Backend Setup
Backend Setup
Getting Code for Backend
Visit the following github url and clone the code. Navigate to demo-donor-registry folder
Setting up a Registry Instance
Navigate into demo-donor-registry folder and run the following command
This will start all the required services.
Setting up Keycloak
Once all the services are started, Go to the browser and open localhost:8080. This will open up the keycloak admin portal. Use username as admin and password as admin.
Once logged in, navigate to clients. Select admin-api. Go to the credentials tab and click on regenerate secret. Copy this secret. Create a .env file in the project repo and add KEYCLOAK_SECRET as a environment variable with the value of the secret in the following format
KEYCLOAK_SECRET=<copied_secret>
Again navigate to the keycloak homepage. Navigate to the Clients tab in the left subsection. Click on the Create button available on the right side of the screen. Enter client ID as donor-service. Client Protocol as openid-connect and click on save button.
This will create a new client named donor-service in keycloak. This will be used to communicate with the registry from the donor-service microservice.
Once the client is created, you will see the donor-service clients configurations. Change the access type to confidential and enable the toggle button for Service Accounts Enabled. Add appropriate redirect URL where you have hosted your UI
After the client configurations are saved, in the top tabs section you will see a credentials tab. Open that and copy the client secret present in that input box and add a environment variable in .env file as follows
Recreate registry so that it reflects the keycloak secrets. This can be done using
Keycloak Configurations :-
If you want to enable sending sms with OTP, you will need to add following configurations
Restart keycloak after changing any of the above ENV
If any service has not started you can recreate that service with the same command
Other Services
Donor Service
You need to have access to sandbox environment of https://healthid.abdm.gov.in and you should have access to abdm APIs from this.
Sandbox environment will have the URL of https://healthidsbx.abdm.gov.in/.
Following are the configurations needed for donor-service
Code -> https://github.com/Sunbird-RC/demo-donor-registry/tree/main/backend/donor-service Configs ->
Certificate signer -> certificate-signer
Code ->
https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/services/certificate-signer
Configs ->
https://docs.sunbirdrc.dev/developer-documentation/configuration#certificate-signer-service
Signing Keys
You can place your signing keys in the document in the path
demo-donor-registry/imports/config.json. Based on the issuer’s name, the key will be picked in order to create signed credentials. Sample for the keys is as follows for scholarship as a issuer
Notification service -> notification-ms
Technical ->
Code ->
https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/services/notification-service
Configs ->
https://docs.sunbirdrc.dev/developer-documentation/configuration#notification-service
Certificate/Presentation service -> certificate-api
Technical ->
Code ->
https://github.com/Sunbird-RC/sunbird-rc-core/tree/main/services/certificate-api
Configs ->
https://docs.sunbirdrc.dev/developer-documentation/configuration#certificate-api-service
Certificate PDF Service
This service will take a template as a pdf and return a pdf with the actual certificate.
Technical ->
Code -> https://github.com/Sunbird-RC/demo-donor-registry/tree/main/backend/certificate-pdf-service
Notification Service ->
Used to send notifications
Technical ->
Code -> https://github.com/Sunbird-RC/demo-donor-registry/tree/main/backend/notification-service Configs ->
Claims -> Claim Service
Elastic Search -> Elastic Search
MinIO -> File storage
Verification Service
Verification of credential refers to verifying the authenticity of the credential that the actor possesses. When a credential is issued, it is signed via issuers private key. This can then be verified by an issuer's public key which is made available to whoever is trying to verify the credentials. This is taken care by certificate-signer service. Certificate signer service provides an API which takes signed Credentials as input. From the issuer name, it fetches the public key of the issuer. Using this public key, the verifier verifies the authenticity of the credential.
Refer to this API
Last updated