Mimoto is a BFF(Backend for Frontend) for Inji Wallet. It's being used to get default configuration, download verifiable credentials (VC) and activate VC. It provides all necessary APIs to the Inji Wallet and acts as a proxy for resident services. Mimoto gets the request from Inji Wallet, performs all the validations and forwards it to respective services. Additionally, it subscribes to the web-sub event to be able to download the VC once it's ready.
Detailed API documentation of Mimoto is available here.
To get a list of issuers, this API is called. For retrieving the credential types and display properties, .well-known
location is referred for every issuer from the mimoto-issuers-config.json
Inji Wallet allows the users to download VC by redirecting the user to eSignet UI. Multiple APIs are being called to complete the process in the backend.
Inji Wallet initiates authenticate API by redirecting users to eSignet UI. On eSignet UI, user is given option to enter the unique ID, the user is asked to enter an OTP on the next screen. In the backend, token API is called to get a token. Refer here for more details.
After getting a token response, Inji Wallet initiates a download request. Refer here
Credentials have to be activated in order to use them for online login. When a user selects Activate option, an OTP is sent to the user and credentials are activated.
To send an OTP to a user, the below API is called.
After successful OTP validation, a keypair is generated in the phone and the public key is synced with server. The mimoto receives a certificate and create thumbprint which it stores in the keystore securely. This is called as the activation process.
The configurable properties for mimoto can be found at mimoto-default.properties. This property file is maintained as one for each deployment environment. On this repository, each environment configuration is placed in a corresponding branch specific to that environment.
Refer to mimoto-default.properties of Collab environment.
The implementers can choose to use the existing configurations or add new configurations to them.
The user is currently on the +
button on the Home screen, which will open Add new card
screen, where all the issuers are displayed Below issuers list API gives out all the issuers list
To get complete configuration of the specific issuer, below api is called.
This API provides data with search capability to populate the list of supported issuers in Inji Web, which is then displayed under the List of Issuers
OK
This api is used to generate otp for wallet binding. This api is used as a proxy to call Identity Provider - Send Binding OTP Endpoint api internally.
The individual id. UIN or VID.
Otp channels using which user will be notified, for example - EMAIL, PHONE
OK
The masked email of user
the masked mobile of user.
This API provides the complete configuration details for the specific issuers passed in the path variable
OK
This api is used to bind the credential with wallet. This api is used as a proxy to call Identity Provider - Wallet binding Endpoint api internally.
The request time
Auth factor type to be binded for the provided key.
Format of the auth factor type supported in the wallet app. Right now Inji supports only jwt.
The individual id. UIN or VID.
The public key of the wallet app.
Defines the type of auth challenge. It should be same as authfactor.type (oauth-details response).
Actual challenge as string. A jwt in case of inji.
Format of the challenge provided.
OK
Server certificate after successful binding. This certificate will be stored in wallet app.
the wallet binding id in encrypted format. The wallet app will associate the requested credential with this id.
expiry date time of the binding.
the certificate thumbprint.
the certificate key id.