Documentation updates

README.md

@@ -64,28 +64,36 @@ To use VC-AuthN for development and/or demo purposes, a pre-configured demo app
 In order to use the VC OIDC authentication, a couple of extra steps are required:
 
 - A proof-request configuration needs to be registered with VC-AuthN. To do
-  so, the following command can be used to post a configuration requesting a BCGov Verified Email credential:
+  so, the following command can be used to post a configuration requesting a BC Wallet Showcase Person credential:
 
 ```bash
 curl -X 'POST' \
   'http://localhost:5000/ver_configs/' \
   -H 'accept: application/json' \
   -H 'Content-Type: application/json' \
   -d '{
-  "ver_config_id": "verified-email",
-  "subject_identifier": "email",
+  "ver_config_id": "showcase-person",
+  "subject_identifier": "",
   "generate_consistent_identifier": true,
   "proof_request": {
-    "name": "BCGov Verified Email",
+    "name": "BC Wallet Showcase Person",
     "version": "1.0",
     "requested_attributes": [
 
       {
-        "names": ["email"],
+        "names": ["given_names", "family_name", "country"],
         "restrictions": [
           {
-            "schema_name": "verified-email",
-            "issuer_did": "MTYqmTBoLT7KLP5RNfgK3b"
+            "schema_name": "Person",
+            "issuer_did": "L6ASjmDDbDH7yPL1t2yFj9"
+          },
+          {
+            "schema_name": "Person",
+            "issuer_did": "QEquAHkM35w4XVT3Ku5yat"
+          },
+          {
+            "schema_name": "Person",
+            "issuer_did": "M6dhuFj5UwbhWkSLmvYSPc"
           }
         ]
       }
@@ -118,7 +126,7 @@ curl -X 'POST' \
 }'
 ```
 
-- Lastly, obtain a valid BCGov Verified Email credential from the [BCGov Email Verification Service](https://email-verification.vonx.io)
+- Lastly, obtain a Person Credential from the [BC Wallet Showcase](https://digital.gov.bc.ca/digital-trust/showcase) by completing the lawyer demo.
 
 After all these steps have been completed, you should be able to authenticate with the demo application using the "Verified Credential Access" option.
 

demo/vue/app/frontend/src/store/modules/auth.js

@@ -19,7 +19,7 @@ export default {
     // In most cases, when this becomes populated, we end up doing a redirect flow,
     // so when we return to the app, it is fresh again and undefined
     redirectUri: undefined,
-    presReqConfId: 'verified-email', //TODO: load this via config response
+    presReqConfId: 'showcase-person', //TODO: load this via config response
   },
   getters: {
     authenticated: () => Vue.prototype.$keycloak.authenticated,

demo/vue/docker-compose.yaml

@@ -7,7 +7,7 @@ services:
     build: .
     command: npm run serve
     environment:
-      FRONTEND_KC_PRES_REQ_CONF_ID: verified-email
+      FRONTEND_KC_PRES_REQ_CONF_ID: showcase-person
       FRONTEND_KC_SERVERURL: "http://localhost:8880/auth"
       FRONTEND_KC_REALM: "vc-authn"
       FRONTEND_KC_CLIENTID: "vue-fe"

docs/ConfigurationGuide.md

@@ -59,6 +59,17 @@ To register a new client, `POST` a request to the `/clients` endpoint with a pay
 }
 ```
 
+### Mappers
+
+Once the new Identity Provider is configured, mappers should be added in order to consume the claims in issued tokens. This can be done by clicking `Add mapper` in the `Mappers` tab within the Identity Provider configuration view. Mappers should be configured using the type `Attribute Importer` and, at minimum, should include:
+
+- `pres_req_conf_id`: this will return the id of the proof request configuration that was used during the authentication request. It should be used by the client application to check authentication was completed by using the expected credential (see [best bractices](./BestPractices.md) for additional information).
+- `vc_presented_attributes`: this will contain a serialized JSON object containing all of the attributes requested as part of the proof request, for the application to consume. If individual mappers are preferred, they can be configured to extract individual claims.
+
+The following is an example mapper configuration:
+![vc-authn-oidc-flow](img/03-mappers.png)
+
+
 ## Direct Configuration
 
 VC-AuthN 2.0 only supports confidential clients, and cannot be configured to be invoked directly from Single-Page applications. For back-end systems, however, the above instructions should still apply.