Merge branch 'main' into fix/ios-build

.github/workflows/release.yml

@@ -36,6 +36,7 @@ jobs:
       deployment: prod
       namespace: default
       portals: portals
+      kubeconfig_secret: NL_KUBE_CONFIG
   tag:
     uses: walt-id/waltid-identity/.github/workflows/tag.yml@266f5c09359450c39019a6da38f2b331e7122918
     needs: [ version, deploy ]

.run/Issuer.run.xml

@@ -5,7 +5,7 @@
     <option name="MAIN_CLASS_NAME" value="id.walt.issuer.MainKt" />
     <module name="waltid-identity.waltid-services.waltid-issuer-api.main" />
     <option name="PROGRAM_PARAMETERS" value="-l trace" />
-    <shortenClasspath name="NONE" />
+    <shortenClasspath name="ARGS_FILE" />
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/waltid-services/waltid-issuer-api" />
     <method v="2">
       <option name="Make" enabled="true" />

.run/Web wallet backend.run.xml

@@ -1,14 +1,14 @@
 <component name="ProjectRunConfigurationManager">
-    <configuration default="false" name="Web wallet backend" type="JetRunConfigurationType">
-        <option name="ALTERNATIVE_JRE_PATH" value="21"/>
-        <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="true"/>
-        <option name="MAIN_CLASS_NAME" value="id.walt.webwallet.MainKt"/>
-        <module name="id.walt.waltid-identity.waltid-services.waltid-wallet-api.main"/>
-        <option name="PROGRAM_PARAMETERS" value="--logLevel=trace"/>
-        <shortenClasspath name="NONE"/>
-        <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/waltid-services/waltid-wallet-api"/>
-        <method v="2">
-            <option name="Make" enabled="true"/>
-        </method>
-    </configuration>
-</component>
+  <configuration default="false" name="Web wallet backend" type="JetRunConfigurationType">
+    <option name="ALTERNATIVE_JRE_PATH" value="21" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="true" />
+    <option name="MAIN_CLASS_NAME" value="id.walt.webwallet.MainKt" />
+    <module name="waltid-identity.waltid-services.waltid-wallet-api.main" />
+    <option name="PROGRAM_PARAMETERS" value="--logLevel=trace" />
+    <shortenClasspath name="NONE" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/waltid-services/waltid-wallet-api" />
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
+</component>

README.md

@@ -28,8 +28,10 @@ Available for Kotlin/Java and JavaScript environments.
   implementation of the OID4VCI and OIDC4VP protocols.
 - **SD-JWT** ([GitHub](https://github.com/walt-id/waltid-identity/tree/main/waltid-libraries/sdjwt/waltid-sdjwt)) -
   create and verify Selective Disclosure JWTs.
+- **Ktor-Authnz** ([GitHub](https://github.com/walt-id/waltid-identity/tree/main/waltid-libraries/auth/waltid-ktor-authnz)) - Add various authentication methods (OIDC, Email/Password, ...) to Ktor projects.
+- **Permissions** ([GitHub](https://github.com/walt-id/waltid-identity/tree/main/waltid-libraries/auth/waltid-permissions)) - Enable fine-grained authorisation patterns in applications with waltid-permissions.
 
-### Services
+### REST Services
 
 A set of APIs to build issuer, verifier, and wallet capabilities into any app.
 
@@ -44,27 +46,42 @@ A set of APIs to build issuer, verifier, and wallet capabilities into any app.
 
 A set of white-label apps to get started in no time.
 
-- [Web-Wallet](https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-web-wallet) - A custodial web-wallet (PWA)
-  solution for credentials and tokens.
-- [Portal](https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-web-portal) - An issuer and verifier portal for
-  credentials, which are managed [here](https://github.com/walt-id/waltid-credentials).
+- **Web-Wallets** ([Demo](https://wallet.walt.id/login) | [Docs](https://docs.walt.id/community-stack/wallet/apps/web-wallet/overview) | [GitHub](https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-web-wallet)) - Custodial web-wallet (PWA) solutions for credentials and tokens.
+- **Portal** ([Demo](https://portal.walt.id/) | [Docs](https://docs.walt.id/community-stack/issuer/apps/portal/overview) | [GitHub](https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-web-portal)) - An issuer and verifier portal for credentials, which are managed [here](https://github.com/walt-id/waltid-credentials).
 
-## Use Services And Apps
 
-Use the [walt.id identity package](https://github.com/walt-id/waltid-identity/tree/main/docker-compose) to run all APIs and Apps with
-docker:
+## Use REST Services And Apps
+
+Use the [walt.id identity package](https://github.com/walt-id/waltid-identity/tree/main/docker-compose) to run all APIs and Apps with docker:
+
+**Clone walt.id identity**
+
+```bash
+git clone https://github.com/walt-id/waltid-identity.git && cd waltid-identity
+```
+
+**Launch the services**
 
 ```bash
-cd docker-compose && docker-compose up
+cd docker-compose && docker compose up
 ```
 
-Learn more about the exposed ports [here](https://github.com/walt-id/waltid-identity/tree/main/docker-compose).
+Learn more about the docker settings & exposed ports [here](https://github.com/walt-id/waltid-identity/tree/main/docker-compose).
 
