Using Inji with Ory as an Authentication Server

Developer
1

I am trying to implement the Inji flow but using Ory as an authentication server. I’ve had some progress in the process, but I am stuck with this error right now:

"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). Claim 'jti' from 'client_assertion' must be set but is not."

I found this error in the mimoto logs.

I found this pull request [INJIWEB-1505]: Added jti field by kamlesh012 · Pull Request #681 · mosip/mimoto, which seems to be the change that I am missing, is this change in a production ready version? I am using a mimoto docker image which version is 0.15.0, does the version 0.17.1 sends the jti field that I am missing.

If updating Mimoto is the solution, is there a guide available for the update? Because I tried to use version 0.17.1, I got a new error when doing so. For example, one issue was that I was missing the credential_issuer_host, which was something I apparently didn’t need in the previous version.

Am I even looking at this issue in the right way? I’ll appreciate your help

2

Dear @TomasOGTIC ,

Thank you for reaching out, We are looking into your query and one of our experts will respond to it as soon as possible.

Best Regards
Team MOSIP

3

@TomasOGTIC So there are multiple things being asked here

  1. jti is missing while generating token request. It’s not production ready yet. It will be part of 0.18.0 release. For now you can make change in code as you are on older version 0.15.0.
    What to change in code can be referenced by the PR which you already found.

  2. Why credential_issuer_host is needed with 0.17.1 release. Earlier mimoto was relying on well-known endpoint configured in inji-config.
    We are working towards making app interoperable. For that we have introduced well-known discovery. To discover well-known, wallet just needs to know issuer host and then it constructs the well-known endpoint as credential_issuer_host/.well-known/openid-credential-issuer

Guidance on how to do in mimoto

  1. Make code change as per PR
  2. Build the docker image if we are deploying through docker-compose locally or docke r on env GitHub - mosip/mimoto
  3. If we are not using docker, then we can simply run the app as springboot app GitHub - mosip/mimoto

Let us know if you face any other issue or need any other support!!

Thanks & Regards
Swati Goel
Tech Lead - Inji Mobile