Allow any did to be public #2295

mkempa · 2023-07-11T12:42:08Z

Having a universal resolver set in the configuration, I want to be able to create and receive invitations containing a public DID other than did:sov (Indy DID). In order to do that I must promote the DID to public after it has been created in the wallet.

This PR adds checks of the DID format to associate ledger operations to the did:sov only in the said operation, thus allowing any DID format to be set as public.

Signed-off-by: Matus Kempa <[email protected]>

mkempa · 2023-07-11T12:45:43Z

aries_cloudagent/protocols/connections/v1_0/messages/connection_invitation.py

@@ -106,7 +106,7 @@ class Meta:
        example="Bob",
    )
    did = fields.Str(
-        required=False, description="DID for connection invitation", **INDY_DID
+        required=False, description="DID for connection invitation", **GENERIC_DID


When making these changes I had a did:web specifically in mind. I have no experience with other formats, that's why I have doubts whether GENERIC_DID is the right choice or be more restrictive.

dbluhm · 2023-07-11T13:30:54Z

@chumbert Interested in your thoughts on these changes

chumbert · 2023-07-11T14:59:00Z

@chumbert Interested in your thoughts on these changes

Hello ! The changes themselves are fine. My personal preference would be quite outside of the scope of this PR.

Lately people have been contributing code that got us rid of the

if this did_method:
...
elif this did_method:

logic for DIDs and verification methods. I think it is time we also consider a pluggable way to handle did registration.

Now back to reality: in our deployments we have side-stepped the publish did endpoint completely for our own did:web needs:

@docs(
    tags=[OPENAPI_TAG],
    summary="Set public DID of the wallet."
    "This is limited to the wallet, no ledger interaction.",
)
@match_info_schema(DIDSchema())
@response_schema(DIDResultSchema, 200, description="The updated did.")
async def set_public_did(request: web.Request):
    did = request.match_info.get("did")
    if not did:
        raise web.HTTPBadRequest(reason="Request query must include DID")

    context: AdminRequestContext = request["context"]

    async with context.profile.transaction() as transaction:
        did_info = await transaction.inject(BaseWallet).set_public_did(did)
        await transaction.commit()

    return web.json_response(
        data={
            "did": did_info.did,
            "verkey": did_info.verkey,
            "posture": DIDPosture.get(did_info.metadata).moniker,
            "key_type": did_info.key_type.key_type,
            "method": did_info.method.method_name,
        }
    )

I'm working internally to be able to publish and share with you our whole plugin soon. In addition to marking DIDs public, it also has an endpoint to configure wallet routing for public did in multitenancy scenarios (impossible to receive connection requests based on implicit invitations otherwise), and other things less relevant to this discussion.