 ## Use the Command Line Tool
 
-Use the [walt.id CLI](https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-cli) to run the core functions from
+Use the [walt.id CLI](https://github.com/walt-id/waltid-identity/tree/main/waltid-applications/waltid-cli) to run the
+core functions from
 the command line. Make sure you have your Java Runtime set up.
 
+**Clone walt.id identity**
+
+```bash
+git clone https://github.com/walt-id/waltid-identity.git && cd waltid-identity
+```
+
+**Access CLI**
+
 ```bash
 cd waltid-applications/waltid-cli && ./waltid-cli.sh
 ```
@@ -74,15 +91,12 @@ cd waltid-applications/waltid-cli && ./waltid-cli.sh
 The walt.id identity repo is part of The Community Stack, walt.id's collection of open-source products to build identity and wallet
 solutions. Learn more [here](https://walt.id/blog/p/community-stack).
 
-![waltid-identity-architecture](https://github.com/user-attachments/assets/0400118b-3a38-421e-91dc-7293f6a44b6c)
+![waltid-identity-architecture](https://github.com/user-attachments/assets/98c020fe-dc37-46fd-9886-613ee8fc8760)
 
 ## Join the community
 
-* Connect and get the latest updates: <a href="https://discord.gg/AW8AgqJthZ">Discord</a> | <a href="https://walt.id/newsletter">
-  Newsletter</a> | <a href="https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA">
-  YouTube</a> | <a href="https://mobile.twitter.com/walt_id" target="_blank">Twitter</a>
-* Get help, request features and report bugs: <a href="https://github.com/walt-id/.github/discussions" target="_blank">GitHub
-  Discussions</a>
+* Connect and get the latest updates: [Discord](https://discord.gg/AW8AgqJthZ) | [Newsletter](https://walt.id/newsletter) | [YouTube](https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA) | [Twitter](https://mobile.twitter.com/walt_id)
+* Get help, request features and report bugs: [GitHub Issues ](https://github.com/walt-id/waltid-identity/issues)
 
 ## License
 

build.gradle.kts

@@ -21,11 +21,11 @@ plugins {
 
     kotlin("plugin.serialization") version kotlinVersion apply false
 
-    id("love.forte.plugin.suspend-transform") version "2.1.0-0.10.0" apply false
+    id("love.forte.plugin.suspend-transform") version "2.1.0-0.10.1" apply false
     id("com.android.library") version "8.7.3" apply false
     id("com.android.application") version "8.7.3" apply false
 
-    id("com.github.ben-manes.versions") version "0.51.0" apply false
+    id("com.github.ben-manes.versions") version "0.52.0" apply false
 }
 dependencies {
     implementation(kotlin("stdlib"))

docker-compose/.env

@@ -23,6 +23,6 @@ MSSQL_DB_PORT=1433
 
 #sqlite | postgres | mssql
 DATABASE_ENGINE=postgres
-VERSION_TAG=0.10.0
+VERSION_TAG=0.11.0
 #identity | identity,tse | all
 COMPOSE_PROFILES=identity

docker-compose/wallet-api/config/_features.conf

@@ -1,5 +1,11 @@
 enabledFeatures = [
-    # trusted-ca
+    # external-signature-endpoints,
+    # trusted-ca,
     # entra,
+    # ktor-authnz,
+    # dev-mode
     # ...
 ]
+disabledFeatures = [
+    # auth   # legacy auth
+]

