mrtuborg/config.json Secret

## config.json
{
    // A sample configuration file that have all options set to their default.

    // If this file should be reloaded on each new request.
    "hot_reload_configuration": true,

    // Names of the private/public key files for JWT signing (public key is only necessary for running unit tests)
    "jwt_privatekey": "sk.der",
    "jwt_publickey": "pk.der",

    // Name of the JWT issuer that signs the JWT's
    "jwt_issuer": "irma_api_server-demo",

    // Completely enable or disable verification.
    "enable_verification": true,

    // Completely enable or disable issuing.
    "enable_issuing": true,

    // Completely enable or disable attribute-based signatures
    "enable_signing": true,

    // In order to prevent linkability, the timestamps of all issued credentials must fall exactly on an
    // epoch bondary. If this is set to true and the IdP requests a validity for a credential which does
    // not fall on such a boundary, we reject the request. If set to true, we accept the request and
    // floor it to the nearest epoch boundary ourselves.
    "reject_unfloored_validity_timestamps": true,

    // DANGEROUS: Allow JWTs containing issuing requests to be unsigned (using signing algorithm "none").
    // Use with care: if you set this to true, anyone that can reach your server can create issuance requests!
    "allow_unsigned_issue_requests": true,

    // Same as above for verification requests
    "allow_unsigned_verification_requests": true,

    // Same as above for signature requests
    "allow_unsigned_signature_requests": true,

    // Maximum age (in seconds) of incoming JSON web tokens for issuing or verification.
    "max_jwt_age": 60,

    // Time (in seconds) the token has to post its proof or secret key commitments. After this the session
    // expires and is removed.
    "token_response_timeout": 600,

    // Time (in seconds) the token has to retrieve the session info after the session has been created.
    // After this the session expires and is removed.
    "token_get_timeout": 120,

    // Time (in seconds) the client (i.e. the identity or service provider) has to fetch the result after the
    // token is done. After this the session expires and is removed.
    "client_get_timeout": 120,

    // A list of authorized IdP's and what credentials they may sign.
    // Example entry: "testip": [ "irma-demo.MijnOverheid.ageLower" ]
    // Supports wildcards as follows:
    // "testip": [ "*" ]              // testip can issue anything
    // "testip": [ "irma-demo.*" ]    // testip can issue anything managed by the irma-demo scheme manager
    // "testip": [ "irma-demo.MijnOverheid.*" ] // testip can issue all credentials from issuer MijnOverheid
    // Assuming "allow_unsigned_issue_requests" is set to false, for each key identifying an identity provider,
    // a .der public key file with the same name should be included in the src/main/resources/issuers folder, for
    // verifying JWT's containing incoming issuing requests. For example, in the example below,
    // src/main/resources/issuers/testip.der should exist.
    // Note that the included testip.js will not work until you put it here, for example as above.
    "authorized_idps": {
        "testip": [ "*" ],
        "keyshare_server": [ "*" ],
        "pk": [ "*" ]
    },

    // A list of authorized SP's and what attributes they may verify.
    // Example entry: "testsp": [ "irma-demo.MijnOverheid.ageLower.over12" ]
    // Wildcards are supported as above, plus:
    // "testsp": [ "irma-demo.MijnOverheid.ageLower.*" ] // testsp can verify all attributes from ageLower
    // .der public keys of authorized verifiers are expected at the path src/main/resources/verifiers.
    "authorized_sps": {
        "testsp": [ "*" ],
        "sk": [ "*" ]
    },

    // A list of authorized signature clients and what they may verify. Structure is the same as above.
    "authorized_sigclients": {
        "testsigclient": [ "*" ]
    }
}
	{
	// A sample configuration file that have all options set to their default.

	// If this file should be reloaded on each new request.
	"hot_reload_configuration": true,

	// Names of the private/public key files for JWT signing (public key is only necessary for running unit tests)
	"jwt_privatekey": "sk.der",
	"jwt_publickey": "pk.der",

	// Name of the JWT issuer that signs the JWT's
	"jwt_issuer": "irma_api_server-demo",

	// Completely enable or disable verification.
	"enable_verification": true,

	// Completely enable or disable issuing.
	"enable_issuing": true,

	// Completely enable or disable attribute-based signatures
	"enable_signing": true,

	// In order to prevent linkability, the timestamps of all issued credentials must fall exactly on an
	// epoch bondary. If this is set to true and the IdP requests a validity for a credential which does
	// not fall on such a boundary, we reject the request. If set to true, we accept the request and
	// floor it to the nearest epoch boundary ourselves.
	"reject_unfloored_validity_timestamps": true,

	// DANGEROUS: Allow JWTs containing issuing requests to be unsigned (using signing algorithm "none").
	// Use with care: if you set this to true, anyone that can reach your server can create issuance requests!
	"allow_unsigned_issue_requests": true,

	// Same as above for verification requests
	"allow_unsigned_verification_requests": true,

	// Same as above for signature requests
	"allow_unsigned_signature_requests": true,

	// Maximum age (in seconds) of incoming JSON web tokens for issuing or verification.
	"max_jwt_age": 60,

	// Time (in seconds) the token has to post its proof or secret key commitments. After this the session
	// expires and is removed.
	"token_response_timeout": 600,

	// Time (in seconds) the token has to retrieve the session info after the session has been created.
	// After this the session expires and is removed.
	"token_get_timeout": 120,

	// Time (in seconds) the client (i.e. the identity or service provider) has to fetch the result after the
	// token is done. After this the session expires and is removed.
	"client_get_timeout": 120,

	// A list of authorized IdP's and what credentials they may sign.
	// Example entry: "testip": [ "irma-demo.MijnOverheid.ageLower" ]
	// Supports wildcards as follows:
	// "testip": [ "*" ] // testip can issue anything
	// "testip": [ "irma-demo.*" ] // testip can issue anything managed by the irma-demo scheme manager
	// "testip": [ "irma-demo.MijnOverheid.*" ] // testip can issue all credentials from issuer MijnOverheid
	// Assuming "allow_unsigned_issue_requests" is set to false, for each key identifying an identity provider,
	// a .der public key file with the same name should be included in the src/main/resources/issuers folder, for
	// verifying JWT's containing incoming issuing requests. For example, in the example below,
	// src/main/resources/issuers/testip.der should exist.
	// Note that the included testip.js will not work until you put it here, for example as above.
	"authorized_idps": {
	"testip": [ "*" ],
	"keyshare_server": [ "*" ],
	"pk": [ "*" ]
	},

	// A list of authorized SP's and what attributes they may verify.
	// Example entry: "testsp": [ "irma-demo.MijnOverheid.ageLower.over12" ]
	// Wildcards are supported as above, plus:
	// "testsp": [ "irma-demo.MijnOverheid.ageLower.*" ] // testsp can verify all attributes from ageLower
	// .der public keys of authorized verifiers are expected at the path src/main/resources/verifiers.
	"authorized_sps": {
	"testsp": [ "*" ],
	"sk": [ "*" ]
	},

	// A list of authorized signature clients and what they may verify. Structure is the same as above.
	"authorized_sigclients": {
	"testsigclient": [ "*" ]
	}
	}