From 9269ed4417f8028ab343db2b6ae60336288ae46d Mon Sep 17 00:00:00 2001 From: Allain Magyar Date: Mon, 25 Mar 2024 10:36:15 -0300 Subject: [PATCH] test: add e2e pipeline + html report (#121) Signed-off-by: Allain Magyar --- .github/workflows/e2e.yml | 58 ++ E2E/Package.swift | 6 +- E2E/e2eTests/Resources/html_report.html | 299 +++++++++ .../Source/Abilities/OpenEnterpriseAPI.swift | 2 +- E2E/e2eTests/Source/Abilities/Sdk.swift | 50 +- .../Source/Steps/EdgeAgentSteps.swift | 4 - .../Source/Workflows/EdgeAgentWorkflow.swift | 13 +- .../Configuration/TestConfiguration.swift | 2 +- .../TestFramework/Outcome/ActionOutcome.swift | 7 + .../Report/ConsoleReporter.swift | 4 +- .../TestFramework/Report/DotReporter.swift | 2 +- .../TestFramework/Report/HtmlReporter.swift | 90 ++- .../TestFramework/Report/JunitReporter.swift | 2 +- .../TestFramework/Report/Reporter.swift | 2 +- .../TestFramework/Screenplay/Actor.swift | 68 +- E2E/e2eTests/openapi.yaml | 617 +++++++++++++----- 16 files changed, 987 insertions(+), 239 deletions(-) create mode 100644 .github/workflows/e2e.yml create mode 100644 E2E/e2eTests/Resources/html_report.html create mode 100644 E2E/e2eTests/TestFramework/Outcome/ActionOutcome.swift diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml new file mode 100644 index 00000000..fa03a80c --- /dev/null +++ b/.github/workflows/e2e.yml @@ -0,0 +1,58 @@ +--- +name: End-to-end + +on: + push: + branches: + - main + - 'release/**' + schedule: + - cron: "0 3 * * *" + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + end-to-end: + name: build + runs-on: macos-13 + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - uses: maxim-lobanov/setup-xcode@v1 + with: + xcode-version: '15.0.1' + + - name: Install SSH Key + uses: shimataro/ssh-key-action@v2.3.0 + with: + key: ${{ secrets.SSH_PRIVATE_KEY }} + known_hosts: github.com + + - name: Adding Known Hosts + run: ssh-keyscan -H github.com >> ~/.ssh/known_hosts + + - name: Run tests + working-directory: E2E + env: + GITHUB_ACTOR: ${{ github.actor }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: xcodebuild build test -scheme "e2e-Package" -destination "platform=iOS Simulator,name=IPhone 14" -resultBundlePath e2eTests/Target/TestResults.xcresult | xcpretty + + - name: Publish tests results + uses: kishikawakatsumi/xcresulttool@v1.7.1 + with: + path: E2E/e2eTests/Target/TestResults.xcresult + token: ${{ secrets.GITHUB_TOKEN }} + show-code-coverage: true + if: success() || failure() + + - name: Publish report + uses: actions/upload-artifact@v4 + with: + name: swift-report + path: E2E/e2eTests/Target/report.html + if-no-files-found: error diff --git a/E2E/Package.swift b/E2E/Package.swift index db79c4b6..64a1e717 100644 --- a/E2E/Package.swift +++ b/E2E/Package.swift @@ -9,9 +9,9 @@ let package = Package( products: [ ], dependencies: [ - .package(url: "https://github.com/apple/swift-openapi-generator", .upToNextMinor(from: "0.3.4")), - .package(url: "https://github.com/apple/swift-openapi-runtime", .upToNextMinor(from: "0.3.6")), - .package(url: "https://github.com/apple/swift-openapi-urlsession", .upToNextMinor(from: "0.3.0")), + .package(url: "https://github.com/apple/swift-openapi-generator", .upToNextMinor(from: "1.2.1")), + .package(url: "https://github.com/apple/swift-openapi-runtime", .upToNextMinor(from: "1.3.2")), + .package(url: "https://github.com/apple/swift-openapi-urlsession", .upToNextMinor(from: "1.0.1")), .package(url: "https://github.com/nschum/SwiftHamcrest", .upToNextMajor(from: "2.2.1")), .package(path: "../") ], diff --git a/E2E/e2eTests/Resources/html_report.html b/E2E/e2eTests/Resources/html_report.html new file mode 100644 index 00000000..f8fd73a4 --- /dev/null +++ b/E2E/e2eTests/Resources/html_report.html @@ -0,0 +1,299 @@ + + + + + + + Swift E2E Report + + + + + + + + + + + + +
+ +

Features

+ + + +

Scenarios

+ + +
+ + + +
+ + + + + + \ No newline at end of file diff --git a/E2E/e2eTests/Source/Abilities/OpenEnterpriseAPI.swift b/E2E/e2eTests/Source/Abilities/OpenEnterpriseAPI.swift index 6f4189e6..38ee564e 100644 --- a/E2E/e2eTests/Source/Abilities/OpenEnterpriseAPI.swift +++ b/E2E/e2eTests/Source/Abilities/OpenEnterpriseAPI.swift @@ -242,7 +242,7 @@ class OpenEnterpriseAPI: Ability { version: "1.0.0", tag: "automation-test", author: issuerId, - schemaId: "\(Config.agentUrl)/schema-registry/schemas/\(anoncredSchemaGuid)", + schemaId: "\(Config.agentUrl)/schema-registry/schemas/\(anoncredSchemaGuid)/schema", signatureType: "CL", supportRevocation: true ) diff --git a/E2E/e2eTests/Source/Abilities/Sdk.swift b/E2E/e2eTests/Source/Abilities/Sdk.swift index 89110cd3..54f2f79d 100644 --- a/E2E/e2eTests/Source/Abilities/Sdk.swift +++ b/E2E/e2eTests/Source/Abilities/Sdk.swift @@ -62,7 +62,7 @@ class Sdk: Ability { ).build() PrismAgent.setupLogging(logLevels: [ - .prismAgent: .warning + .prismAgent: .info ]) prismAgent = PrismAgent( @@ -153,56 +153,44 @@ class Sdk: Ability { pluto: Pluto, castor: Castor ) -> AnyPublisher<[Secret], Error> { - pluto.getAllPeerDIDs() + pluto.getAllKeys() .first() - .flatMap { array in + .flatMap { keys in Future { - try await array.asyncMap { did, privateKeys, _ in - let privateKeys = try await privateKeys.asyncMap { - try await keyRestoration.restorePrivateKey($0) - } - let secrets = try parsePrivateKeys( - did: did, - privateKeys: privateKeys, - castor: castor - ) - - return secrets - } + let privateKeys = await keys.asyncMap { + try? await keyRestoration.restorePrivateKey($0) + }.compactMap { $0 } + return try parsePrivateKeys( + privateKeys: privateKeys, + castor: castor + ) } } - .map { - $0.compactMap { - $0 - }.flatMap { - $0 - } } .eraseToAnyPublisher() } static private func parsePrivateKeys( - did: DID, privateKeys: [PrivateKey], castor: Castor ) throws -> [Domain.Secret] { return try privateKeys - .map { $0 as? (PrivateKey & ExportableKey) } + .map { $0 as? (PrivateKey & ExportableKey & StorableKey) } .compactMap { $0 } .map { privateKey in - let ecnumbasis = try castor.getEcnumbasis(did: did, publicKey: privateKey.publicKey()) - return (did, privateKey, ecnumbasis) + return privateKey } - .map { did, privateKey, ecnumbasis in + .map { privateKey in try parseToSecret( - did: did, privateKey: privateKey, - ecnumbasis: ecnumbasis + identifier: privateKey.identifier ) } } - static private func parseToSecret(did: DID, privateKey: PrivateKey & ExportableKey, ecnumbasis: String) throws -> Domain.Secret { - let id = did.string + "#" + ecnumbasis + static private func parseToSecret( + privateKey: PrivateKey & ExportableKey, + identifier: String + ) throws -> Domain.Secret { let jwk = privateKey.jwk guard let dataJson = try? JSONEncoder().encode(jwk), @@ -211,7 +199,7 @@ class