docker-compose/wallet-api/config/ktor-authnz.conf

@@ -0,0 +1,35 @@
+# Will secure login cookies with `Secure` context, enable HTTS and HTTP->HTTPS redirect
+requireHttps = false
+
+# Key (all waltid-crypto supported) to sign login token - has to be key allowing signing (private key)
+signingKey = {"type": "jwk", "jwk": {"kty": "OKP", "d": "z8Lk85rAtfv2RJN_cD_-9nqHHwKTlTQ5_I53LcsHjC4", "use": "sig", "crv": "Ed25519", "x": "Ew76rQJ9gPHCOBOwJlf__Il5IjgSAc3bQ_a8psd-F3E", "alg": "EdDSA"}}
+
+# Key (all waltid-crypto supported) to verify incoming login tokens - public key is ok.
+verificationKey = {"type": "jwk", "jwk": {"kty": "OKP", "d": "z8Lk85rAtfv2RJN_cD_-9nqHHwKTlTQ5_I53LcsHjC4", "use": "sig", "crv": "Ed25519", "x": "Ew76rQJ9gPHCOBOwJlf__Il5IjgSAc3bQ_a8psd-F3E", "alg": "EdDSA"}}
+
+# Provide pepper to use for additional password salting (unique string for your deployment,
+# has to be shared between instances).
+pepper = "waltid"
+
+# Hash algorithm to use for passwords for signing.
+# You can choose from algorithms like: ARGON2, PBKDF2, PBKDF2_COMPRESSED, BCRYPT, SCRYPT, BALLON_HASHING, MESSAGE_DIGEST, NONE
+hashAlgorithm = ARGON2
+
+# Configure the Auth Flow (refer to: waltid-ktor-authnz)
+authFlow = {
+    method: web3
+    expiration: "7d" # optional: Set expiration time for login tokens, e.g. a week
+    ok: true # Auth flow ends successfuly with this step
+}
+
+cookieDomain = null
+
+# If you previously used other (older) password hash algorithms, you
+# can use this function to migrate old hashes to new hash algorithms. This
+# works at login-time: When a user logs in with a password that uses a hash algorithm
+# on this list, the password will be re-hashed in the specified replacement algorithm.
+# If null is used as hash algorithm selector, all algorithms expect for the target
+# algorithm will be converted automatically.
+hashMigrations = {
+    MESSAGE_DIGEST: ARGON2 # E.g.: Convert all the MD5 hashes to Argon2 hashes
+}

waltid-applications/waltid-android/README.md

@@ -1,16 +1,24 @@
-# WALT ID Android Sample Project
-
-This project showcases the capabilities of the WALT ID library, demonstrating how to create keys, sign text, create DIDs (Decentralized Identifiers), and verify signed content.
+<div align="center">
+ <h1>Android Sample Project</h1>
+ <span>by </span><a href="https://walt.id">walt.id</a>
+ <p>Sample project showcasing key & DID creation, text signing, and signed content verification.<p>
+
+<a href="https://walt.id/community">
+<img src="https://img.shields.io/badge/Join-The Community-blue.svg?style=flat" alt="Join community!" />
+</a>
+<a href="https://twitter.com/intent/follow?screen_name=walt_id">
+<img src="https://img.shields.io/twitter/follow/walt_id.svg?label=Follow%20@walt_id" alt="Follow @walt_id" />
+</a>
 
 ## Features
 
-1. **Key Generation**: The application allows you to generate keys using different algorithms such as RSA and Secp256r1.
+1. **Key Generation**: Generate keys using different algorithms (RSA, Secp256r1).
 
-2. **Signing Text**: You can sign any text using the generated keys. The application supports both raw and JWS signing options.
+2. **Text Signing**: Sign text with RAW or JWS signing options. 
 
-3. **DID Creation**: The application can generate DIDs using the generated keys. It supports both 'key' and 'jwk' methods for DID creation.
+3. **DID Creation**: Create DIDs (did:key, did:jwk) based on generated keys. 
 
-4. **Verification**: The application can verify the signed text using the generated keys and DIDs.
+4. **Verification**: Verify signed text using generated keys and DIDs.
 
 ## Screenshots
 
@@ -26,8 +34,8 @@ This project showcases the capabilities of the WALT ID library, demonstrating ho
 
 ## Join the community
 
-* Connect and get the latest updates: <a href="https://discord.gg/AW8AgqJthZ">Discord</a> | <a href="https://walt.id/newsletter">Newsletter</a> | <a href="https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA">YouTube</a> | <a href="https://mobile.twitter.com/walt_id" target="_blank">Twitter</a>
-* Get help, request features and report bugs: <a href="https://github.com/walt-id/.github/discussions" target="_blank">GitHub Discussions</a>
+* Connect and get the latest updates: [Discord](https://discord.gg/AW8AgqJthZ) | [Newsletter](https://walt.id/newsletter) | [YouTube](https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA) | [Twitter](https://mobile.twitter.com/walt_id)
+* Get help, request features and report bugs: [GitHub Issues ](https://github.com/walt-id/waltid-identity/issues)
 
 ## License
 

waltid-applications/waltid-web-portal/README.md

@@ -48,8 +48,8 @@ docker run -p 7102:7102 -i -t waltid/portal
 
 ## Join the community
 
-* Connect and get the latest updates: <a href="https://discord.gg/AW8AgqJthZ">Discord</a> | <a href="https://walt.id/newsletter">Newsletter</a> | <a href="https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA">YouTube</a> | <a href="https://mobile.twitter.com/walt_id" target="_blank">Twitter</a>
-* Get help, request features and report bugs: <a href="https://github.com/walt-id/.github/discussions" target="_blank">GitHub Discussions</a>
+* Connect and get the latest updates: [Discord](https://discord.gg/AW8AgqJthZ) | [Newsletter](https://walt.id/newsletter) | [YouTube](https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA) | [Twitter](https://mobile.twitter.com/walt_id)
+* Get help, request features and report bugs: [GitHub Issues ](https://github.com/walt-id/waltid-identity/issues)
 
