Merge pull request #31 from niscy-eudiw/branch-preprod

Minor changes

README.md

@@ -2,6 +2,9 @@
 
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 
+:heavy_exclamation_mark: **Important!** Before you proceed, please read
+the [EUDI Wallet Reference Implementation project description](https://github.com/eu-digital-identity-wallet/.github/blob/main/profile/reference-implementation.md)
+
 
 ### Overview
 
@@ -47,6 +50,30 @@ This version of the EUDIW Issuer supports the [OpenId for Verifiable Credential
 
 You can use the EUDIW Issuer at https://issuer.eudiw.dev/, or install it locally.
 
+
+## :heavy_exclamation_mark: Disclaimer
+
+The released software is a initial development release version:
+
+-   The initial development release is an early endeavor reflecting the efforts of a short timeboxed
+    period, and by no means can be considered as the final product.
+-   The initial development release may be changed substantially over time, might introduce new
+    features but also may change or remove existing ones, potentially breaking compatibility with your
+    existing code.
+-   The initial development release is limited in functional scope.
+-   The initial development release may contain errors or design flaws and other problems that could
+    cause system or other failures and data loss.
+-   The initial development release has reduced security, privacy, availability, and reliability
+    standards relative to future releases. This could make the software slower, less reliable, or more
+    vulnerable to attacks than mature software.
+-   The initial development release is not yet comprehensively documented.
+-   Users of the software must perform sufficient engineering and additional testing in order to
+    properly evaluate their application and determine whether any of the open-sourced components is
+    suitable for use in that application.
+-   We strongly recommend not putting this version of the software into production use.
+-   Only the latest version of the software will be supported
+
+
 ## 1. Installation
 
 Pre-requisites:
@@ -61,10 +88,26 @@ Click [here](install.md) for detailed installation instructions.
 
 Click [here](install.md) for detailed instructions.
 
+## 3. Frequently Asked Questions
+
+### A. How to make your local EUDIW Issuer available on the Internet?
+
+Please see detailed instructions in [install.md](install.md#4-make-your-local-eudiw-issuer-available-on-the-internet-optional).
+
+### B. How to add a new credential to the issuer ?
+
+Please see detailed instructions in [api_docs/add_credential.md](api_docs/add_credential.md).
+
+### C. Can I use my IACA certificate with the EUDIW Issuer?
+
+Yes. You must copy your IACA trusted certificate(s) (in PEM format) to the `trusted_CAs_path` folder. If you don't have an IACA certificate, we provide an example test IACA certificate for the country Utopia (UT).
+
+See more information in [api_docs/configuration.md](api_docs/configuration.md#1-service-configuration).
+
+### D. Can I use my Document Signer private key and certificate with the EUDIW Issuer?
 
-## How to add a new credential to the issuer ?
+Yes. Please follow the instructions in [api_docs/configuration.md](api_docs/configuration.md#2-configuration-of-countries). If you don't have Document Signer private key and certificate, we provide  test private DS keys and certificates, for country Utopia (UT).
 
-Please see detailed instructions in [api_docs/add_credential.md](api_docs/add_credential.md) 
 
 ## How to contribute
 

api_docs/configuration.md

@@ -39,3 +39,18 @@ For configuring the installed [idpy-oidc](https://github.com/IdentityPython/idpy
 
 - domain
 - port
+
+## 4. Metadata configuration
+
+The EUDIW Issuer OAuth2 metadata configuration files are located in ```app/metadata_config/metadata_config.json``` and ```app/metadata_config/openid-configuration.json```
+
+You must change the base URL of the endpoints from ```https://issuer.eudiw.dev``` to a custom one or ``` https://localhost``` if installed locally
+
+Example:
+```json
+"credential_issuer": "{base_url}",
+"credential_endpoint": "{base_url}/credential",
+"batch_credential_endpoint": "{base_url}/batch_credential",
+"notification_endpoint": "{base_url}/notification",
+"deferred_credential_endpoint": "{base_url}/deferred_credential",
+```

app/misc.py

@@ -207,11 +207,6 @@ def scope2details(scope):
                         )
 
     return configuration_ids
-    """ return authentication_error_redirect(
-        jws_token=request.args.get("token"),
-        error="invalid authentication",
-        error_description="Authorization details or scope not supported",
-    ) """
 
 
 def credential_error_resp(error, desc):

app/route_dynamic.py

@@ -336,7 +336,7 @@ def red():
 
         country, jws_token = request.args.get("state").split(".")
         session["jws_token"] = jws_token
-        session["country"] == country
+        session["country"] = country
 
     (v, l) = validate_mandatory_args(request.args, ["code"])
     if not v:  # if not all arguments are available
@@ -808,7 +808,11 @@ def preauthRed():
     url = cfgserv.service_url + "pushed_authorizationv2"
     redirect_url = urllib.parse.quote(cfgserv.service_url) + "preauth-code"
 
-    payload = "response_type=code&state=af0ifjsldkj&client_id=ID&redirect_uri=" + redirect_url + "&code_challenge=-ciaVij0VMswVfqm3_GK758-_dAI0E9i97hu1SAOiFQ&code_challenge_method=S256&authorization_details=%5B%0A%20%20%7B%0A%20%20%20%20%22type%22%3A%20%22openid_credential%22%2C%0A%20%20%20%20%22credential_configuration_id%22%3A%20%22eu.europa.ec.eudi.loyalty_mdoc%22%0A%20%20%7D%0A%5D"
+    payload = (
+        "response_type=code&state=af0ifjsldkj&client_id=ID&redirect_uri="
+        + redirect_url
+        + "&code_challenge=-ciaVij0VMswVfqm3_GK758-_dAI0E9i97hu1SAOiFQ&code_challenge_method=S256&authorization_details=%5B%0A%20%20%7B%0A%20%20%20%20%22type%22%3A%20%22openid_credential%22%2C%0A%20%20%20%20%22credential_configuration_id%22%3A%20%22eu.europa.ec.eudi.loyalty_mdoc%22%0A%20%20%7D%0A%5D"
+    )
     headers = {"Content-Type": "application/x-www-form-urlencoded"}
 
     response = requests.request("POST", url, headers=headers, data=payload)