Sdk: Ability { throw CommonError.invalidCoding(message: "Could not encode privateKey.jwk") } return .init( - id: id, + id: identifier, type: .jsonWebKey2020, secretMaterial: .jwk(value: stringJson) ) diff --git a/E2E/e2eTests/Source/Steps/EdgeAgentSteps.swift b/E2E/e2eTests/Source/Steps/EdgeAgentSteps.swift index 18476efb..a7a334dc 100644 --- a/E2E/e2eTests/Source/Steps/EdgeAgentSteps.swift +++ b/E2E/e2eTests/Source/Steps/EdgeAgentSteps.swift @@ -1,8 +1,5 @@ import Foundation -enum Riri: Error { - case Riri(message: String) -} class EdgeAgentSteps: Steps { @Step("{actor} sends the present-proof") var edgeAgentSendsThePresentProof = { (edgeAgent: Actor) in @@ -17,7 +14,6 @@ class EdgeAgentSteps: Steps { @Step("{actor} accepts {int} credential offer sequentially from {actor}") var edgeAgentAcceptsCredentialsOfferSequentiallyFromCloudAgent = { (edgeAgent: Actor, numberOfCredentials: Int, cloudAgent: Actor) in -// throw TestFramework.Failure.parameterTypeNotFound var recordIdList: [String] = [] for _ in 0..(ability: T.Type, action: String // = "executes an action" ) throws -> T.AbilityInstanceType { - if !abilities.contains(where: { $0.key == String(describing: ability.self) }) { - throw ActorError.CantUseAbility("Actor [\(name)] don't have the ability to use [\(ability.self)]") + let dummy = ability.init(self) + return try execute("\(name) \(action) using \(dummy.abilityName)") { + if !abilities.contains(where: { $0.key == String(describing: ability.self) }) { + throw ActorError.CantUseAbility("Actor [\(name)] don't have the ability to use [\(ability.self)]") + } + let ability = getAbility(ability) + return ability.instance() } - let ability = getAbility(ability) - TestConfiguration.shared().report(.ACTION, "\(name) \(action) using \(ability.abilityName)") - return ability.instance() } func waitUsingAbility(ability: T.Type, action: String, // = "an expectation is met", callback: (_ ability: T.AbilityInstanceType) async throws -> Bool ) async throws { - let ability = getAbility(ability) - TestConfiguration.shared().report(.ACTION, "\(name) waits until \(action) using \(ability.abilityName)") - return try await Wait.until { - try await callback(ability.instance()) + let dummy = ability.init(self) + return try await execute("\(name) waits until \(action) using \(dummy.abilityName)") { + let ability = getAbility(ability) + return try await Wait.until { + try await callback(ability.instance()) + } } + } func remember(key: String, value: Any) throws { - TestConfiguration.shared().report(.ACTION, "\(name) remembers [\(key)]") - context[key] = value + return execute("\(name) remembers [\(key)]") { + context[key] = value + } } func recall(key: String) throws -> T { - TestConfiguration.shared().report(.ACTION, "\(name) recalls [\(key)]") - XCTAssert(context[key] != nil, "Unable to recall [\(key)] all I know is \(context.keys)") - if (context[key] == nil) { - throw ActorError.CantFindNote("\(name) don't have any note named [\(key)]") + return try execute("\(name) recalls [\(key)]") { + if (context[key] == nil) { + throw ActorError.CantFindNote("\(name) don't have any note named [\(key)]") + } + return context[key] as! T + } + } + + private func execute(_ message: String, _ closure: () async throws -> T) async rethrows -> T { + let actionOutcome = ActionOutcome() + actionOutcome.action = message + do { + let result = try await closure() + actionOutcome.executed = true + TestConfiguration.shared().report(.ACTION, actionOutcome) + return result + } catch { + actionOutcome.error = error + TestConfiguration.shared().report(.ACTION, actionOutcome) + throw error + } + } + + private func execute(_ message: String, _ closure: () throws -> T) rethrows -> T { + let actionOutcome = ActionOutcome() + actionOutcome.action = message + do { + let result = try closure() + actionOutcome.executed = true + TestConfiguration.shared().report(.ACTION, actionOutcome) + return result + } catch { + actionOutcome.error = error + TestConfiguration.shared().report(.ACTION, actionOutcome) + throw error } - return context[key] as! T } /// Here we could add attempsTo where actor can run actions, wait, etc diff --git a/E2E/e2eTests/openapi.yaml b/E2E/e2eTests/openapi.yaml index 9b991ad8..539da261 100644 --- a/E2E/e2eTests/openapi.yaml +++ b/E2E/e2eTests/openapi.yaml @@ -1,7 +1,136 @@ -openapi: 3.1.0 +openapi: 3.0.3 info: - title: Prism Agent - version: 1.20.1 + title: Open Enterprise Agent API Reference + version: 1.28.0 + description: |2 + + The Open Enterprise Agent API facilitates the integration and management of self-sovereign identity capabilities within applications. + It supports DID (Decentralized Identifiers) management, verifiable credential exchange, and secure messaging based on DIDComm standards. + The API is designed to be interoperable with various blockchain and DLT (Distributed Ledger Technology) platforms, ensuring wide compatibility and flexibility. + Key features include connection management, credential issuance and verification, and secure, privacy-preserving communication between entities. + Additional information and the full list of capabilities can be found in the [Open Enterprise Agent documentation](https://docs.atalaprism.io/docs/category/prism-cloud-agent) + termsOfService: |2 + + Users of the Open Enterprise Agent API must adhere to the terms and conditions outlined in [Link to Terms of Service](/). + This includes compliance with relevant data protection regulations, responsible usage policies, and adherence to the principles of decentralized identity management. + license: + name: Apache 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0 +tags: +- name: Connections Management + description: |2 + + The 'Connections Management' endpoints facilitate the initiation of connection flows between the current Agent and peer Agents, regardless of whether they reside in Cloud Agent or edge environments. +
+ This implementation adheres to the DIDComm Messaging v2.0 - [Out of Band Messages](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) specification [section 9.5.4](https://identity.foundation/didcomm-messaging/spec/v2.0/#invitation) - to generate invitations. + The from field of the out-of-band invitation message contains a freshly generated Peer DID that complies with the [did:peer:2](https://identity.foundation/peer-did-method-spec/#generating-a-didpeer2) specification. + This Peer DID includes the 'uri' location of the DIDComm messaging service, essential for the invitee's subsequent execution of the connection flow. +