 ## License
 

waltid-applications/waltid-web-portal/k8s/deployment-dev.yaml

@@ -21,7 +21,7 @@ spec:
           imagePullPolicy: Always
           env:
             - name: NEXT_PUBLIC_VC_REPO
-              value: "https://vc-repo.walt-test.cloud"
+              value: "https://credentials.test.waltid.cloud"
             - name: NEXT_PUBLIC_ISSUER
               value: "https://issuer.portal.test.waltid.cloud"
             - name: NEXT_PUBLIC_VERIFIER

waltid-applications/waltid-web-portal/pages/verify/index.tsx

@@ -41,11 +41,18 @@ export default function Verification() {
         return false;
       });
 
+      const standardVersion = 'draft13'; // ['draft13', 'draft11']
+      const issuerMetadataConfigSelector = {
+        'draft13': 'credential_configurations_supported',
+        'draft11': 'credentials_supported',
+      }
+
+      const issuerMetadata = await axios.get(`${env.NEXT_PUBLIC_ISSUER ? env.NEXT_PUBLIC_ISSUER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_ISSUER}/${standardVersion}/.well-known/openid-credential-issuer`);
       const request_credentials = credentials.map((credential) => {
         if (mapFormat(format) === 'vc+sd-jwt') {
-          let url = `${env.NEXT_PUBLIC_ISSUER ? env.NEXT_PUBLIC_ISSUER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_ISSUER}`;
+          let url = issuerMetadata.data[issuerMetadataConfigSelector[standardVersion]][`${credential.offer.type[credential.offer.type.length - 1]}_vc+sd-jwt`].vct;
           return {
-            vct: `${url}/${credential.offer.type[credential.offer.type.length - 1]}`,
+            vct: url,
             format: mapFormat(format),
           };
         } else {
@@ -75,7 +82,7 @@ export default function Verification() {
 
       const response = await axios.post(
         `${env.NEXT_PUBLIC_VERIFIER ? env.NEXT_PUBLIC_VERIFIER : nextConfig.publicRuntimeConfig!.NEXT_PUBLIC_VERIFIER}/openid4vc/verify`,
-          requestBody,
+        requestBody,
         {
           headers: {
             successRedirectUri: `${window.location.origin}/success/$id`,

waltid-applications/waltid-web-wallet/README.md

@@ -66,8 +66,8 @@ Features are provided by our libraries SSI-Kit and NFT-Kit to enable SSI and NFT
 
 ## Join the community
 
-* Connect and get the latest updates: <a href="https://discord.gg/AW8AgqJthZ">Discord</a> | <a href="https://walt.id/newsletter">Newsletter</a> | <a href="https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA">YouTube</a> | <a href="https://mobile.twitter.com/walt_id" target="_blank">Twitter</a>
-* Get help, request features and report bugs: <a href="https://github.com/walt-id/.github/discussions" target="_blank">GitHub Discussions</a>
+* Connect and get the latest updates: [Discord](https://discord.gg/AW8AgqJthZ) | [Newsletter](https://walt.id/newsletter) | [YouTube](https://www.youtube.com/channel/UCXfOzrv3PIvmur_CmwwmdLA) | [Twitter](https://mobile.twitter.com/walt_id)
+* Get help, request features and report bugs: [GitHub Issues ](https://github.com/walt-id/waltid-identity/issues)
 
 ## License
 

waltid-applications/waltid-web-wallet/apps/waltid-demo-wallet/src/layouts/default-reduced-nav.vue

@@ -234,7 +234,7 @@
                   <!-- src="https://images.unsplash.com/photo-1494790108377-be9c29b29330?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80"/> -->
                   <span
                     class="ml-3 hidden text-sm font-medium text-gray-700 lg:block"
-                    >{{ user.email }}</span
+                    >{{ user.friendlyName }}</span
                   >
                   <ChevronDownIcon
                     aria-hidden="true"

waltid-applications/waltid-web-wallet/apps/waltid-demo-wallet/src/layouts/default.vue

@@ -269,7 +269,7 @@
                   <!-- src="https://images.unsplash.com/photo-1494790108377-be9c29b29330?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=facearea&facepad=2&w=256&h=256&q=80"/> -->
                   <span
                     class="ml-3 hidden text-sm font-medium text-gray-700 lg:block"
-                    >{{ user.email }}</span
+                    >{{ user.friendlyName }}</span
                   >
                   <ChevronDownIcon
                     aria-hidden="true"