|
USE_OOB_PRESENT_PROOF | bool | if True, the present-proof request will be provided as a an out of band invitation with a present-proof request inside. If False, the present-proof request will be use the service-decorator | TRUE: BC Wallet supports our OOB Message with a minor glitch, BiFold, Lissi, Trinsic, and Estatus all read the QR code as 'Invalid' FALSE: Works with |
LOG_WITH_JSON | bool | If True, logging output should printed as JSON if False it will be pretty printed. | Default behavior will print as JSON. |
LOG_TIMESTAMP_FORMAT | string | determines the timestamp formatting used in logs | Default is "iso" |
LOG_LEVEL | "DEBUG", "INFO", "WARNING", or "ERROR" | sets the minimum log level that will be printed to standard out | Defaults to DEBUG |
DAV_PROOF_CONFIG_ID | "age-verification-bc-person-credential" | sets the proof template config to be used | Defaults to "age-verification-bc-person-credential" |