+ Upon accepting an invitation, the invitee sends a connection request to the inviter's DIDComm messaging service endpoint. + The connection request's 'type' attribute must be specified as "https://atalaprism.io/mercury/connections/1.0/request". + The inviter agent responds with a connection response message, indicated by a 'type' attribute of "https://atalaprism.io/mercury/connections/1.0/response". + Both request and response types are proprietary to the Open Enterprise Agent ecosystem. +- name: Verification + description: |2- + + The __Verification__ endpoints enable the management and lookup of verification policies,which are applied to W3C Verifiable Credentials in JWT format. + + Users can retrieve and paginate existing policies or create new ones. + These policies determine the verification criteria, allowing users to specify constraints such as `schemaId` and `trustedIssuers` in the current implementation. + + The constraints are defined using the `schemaId` and a sequence of `trustedIssuers`. + This functionality ensures the system's integrity and adherence to specific verification requirements. + + Endpoints are secured by __apiKeyAuth__ or __jwtAuth__ authentication. +- name: Schema Registry + description: |2 + + The __Schema Registry__ is a REST API that allows to publish and lookup credential schemas in [W3C](https://w3c.github.io/vc-json-schema/) and [AnonCreds](https://hyperledger.github.io/anoncreds-spec/#term:schema) formats. + + The Credential Schema is a JSON document that describes the structure of the credential and consists of the following parts: metadata, schema and signature. + The metadata contains the following fields: + * `id` - locally unique identifier of the schema + * `version` - version of the schema + * `author` - the DID of the issuer of the schema + * `guid` - globally unique identifier of the schema (generated by the Schema Registry based on `author`, `id` and `version`) + * `name` - name of the schema + * `tags` - list of tags that describe the schema + * `createdAt` - timestamp of the schema creation + * `description` - description of the schema + + The schema contains the JSON Schema that describes the structure of the credential in the `schema` field + The signature contains the signature of the schema by the issuer in the `proof` field. The signature is generated by the issuer's DID key using Ed25519Signature2020 method. + + The __Credential Schema__ object is immutable, so update operation creates a new version of the schema. + The __Credential Schema__ is referenced via `schemaId` field in the issuance and verification flows. + + Endpoints are secured by __apiKeyAuth__ or __jwtAuth__ authentication. + externalDocs: + url: https://docs.atalaprism.io/tutorials/schemas/credential-schema + description: Credential Schema documentation +- name: Credential Definition Registry + description: |2 + + The __Credential Definition Registry__ is a REST API that allows to publish and lookup [Anoncreds Credential Definition](https://hyperledger.github.io/anoncreds-spec/#term:credential-definition) entities. + + A credential definition is generated by the issuer before credential any issuances and published for anyone (primarily holders and verifiers) to use. + In generating the published credential definition, related private data is also generated and held as a secret by the issuer. + The secret data includes the private keys necessary to generate signed verifiable credentials that can be presented and verified using the published credential definition. + + Endpoints are secured by __apiKeyAuth__ or __jwtAuth__ authentication. + externalDocs: + url: https://docs.atalaprism.io/tutorials/category/credential-definition + description: Credential Definition documentation +- name: DID + description: |2 + + The __DID__ endpoints expose publicly available DID operations. + + The key distinction from the __DID Registrar__ endpoints is that it directly exposes the DID resources interfacing with the [VDR](https://www.w3.org/TR/did-core/#dfn-verifiable-data-registry). + It is independent of the key management and the exposed operations are not part of the tenancy within the Agent. + It serves as a proxy for interacting with the VDR, facilitating actions like resolving DIDs. +- name: DID Registrar + description: |2 + + The __DID Registrar__ endpoints facilitate the management of [PRISM DIDs](https://github.com/input-output-hk/prism-did-method-spec) hosted in the cloud agent. + + Implentation of [DID management](https://docs.atalaprism.io/docs/atala-prism/prism-cloud-agent/did-management/) in the cloud agent. + The agent securely manages and stores DIDs along with their keys in its secret storage. + These endpoints allow users to create, read, update, deactivate, and publish without direct exposure to the key material. + These DIDs can be utilized for various operations during issuance and verification processes. + + More examples and tutorials can be found in this [documentation](https://docs.atalaprism.io/tutorials/category/dids/). +- name: Wallet Management + description: |2 + + The __Wallet Management__ endpoints enable both users and administrators to manage [wallets](https://docs.atalaprism.io/docs/concepts/multi-tenancy#wallet). + + In a multitenant agent, wallet is a container for various resources (e.g. Connections, DIDs) and it isolates the access based on the authorization settings. + [Admnistrator](https://docs.atalaprism.io/docs/concepts/glossary#administrator) can utilize the endpoints to manage and onboard [tenants](https://docs.atalaprism.io/docs/concepts/glossary#tenant). + See [this example](https://docs.atalaprism.io/tutorials/multitenancy/tenant-onboarding-ext-iam) for instructions how to utilize the endpoints for administrator. + Tenants can also manage and onboard their own wallets using these endpoints depending on the configuration. + See [this document](https://docs.atalaprism.io/tutorials/multitenancy/tenant-onboarding-ext-iam) for a detailed example for self-service tenants onboarding. + + Wallet permissions are controlled by [UMA](https://docs.atalaprism.io/docs/concepts/glossary#uma) configuration which the agent + exposes endpoints to easily configure wallet access using `uma-permissions` resource. + The permissions can also be configured out-of-band directly on the external IAM provider that supports the UMA standard. +- name: System + description: |2 + + The __System__ is a REST API that allows to check the system health and scrap the runtime metrics. + + The __health__ endpoint returns the current version of the running service. + This information can be used to check the health status of the running service in the docker or kubernetes environment. + + The __metrics__ endpoint returns the runtime metrics of the running service scraped from the internal prometheus registry. + This information is