Sunbird RC
v0.0.14
v0.0.14
  • Learn
    • Introduction
    • Verifiable Credentials
      • What issues will Verifiable Credentials address?
      • What are the key roles in Verifiable Credentials?
      • What are the components of Verifiable Credentials?
      • What are the benefits of Verifiable Credentials?
      • Digital Credentials vs Verifiable Credentials
      • QR code vs Verifiable QR code
      • Use Cases
    • Electronic Registries
      • Evolution of Electronic Registries
      • What issues will Electronic Registries address?
      • Benefits of Electronic Registries
      • Registry vs Database
      • Design Principles
      • Use Cases
    • Sunbird RC Overview
      • Features
      • Core Registry Verbs
      • Why do we need Sunbird RC?
      • What Sunbird RC is and what it's not? (WIP)
      • Core Capabilities
      • Technical Specification Draft
      • Workflows
      • High level architecture
    • Sunbird RC in action
      • Implementations (Work in Progress)
      • Possibilities
  • Use
    • Technical Requirements
    • Releases
    • Setup the Backend
    • Setup the Frontend
    • Leveraging Existing data stores
    • SSO with existing systems
      • Digilocker Meripehchaan SSO
  • Developer Documentation
    • Installation Guide
      • Registry CLI
        • Setup A Registry Instance
      • Manual installation through docker-compose
      • Production setup through Helm
    • Introduction To Schemas
    • Creating Your Own Schemas
    • Schema Configuration
    • Using The APIs
    • Create Schemas With Custom Password
    • Admin Portal
      • Login
      • Get Started
        • Create Schema
        • Attestation Workflows (WIP)
        • VC Template
          • Custom VC Template (WIP)
        • Ownership (WIP)
        • Publish (WIP)
      • Dashboard
    • Configuration
    • Developer Setup
    • VC Verification Module
    • Audit Configuration
    • Custom Keycloak Build
    • Metrics
    • Digilocker Integration
    • Custom QR Code design
    • Notifications Configuration
    • View Templates Configuration
    • Generic Identity And Access Management
    • Backup and Restore
      • PostgreSQL
        • SQL Dump
        • File System Level Backup
        • Continuous Archiving and Point-in-Time Recovery (PITR)
      • Cassandra
        • Snapshot-based backup method
        • Incremental backup method
        • Data Restore
    • Frontend Configurations
    • Frontend - Proxy configuration
  • API Reference
    • Registry
      • Create An Entity
      • Invite An Entity
      • Generate token
      • Generate admin token
      • Get An Entity
      • Get An Entity By Id
      • Update An Entity
      • Create A Property Of An Entity
      • Update A Property Of An Entity
      • Revoke a Credential
      • Delete An Entity
    • Schema
      • Create Schema
      • Get Schema
      • Update Schema
      • Delete Schema
      • Publish A Schema
    • Attestation API
      • Raise An Attestation
      • Get Attestation Certificate
    • Claims API
      • Get All Claims
      • Get Claim by ID
      • Attest A Claim
    • Discovery API
      • Search An Entity
    • File Storage API
      • Upload A File
      • Get Uploaded File
      • Delete A File/ Multiple Files
    • Bulk Issuance API
      • Get Sample Template
      • Upload CSV
      • Get all uploaded Files
      • Download a Report File
    • Metrics APIs
      • Get Count
      • Get Aggregates
    • Other APIs
      • Sign API
      • Verify API
      • Swagger JSON API
      • Health API
  • Reference Solutions
    • Education
      • Education Ecosystem
        • Installation
      • Education Registries
        • Installation
    • Certificate Issuance
      • Installation(WIP)
      • User Guide
    • eLocker
      • High Level Diagram
      • Installation (WIP)
        • Frontend Setup E-locker
      • User Guide
    • Health Registries
      • Organ Registries
        • Frontend Setup
        • Backend Setup
        • User Guide
    • Vaccination Platform
    • Skills & Work Credentials
    • Govt to Person (G2P)
    • Unified Learners Passport (ULP)
      • ULP Capabilities
      • Example Scenario
      • Technical Components (WIP)
      • Demo/Sandbox Links (WIP)
      • Installation Guide (WIP)
        • Frontend Setup
        • Installation through docker-compose
        • Dummy records setup for refrence
  • Links
    • Source Code
    • Releases & Changelogs
    • Website
    • Roadmap
    • Reference links
    • Design
  • Community
    • Discussion Forum
    • Contributing
    • Contributors
    • Contribution Guidebook
    • Code of Conduct
    • Community Events
    • Status By Track
  • HELP
    • Roadmap
    • FAQs
    • Glossary
Powered by GitBook

Copyright (c) 2023 EkStep Foundation under MIT License

On this page
  • Configuring A Schema
  • Inviting An Entity
  • Getting the Access Token
  • Retrieving An Entity
  1. Developer Documentation

Create Schemas With Custom Password

PreviousUsing The APIsNextAdmin Portal

Last updated 1 year ago

This page demonstrates how to configure the schemas to allow entities to set their own password and walks you through the create and invite Registry APIs using the example of a Student to set the password.

