MIRACL Trust Enrolment

MIRACL Trust Enrolment is a service that provides different enrolment flows for MIRACL Trust. It is based on the Pluggable Verification API and has different flows predefined. The service is based on a library that has all the capabilities exposed as a Golang package. This allows the implementation of any bespoke flow a customer wants.

Get started

MIRACL Trust Enrolment Service can be distributed in many formats and packages. For this documentation, the assumption is the service is distributed as a Linux binary.

Get the service

To get the service write to support@miracl.com.

Components

  • Verification Service implements all flows, integrations, and the pluggable verification process. It exposes an HTTP API facilitating those flows and some admin actions that can be used directly or via the provided UI. Its endpoints are prefixed with /api.

  • Enrolment Admin UI is a SPA and linking to the Verification Service exposes some flows and administrative actions.

Run the verification

The service can be configured either with environment variables or with flags. When a single configuration is configured using both - the flag takes precedence.

For a list of all configuration options run:

./verification --help

The service has a lot of defaults so running it is as simple as:

./verification \
  --pv-client-id=*** \
  --pv-client-secret=*** \
  --pv-redirect-url=*** \
  --oidc-client-id=*** \
  --oidc-client-secret=*** \
  --oidc-redirect-url=http://127.0.0.1:8001/login \
  --authorized-users=*** \
  --cors-domain=http://127.0.0.1:8001

There are couple of options here:

  • The main purpose of the verification service is to verify and enroll identities for a given MIRACL Trust App. This app is configured by using --pv-client-id, --pv-client-secret, and --pv-redirect-url.

  • The verification service has support for authentication and authorization for the administrative interface. The authentication is done with OpenID Connect and is configured using --oidc-client-id, --oidc-client-secret, and --oidc-redirect-url. The authorization can be configured as a comma-separated list using --authorized-users.

  • The verification service utilizes CORS which is configured with --cors-domain. This is the domain the UI is running. It is used for adding CORS headers so then the UI can make requests to the verification service.

For information on different configuration options go to the features guide.