collected by the prometheus server and can be used to monitor the running service. +servers: +- url: http://localhost:8085 + description: Local Prism Agent +- url: http://localhost/prism-agent + description: Local Prism Agent with APISIX proxy +- url: https://k8s-dev.atalaprism.io/prism-agent + description: Prism Agent on the Staging Environment paths: /credential-definition-registry/definitions: get: @@ -38,12 +167,16 @@ paths: example: licence - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -239,12 +372,16 @@ paths: example: driving - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -438,28 +575,34 @@ paths: application/json: schema: $ref: '#/components/schemas/ErrorResponse' - /schema-registry/test: + /schema-registry/schemas/{guid}/schema: get: tags: - Schema Registry - summary: Trace the request input from the point of view of the server - description: Trace the request input from the point of view of the server - operationId: test + summary: Fetch the schema from the registry by `guid` + description: Fetch the credential schema by the unique identifier + operationId: getRawSchemaById + parameters: + - name: guid + in: path + required: true + schema: + type: string + format: uuid responses: '200': - description: '' + description: Raw JSON response of the CredentialSchema content: application/json: - schema: - type: string + schema: {} '400': description: Invalid request parameters content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' - '403': - description: Forbidden + '404': + description: Resource could not be found content: application/json: schema: @@ -470,9 +613,6 @@ paths: application/json: schema: $ref: '#/components/schemas/ErrorResponse' - security: - - apiKeyAuth: [] - - jwtAuth: [] /verification/policies: get: tags: @@ -484,6 +624,8 @@ paths: parameters: - name: name in: query + description: A human-readable name for the verification policy. The `name` + cannot be empty. required: false schema: type: string @@ -510,7 +652,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicyPage' + $ref: '#/components/schemas/VerificationPolicyResponsePage' '400': description: Invalid request parameters content: @@ -551,7 +693,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' '400': description: Invalid request parameters content: @@ -594,7 +736,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' '400': description: Invalid request parameters content: @@ -655,7 +797,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' '400': description: Invalid request parameters content: @@ -731,31 +873,43 @@ paths: get: tags: - Connections Management - summary: Gets the list of connection records. - description: Get the list of connection records paginated + summary: Retrieves the list of connection flow records available from the Agent's + database. + description: |2 + + Retrieve of a list containing connections available from the Agent's database. + The API returns a comprehensive collection of connection flow records within the system, regardless of their state. + Each connection item includes essential metadata such as connection ID, thread ID, state, role, participant information, and other relevant details. + Pagination support is available, allowing for efficient handling of large datasets. operationId: getConnections parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer format: int32 - name: thid in: query - description: The thid of a DIDComm communication. + description: The `thid`, shared between the inviter and the invitee, that + uniquely identifies a connection flow. required: false schema: type: string responses: '200': - description: The list of connection records. + description: The list of connection flow records available from the Agent's + database content: application/json: schema: @@ -784,15 +938,19 @@ paths: post: tags: - Connections Management - summary: Creates a new connection record and returns an Out of Band invitation. + summary: Create a new connection invitation that can be delivered out-of-band + to a peer Agent. description: |2 - Generates a new Peer DID and creates an [Out of Band 2.0](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) invitation. - It returns a new connection record in `InvitationGenerated` state. - The request body may contain a `label` that can be used as a human readable alias for the connection, for example `{'label': "Bob"}` + Create a new connection invitation that can be delivered out-of-band to a peer Agent, regardless of whether it resides in Cloud Agent or edge environment. + The generated invitation adheres to the DIDComm Messaging v2.0 - [Out of Band Messages](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) specification [section 9.5.4](https://identity.foundation/didcomm-messaging/spec/v2.0/#invitation). + The from field of the out-of-band invitation message contains a freshly generated Peer DID that complies with the [did:peer:2](https://identity.foundation/peer-did-method-spec/#generating-a-didpeer2) specification. + This Peer DID includes the 'uri' location of the DIDComm messaging service, essential for the invitee's subsequent execution of the connection flow. + In the Agent database, the created connection record has an initial state set to `InvitationGenerated`. + The request body may contain a `label` that can be used as a human readable alias for the connection, for example `{'label': "Connection with Bob"}` operationId: createConnection requestBody: - description: JSON object required for the connection creation + description: JSON object required for the connection creation. content: application/json: schema: @@ -831,20 +989,25 @@ paths: get: tags: - Connections Management - summary: Gets an existing connection record by its unique identifier. - description: Gets an existing connection record by its unique identifier + summary: Retrieves a specific connection flow record from the Agent's database + based on its unique `connectionId`. + description: |2 + + Retrieve a specific connection flow record from the Agent's database based in its unique `connectionId`. + The API returns a comprehensive collection of connection flow records within the system, regardless of their state. + The returned connection item includes essential metadata such as connection ID, thread ID, state, role, participant information, and other relevant details. operationId: getConnection parameters: - name: connectionId in: path - description: The unique identifier of the connection record. + description: The `connectionId` uniquely identifying the connection flow record. required: true schema: type: string format: uuid responses: '200': - description: The connection record. + description: The specific