Configuring A Schema

We can create a schema in the registry using the and using JSON schema files as well

Here we are creating a Student schema, we would configure as following

{
	"$schema": "http://json-schema.org/draft-07/schema",
	"type": "object",
	"properties": { "Student": { "$ref": "#/definitions/Student" } },
	"required": ["Student"],
	"title": "Student",
	"definitions": {
		"Student": {
			"$id": "#/properties/Student",
			"type": "object",
			"title": "Studentschema",
			"required": ["name", "phoneNumber", "email", "school"],
			"uniqueIndexFields": ["phoneNumber"],
			"properties": {
				"name": { "type": "string" },
				"phoneNumber": { "type": "string" },
				"email": { "type": "string" },
				"school": { "type": "string" },
				// this field will be considered as password
				"password": { "type": "string", "minLength": 8 }
			}
		}
	},
	"_osConfig": {
		"ownershipAttributes": [
			{
				"email": "/email",
				"mobile": "/phoneNumber",
				"userId": "/phoneNumber",
				// password ownership attribute required
				//  to map field to password
				"password": "/password"
			}
		],
		"inviteRoles": ["anonymous"]
	}
}

Note: _Password will only be used while creation of the Student object and Updating password using update entity API Endpoint is not supported._

Note: _If the user is already created by another entity, the password will not be updated to the existing user account._

Inviting An Entity

To create a Student entity named Pranav Agate, we would make the following API call:

cURL

curl --location \
	--request 'POST' \
	--header 'content-type: application/json' \
	--data-raw '{
		"name": "Pranav Agate",
		"phoneNumber": "1234567890",
		"email": "pranav@upps.in",
		"school": "UP Public School",
		"password": "pranav@1234"
	}' \
	'http://localhost:8081/api/v1/Student/invite'

HTTPie

echo '{
	"name": "Pranav Agate",
	"phoneNumber": "1234567890",
	"email": "pranav@upps.in",
	"school": "UP Public School",
	"password": "pranav@1234"
}' | http post \
	'http://localhost:8081/api/v1/Student/invite' \
	'content-type: application/json'

This will store the entity in the registry, create the user account in IAM (keycloak) with given password for the Student and return the following object:

{
	"id": "open-saber.registry.invite",
	"ver": "1.0",
	"ets": 1634198998956,
	"params": {
		"resmsgid": "",
		"msgid": "3ee6a76f-d6c8-4262-a7ee-ddbe66fcb127",
		"err": "",
		"status": "SUCCESSFUL",
		"errmsg": ""
	},
	"responseCode": "OK",
	"result": { "Student": { "osid": "1-9d6099fc-2c01-4714-bceb-55ff28c482f9" } }
}

Getting the Access Token

So to authenticate as the Student entity we just created, we would make the following API call:

cURL

curl --location \
	--request POST \
	--header 'content-type: application/x-www-form-urlencoded' \
	--data 'client_id=registry-frontend' \
	--data 'username=1234567890' \
	--data 'password=pranav@1234' \
	--data 'grant_type=password' \
	'http://localhost:8080/auth/realms/sunbird-rc/protocol/openid-connect/token'

HTTPie

http --form post \
	'http://localhost:8080/auth/realms/sunbird-rc/protocol/openid-connect/token' \
	'content-type: application/x-www-form-urlencoded' \
	'client_id=registry-frontend' \
	'username=1234567890' \
	'password=pranav@1234' \
	'grant_type=password'

Here, registry-frontend is the pre-configured client we use to make requests to keycloak and pranav@1234 is the password for the Student entity, we created.

This API call should return a JSON object as follows:

{
	"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lk...2cSSaBKuB58I2OYDGw",
	"expires_in": 300,
	"not-before-policy": 0,
	"refresh_expires_in": 1800,
	"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lk...9HulwVv12bBDUdU_nidZXo",
	"scope": "email profile",
	"session_state": "300f8a46-e430-4fd6-92aa-a2d337d7343e",
	"token_type": "Bearer"
}

Retrieving An Entity

So to retrieve the entity we created earlier, we would make the following request:

cURL

curl --location \
	--request GET \
	--header 'content-type: application/json' \
	--header 'authorization: bearer {access-token}' \
	'http://localhost:8081/api/v1/Student'

HTTPie

http get \
	'http://localhost:8081/api/v1/Student' \
	'authorization: bearer {access-token}'

Replace the {id} above with the entity's osid you saved from the create entity request. Replace the {access-token} with the Student entity's access token from the consent/authentication step.

This will return the entity's JSON representation as follows:

{
	"name": "Pranav Agate",
	"phoneNumber": "1234567890",
	"email": "pranav@upps.in",
	"school": "UP Public School",
	"osid": "xxxxxx",
	"osOwner": ["xxxxxx"],
	"_osState/school": "DRAFT"
}

Here password won't be returned. Password is used only in the creation of the Student entity in Keycloak and not stored directly in the database.

This will configure the entity to create a password while creating the entity object. Here ownership attribute password is required, Its value can be any path in the Student object we decide. If we don't set the password ownership attribute, It will take the default password .

We can create entities in the registry using the .

We can retrieve entities in the registry using the .

Schema API Endpoint
configured in the registry environment
Invite Entity API Endpoint
Retrieve Entity API Endpoint