connection flow record. content: application/json: schema: @@ -880,12 +1043,15 @@ paths: post: tags: - Connections Management - summary: Accepts an Out of Band invitation. + summary: Accept a new connection invitation received out-of-band from another + peer Agent. description: |2 - Accepts an [Out of Band 2.0](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) invitation, generates a new Peer DID, - and submits a Connection Request to the inviter. - It returns a connection object in `ConnectionRequestPending` state, until the Connection Request is eventually sent to the inviter by the prism-agent's background process. The connection object state will then automatically move to `ConnectionRequestSent`. + Accept an new connection invitation received out-of-band from another peer Agent. + The invitation must be compliant with the DIDComm Messaging v2.0 - [Out of Band Messages](https://identity.foundation/didcomm-messaging/spec/v2.0/#out-of-band-messages) specification [section 9.5.4](https://identity.foundation/didcomm-messaging/spec/v2.0/#invitation). + A new connection record with state `ConnectionRequestPending` will be created in the agent database and later processed by a background job to send a connection request to the peer Agent. + The created record will contain a newly generated pairwise Peer DID used for that connection. + A connection request will then be sent to the peer Agent to actually establish the connection, moving the record state to `ConnectionRequestSent`, and waiting the connection response from the peer Agent. operationId: acceptConnectionInvitation requestBody: description: The request used by an invitee to accept a connection invitation @@ -953,17 +1119,11 @@ paths: schema: $ref: '#/components/schemas/DIDDocument' '400': - description: '' + description: Invalid value content: - application/ld+json; profile=https://w3id.org/did-resolution: - schema: - $ref: '#/components/schemas/DIDResolutionResult' - application/did+ld+json: + text/plain: schema: type: string - description: Empty representation - format: binary - example: '' '404': description: '' content: @@ -974,7 +1134,6 @@ paths: schema: type: string description: Empty representation - format: binary example: '' '406': description: '' @@ -986,7 +1145,6 @@ paths: schema: type: string description: Empty representation - format: binary example: '' '410': description: '' @@ -998,7 +1156,6 @@ paths: schema: type: string description: Empty representation - format: binary example: '' '500': description: '' @@ -1010,7 +1167,6 @@ paths: schema: type: string description: Empty representation - format: binary example: '' '501': description: '' @@ -1022,34 +1178,36 @@ paths: schema: type: string description: Empty representation - format: binary example: '' /did-registrar/dids: get: tags: - DID Registrar - summary: List all DIDs stored in Prism Agent's wallet + summary: List all DIDs stored in the agent's wallet description: |- - List all DIDs stored in Prism Agent's wallet. + List all DIDs stored in the agent's wallet. Return a paginated items ordered by created timestamp. - If the `limit` parameter is not set, it defaults to 100 items per page. operationId: getDid-registrarDids parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer format: int32 responses: '200': - description: List Prism Agent managed DIDs + description: List the agent managed DIDs in the wallet content: application/json: schema: @@ -1078,10 +1236,12 @@ paths: post: tags: - DID Registrar - summary: Create unpublished DID and store it in Prism Agent's wallet + summary: Create an unpublished PRISM DID and store it in the agent's wallet description: |- - Create unpublished DID and store it inside Prism Agent's wallet. The private keys of the DID is - managed by Prism Agent. The DID can later be published to the VDR using publications endpoint. + Create an unpublished PRISM DID and store it in the agent's wallet. + The public/private keys of the DID will be derived according to the `didDocumentTemplate` and managed by the agent. + The DID can later be published to the VDR using the `publications` endpoint. + After the DID is created, it has the `CREATED` status. operationId: postDid-registrarDids requestBody: content: @@ -1091,7 +1251,7 @@ paths: required: true responses: '201': - description: Created unpublished DID. + description: Created an unpublished PRISM DID content: application/json: schema: @@ -1133,8 +1293,8 @@ paths: get: tags: - DID Registrar - summary: Get DID stored in Prism Agent's wallet - description: Get DID stored in Prism Agent's wallet + summary: Get a specific DID stored in the agent's wallet + description: Get a specific DID stored in the agent's wallet operationId: getDid-registrarDidsDidref parameters: - name: didRef @@ -1146,7 +1306,7 @@ paths: example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff responses: '200': - description: Get Prism Agent managed DID + description: Get a DID in the agent's wallet content: application/json: schema: @@ -1182,8 +1342,14 @@ paths: post: tags: - DID Registrar - summary: Publish the DID stored in Prism Agent's wallet to the VDR - description: Publish the DID stored in Prism Agent's wallet to the VDR. + summary: Publish the DID stored in the agent's wallet to the VDR + description: | + Initiate the publication of the DID stored in the agent's wallet to the VDR. + The publishing process is asynchronous. + Attempting to publish the same DID while the previous publication is ongoing will not initiate another publication. + After the submission of the DID publication, its status is changed to `PUBLICATION_PENDING`. + Upon confirmation after a predefined number of blocks, the status is changed to `PUBLISHED`. + In case of a failed DID publication, the status is reverted to `CREATED`. operationId: postDid-registrarDidsDidrefPublications parameters: - name: didRef @@ -1195,7 +1361,7 @@ paths: example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff responses: '202': - description: Publishing DID to the VDR. + description: Publishing DID to the VDR initiated content: application/json: schema: @@ -1231,13 +1397,13 @@ paths: post: tags: - DID Registrar - summary: Update DID in Prism Agent's wallet and post update operation to the - VDR + summary: Update DID in the agent's wallet and post update operation to the VDR description: |- - Update DID in Prism Agent's wallet and post update operation to the VDR. + Update DID in the agent's wallet and post the update operation to the VDR. + Only the DID with status `PUBLISHED` can be updated. This endpoint updates the DID document from the last confirmed operation. - Submitting multiple update operations without waiting for confirmation will result in - some operations being rejected as only one operation is allowed to be appended to the last confirmed operation. + The update operation is asynchornous operation and the agent will reject + a new update request if the previous operation is not yet comfirmed. operationId: postDid-registrarDidsDidrefUpdates parameters: - name: didRef @@ -1303,10 +1469,13 @@ paths: post: tags: - DID Registrar - summary: Deactivate DID in Prism Agent's wallet and post deactivate operation + summary: Deactivate DID in the agent's wallet and post deactivate operation to the VDR - description: Deactivate DID in Prism Agent's wallet and post deactivate operation - to the VDR. + description: |- + Deactivate DID in the agent's wallet and post deactivate operation to the VDR. + Only the DID with status `PUBLISHED` can be deactivated. + The deactivate operation is asynchornous operation and the agent will reject + a new deactivate request if the previous operation is not yet comfirmed. operationId: postDid-registrarDidsDidrefDeactivations parameters: - name: didRef @@ -1415,12 +1584,16 @@ paths: parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -1625,12 +1798,16 @@ paths: parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -1828,7 +2005,7 @@ paths: get: tags: - System - summary: As a system user, check the health status of the running service + summary: Check the health status of the running service description: Returns the health info object of the running service operationId: systemHealth responses: @@ -1854,12 +2031,13 @@ paths: get: tags: - System - summary: As a system user, check the health status of the running service - description: Returns the health info object of the running service + summary: Collect the runtime metrics of the running service + description: Returns the metrics of the running service from the internal Prometheus + registry operationId: systemMetrics responses: '200': - description: The metrics as pain strings. + description: The metrics as plain strings. content: text/plain: schema: @@ -1886,12 +2064,16 @@ paths: parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer @@ -1922,8 +2104,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] post: tags: - Identity and Access Management @@ -1970,8 +2152,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/entities/{id}/name: put: tags: @@ -2025,8 +2207,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/entities/{id}/walletId: put: tags: @@ -2080,8 +2262,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/entities/{id}: get: tags: @@ -2129,8 +2311,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] delete: tags: - Identity and Access Management @@ -2173,8 +2355,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /iam/apikey-authentication: post: tags: @@ -2217,8 +2399,8 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] delete: tags: - Identity and Access Management @@ -2260,30 +2442,36 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' security: - - {} - adminApiKeyAuth: [] + - jwtAuth: [] /wallets: get: tags: - Wallet Management - summary: List all wallets + summary: List all permitted wallets + description: List all permitted wallets. If the role is admin, returns all the + wallets. If the role is tenant, only return permitted wallets. operationId: getWallets parameters: - name: offset in: query + description: The number of items to skip before returning results. Default + is 0 if not specified. required: false schema: type: integer format: int32 - name: limit in: query + description: The maximum number of items to return. Defaults to 100 if not + specified. required: false schema: type: integer format: int32 responses: '200': - description: Successfully list all the wallets + description: Successfully list all permitted wallets content: application/json: schema: @@ -2314,9 +2502,12 @@ paths: tags: - Wallet Management summary: Create a new wallet - description: |- - Create a new wallet with optional to use provided seed. - The seed will be used for DID key derivation inside the wallet. + description: "Create a new wallet with the option to provide the seed.\nThe\ + \ seed will be used for all PRISM DID keypair derivation within the wallet.\n\ + \nIf the role is admin, a wallet can be created at any time.\nIf the role\ + \ is tenant, a wallet can only be created if there is no existing wallet permission\ + \ for that tenant.\nThe permission for the tenant will be automatically granted\ + \ after the wallet is created with tenant role.\n " operationId: createWallet requestBody: content: @@ -2326,7 +2517,7 @@ paths: required: true responses: '201': - description: A new wallet has been created + description: Successfully create a new wallet content: application/json: schema: @@ -2358,6 +2549,8 @@ paths: tags: - Wallet Management summary: Get the wallet by ID + description: Get the wallet by ID. If the role is tenant, only search the ID + of permitted wallets. operationId: getWalletsWalletid parameters: - name: walletId @@ -2407,6 +2600,10 @@ paths: - Wallet Management summary: Create a UMA resource permission on an authorization server for the wallet. + description: "Create a UMA resource permission on an authorization server for\ + \ the wallet.\nThis grants the wallet permission to the specified `subject`,\ + \ where the `subject` denotes the identity of the tenant on an authorization\ + \ server.\n " operationId: createWalletUmaPermission parameters: - name: walletId @@ -2423,7 +2620,7 @@ paths: required: true responses: '200': - description: UMA resource permission is created on an authorization server. + description: UMA resource permission is created on an authorization server '400': description: Invalid request parameters content: @@ -2451,6 +2648,10 @@ paths: - Wallet Management summary: Delete a UMA resource permission on an authorization server for the wallet. + description: "Remove a UMA resource permission on an authorization server for\ + \ the wallet.\nThis remove the wallet permission to the specified `subject`,\ + \ where the `subject` denotes the identity of the tenant on an authorization\ + \ server.\n " operationId: deleteWalletUmaPermission parameters: - name: walletId @@ -2622,7 +2823,7 @@ components: properties: invitation: type: string - description: The base64-encoded raw invitation. + description: The base64-encoded raw out-of-band invitation. example: eyJAaWQiOiIzZmE4NWY2NC01NzE3LTQ1NjItYjNmYy0yYzk2M2Y2NmFmYTYiLCJAdHlwZSI6Imh0dHBzOi8vZGlkY29tbS5vcmcvbXktZmFtaWx5LzEuMC9teS1tZXNzYWdlLXR5cGUiLCJkaWQiOiJXZ1d4cXp0ck5vb0c5MlJYdnhTVFd2IiwiaW1hZ2VVcmwiOiJodHRwOi8vMTkyLjE2OC41Ni4xMDEvaW1nL2xvZ28uanBnIiwibGFiZWwiOiJCb2IiLCJyZWNpcGllbnRLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInJvdXRpbmdLZXlzIjpbIkgzQzJBVnZMTXY2Z21NTmFtM3VWQWpacGZrY0pDd0R3blpuNnozd1htcVBWIl0sInNlcnZpY2VFbmRwb2ludCI6Imh0dHA6Ly8xOTIuMTY4LjU2LjEwMTo4MDIwIn0= AcceptCredentialOfferRequest: type: object @@ -2709,7 +2910,7 @@ components: type: string description: A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message. - example: To issue a Peter College Graduate credential + example: To issue a Faber College Graduate credential myDid: type: string description: The DID representing me as the inviter or invitee in this specific @@ -2811,27 +3012,36 @@ components: type: array items: $ref: '#/components/schemas/Connection' - description: '' + description: "\nArray of resources (Connection)\nA sequence of Connection\ + \ resources representing the list of connections that the paginated response\ + \ contains.\n " example: [] kind: type: string - description: '' + description: A string that identifies the type of resource being returned + in the response. example: ConnectionsPage self: type: string - description: '' + description: The URL that uniquely identifies the resource being returned + in the response. example: /prism-agent/connections?offset=10&limit=10 pageOf: type: string - description: '' + description: A string field indicating the type of resource that the contents + field contains. example: '' next: type: string - description: '' + description: An optional string field containing the URL of the next page + of results. If the API response does not contain any more pages, this + field should be set to None. example: /prism-agent/connections?offset=20&limit=10 previous: type: string - description: '' + description: An optional string field containing the URL of the previous + page of results. If the API response is the first page of results, this + field should be set to None. example: /prism-agent/connections?offset=0&limit=10 CreateConnectionRequest: type: object @@ -2850,7 +3060,7 @@ components: type: string description: A self-attested string that the receiver may want to display to the user about the context-specific goal of the out-of-band message. - example: To issue a Peter College Graduate credential + example: To issue a Faber College Graduate credential CreateEntityRequest: required: - name @@ -2905,7 +3115,9 @@ components: claims: description: The claims that will be associated with the issued verifiable credential. - example: (firstname,Alice) + example: + firstname: Alice + lastname: Wonderland automaticIssuance: type: boolean description: Specifies whether or not the credential should be automatically @@ -2956,6 +3168,8 @@ components: type: array items: type: string + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 CreateWalletRequest: required: - name @@ -3442,7 +3656,8 @@ components: type: array items: type: string - description: The JSON-LD context for the DID resolution result. + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 id: type: string description: |- @@ -3550,8 +3765,8 @@ components: properties: '@context': type: string - description: The JSON-LD context for the DID resolution result. - example: https://w3id.org/did-resolution/v1 + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 didDocument: $ref: '#/components/schemas/DIDDocument' didDocumentMetadata: @@ -3741,7 +3956,9 @@ components: claims: description: The claims that will be associated with the issued verifiable credential. - example: (firstname,Alice) + example: + firstname: Alice + lastname: Wonderland automaticIssuance: type: boolean description: Specifies whether or not the credential should be automatically @@ -3753,7 +3970,7 @@ components: type: string description: The date and time when the issue credential record was created. format: date-time - example: '2023-12-06T10:40:43.781066302Z' + example: '2024-02-20T15:20:56.701907131Z' updatedAt: type: string description: The date and time when the issue credential record was last @@ -3841,7 +4058,7 @@ components: example: [] Json: description: The service endpoint. Can contain multiple possible values as described - in the [Create DID operation] + in the [Create DID operation](https://github.com/input-output-hk/prism-did-method-spec/blob/main/w3c-spec/PRISM-method.md#create-did) example: https://example.com oneOf: - $ref: '#/components/schemas/Arr' @@ -3862,14 +4079,14 @@ components: example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff longFormDid: type: string - description: A long-form DID. Mandatory when status is not PUBLISHED and - optional when status is PUBLISHED + description: A long-form DID. Mandatory when status is not `PUBLISHED` and + optional when status is `PUBLISHED` example: did:prism:4a5b5cf0a513e83b598bbea25cd6196746747f361a73ef77068268bc9bd732ff:Cr4BCrsBElsKBmF1dGgtMRAEQk8KCXNlY3AyNTZrMRIg0opTuxu-zt6aRbT1tPniG4eu4CYsQPM3rrLzvzNiNgwaIIFTnyT2N4U7qCQ78qtWC3-p0el6Hvv8qxG5uuEw-WgMElwKB21hc3RlcjAQAUJPCglzZWNwMjU2azESIKhBU0eCOO6Vinz_8vhtFSAhYYqrkEXC8PHGxkuIUev8GiAydFHLXb7c22A1Uj_PR21NZp6BCDQqNq2xd244txRgsQ status: type: string description: |- - A status indicating a publication state of a DID in the wallet (e.g. PUBLICATION_PENDING, PUBLISHED). - Does not represent DID a full lifecyle (e.g. deactivated, recovered, updated). + A status indicating a publication state of a DID in the wallet (e.g. `PUBLICATION_PENDING`, `PUBLISHED`). + Does not represent DID a lifecyle (e.g. `deactivated`, `recovered`, `updated`). example: CREATED ManagedDIDKeyTemplate: required: @@ -3883,7 +4100,7 @@ components: example: key-1 purpose: $ref: '#/components/schemas/Purpose' - description: key-pair template to add to DID document. + description: A key-pair template to add to DID document. ManagedDIDPage: required: - self @@ -3943,6 +4160,8 @@ components: type: array items: type: string + description: The JSON-LD context describing the JSON document + example: https://didcomm.org/messaging/contexts/v2 PresentationStatus: required: - presentationId @@ -4276,7 +4495,7 @@ components: description: Service type. Can contain multiple possible values as described in the [Create DID operation](https://github.com/input-output-hk/prism-did-method-spec/blob/main/w3c-spec/PRISM-method.md#create-did) under the construction section. - example: Single(LinkedDomains) + example: LinkedDomains oneOf: - type: array items: @@ -4284,7 +4503,7 @@ components: - type: string serviceEndpoint: $ref: '#/components/schemas/Json' - description: A service expressed in the DID document. https://www.w3.org/TR/did-core/#services + description: A service that should appear in the DID document. https://www.w3.org/TR/did-core/#services Str: required: - value @@ -4387,7 +4606,58 @@ components: publicKeyJwk: $ref: '#/components/schemas/PublicKeyJwk' description: A cryptographic public key expressed in the DID document. https://www.w3.org/TR/did-core/#verification-methods - VerificationPolicy: + VerificationPolicyConstraint: + required: + - schemaId + type: object + properties: + schemaId: + type: string + description: The schema ID of the credential that is being verified. + example: https://example.com/driving-license-1.0 + minLength: 1 + trustedIssuers: + type: array + items: + type: string + description: A list of DIDs of the trusted issuers. + example: + - did:example:123456789abcdefghi + VerificationPolicyInput: + required: + - name + - description + type: object + properties: + id: + type: string + description: A unique identifier to address the verification policy instance. + UUID is generated by the backend. + format: uuid + example: 0527aea1-d131-3948-a34d-03af39aba8b5 + name: + type: string + description: A human-readable name for the verification policy. The `name` + cannot be empty. + example: Trusted Issuers Verification Policy + minLength: 1 + description: + type: string + description: A human-readable description of the verification policy. + example: Verification policy that checks if the credential was issued by + a trusted issuer. + constraints: + type: array + items: + $ref: '#/components/schemas/VerificationPolicyConstraint' + description: The object that describes the constraints of the verification + policy. Each constraint is a tuple of the `schemaId` and a set of DIDs + of the trusted issuers. + example: + - schemaId: https://example.com/driving-license-1.0 + trustedIssuers: + - did:example:123456789abcdefghi + VerificationPolicyResponse: required: - self - kind @@ -4401,57 +4671,61 @@ components: properties: self: type: string + description: The URL that uniquely identifies the resource being returned + in the response. + example: /prism-agent/verification/policies/0527aea1-d131-3948-a34d-03af39aba8b4 kind: type: string + description: A string that identifies the type of resource being returned + in the response. + example: VerificationPolicy id: type: string + description: A unique identifier to address the verification policy instance. + UUID is generated by the backend. format: uuid + example: 0527aea1-d131-3948-a34d-03af39aba8b5 nonce: type: integer + description: A number that is changed every time the verification policy + is updated. format: int32 + example: 1234 name: type: string + description: A human-readable name for the verification policy. The `name` + cannot be empty. + example: Trusted Issuers Verification Policy + minLength: 1 description: type: string + description: A human-readable description of the verification policy. + example: Verification policy that checks if the credential was issued by + a trusted issuer. createdAt: type: string + description: '[RFC3339](https://www.rfc-editor.org/rfc/rfc3339) date on + which the verification policy was created.' format: date-time + example: 2022-03-10T12:00Z updatedAt: type: string + description: '[RFC3339](https://www.rfc-editor.org/rfc/rfc3339) date on + which the verification policy was updated.' format: date-time + example: 2022-03-10T12:00Z constraints: type: array items: $ref: '#/components/schemas/VerificationPolicyConstraint' - VerificationPolicyConstraint: - required: - - schemaId - type: object - properties: - schemaId: - type: string - trustedIssuers: - type: array - items: - type: string - VerificationPolicyInput: - required: - - name - - description - type: object - properties: - id: - type: string - format: uuid - name: - type: string - description: - type: string - constraints: - type: array - items: - $ref: '#/components/schemas/VerificationPolicyConstraint' - VerificationPolicyPage: + description: The object that describes the constraints of the verification + policy. Each constraint is a tuple of the `schemaId` and a set of DIDs + of the trusted issuers. + example: + - schemaId: https://example.com/driving-license-1.0 + trustedIssuers: + - did:example:123456789abcdefghi + VerificationPolicyResponsePage: required: - self - kind @@ -4460,18 +4734,51 @@ components: properties: self: type: string + description: The URL that uniquely identifies the resource being returned + in the response. + example: /prism-agent/verification/policies?name=Trusted&offset=0&limit=10 kind: type: string + description: A string that identifies the type of resource being returned + in the response. + example: VerificationPolicyPage pageOf: type: string + description: A string field indicating the type of resource that the contents + field contains + example: /prism-agent/verification/policies next: type: string + description: An optional string field containing the URL of the next page + of results. If the API response does not contain any more pages, this + field should be set to None. + example: /prism-agent/verification/policies?skip=20&limit=10 previous: type: string + description: An optional string field containing the URL of the previous + page of results. If the API response is the first page of results, this + field should be set to None. + example: /prism-agent/verification/policies?skip=0&limit=10 contents: type: array items: - $ref: '#/components/schemas/VerificationPolicy' + $ref: '#/components/schemas/VerificationPolicyResponse' + description: A sequence of VerificationPolicyResponse objects representing + the list of verification policies that the paginated response contains + example: + - self: /prism-agent/verification/policies + kind: VerificationPolicy + id: 0527aea1-d131-3948-a34d-03af39aba8b4 + nonce: 0 + name: Trusted Issuers Verification Policy + description: Verification policy that checks if the credential was issued + by a trusted issuer. + createdAt: '2022-03-10T12:00:00Z' + updatedAt: '2022-03-10T12:00:00Z' + constraints: + - schemaId: https://example.com/driving-license-1.0 + trustedIssuers: + - did:example:123456789abcdefghi WalletDetail: required: - id @@ -4566,14 +4873,26 @@ components: items: $ref: '#/components/schemas/WebhookNotification' securitySchemes: - adminApiKeyAuth: - type: apiKey - name: x-admin-api-key - in: header apiKeyAuth: type: apiKey + description: API Key Authentication. The header `apikey` must be set with the + API key. name: apikey in: header + adminApiKeyAuth: + type: apiKey + description: Admin API Key Authentication. The header `x-admin-api-key` must + be set with the Admin API key. + name: x-admin-api-key + in: header jwtAuth: type: http - scheme: bearer + description: JWT Authentication. The header `Authorization` must be set with + the JWT token using `Bearer` scheme + name: Authorization + in: header + scheme: Bearer +security: +- apiKeyAuth: [] + adminApiKeyAuth: [] + jwtAuth: []