Notification Gateway Service

New in version 1.1.

ESS provides a Notification Gateway service for discovering the protocol-specific endpoints.

Notification Gateway Service Endpoint

ESS Notification Gateway Service has the following endpoint:

https://notification.<ESS Domain>/

Clients can POST the following JSON document to the ESS Notification Gateway to determine the WebSocket Notification Service endpoint; no authentication is required:

{ "protocols": ["ws"] }

The response JSON contains the WebSocket endpoint that clients can access for login; for example:

{ "endpoint": "https://websocket.<ESS Domain>/", "features": [], "protocol": "ws" }

Notification Gateway Service is based on the Solid Notifications Protocol [1].

See also

WebSocket Notification Service

Configuration

As part of the installation process, Inrupt provides base Kustomize overlays and associated files that require deployment-specific configuration inputs.

The following configuration options are available for the service and may be set as part of updating the inputs for your deployment. The Inrupt-provided base Kustomize overlays may be using updated configuration values that differ from the default values.

Required

INRUPT_NOTIFICATION_WS_ENDPOINT

The URL of the WebSocket service; e.g., https://websocket.{ESS Domain}/.

Optional

INRUPT_JWT_ISSUER_ALLOW_LIST

A comma-separated list of trusted Solid-OIDC issuers (i.e., identity providers).

• If unset, the service accepts all Solid-OIDC issuers with the exception of those in the INRUPT_JWT_ISSUER_DENY_LIST.

• If set, the service accepts only those Solid-OIDC issuers in the list with the following exception:

  • If an issuer is in both INRUPT_JWT_ISSUER_ALLOW_LIST and INRUPT_JWT_ISSUER_DENY_LIST, the INRUPT_JWT_ISSUER_DENY_LIST supersedes the INRUPT_JWT_ISSUER_ALLOW_LIST and the issuer is not accepted by ESS.

See also INRUPT_JWT_ISSUER_DENY_LIST.

INRUPT_JWT_ISSUER_DENY_LIST

A comma-separated list of disallowed Solid-OIDC issuers.

• If unset, the service accepts all Solid-OIDC issuers unless INRUPT_JWT_ISSUER_ALLOW_LIST is set, in which case, the service only accepts those in the INRUPT_JWT_ISSUER_ALLOW_LIST.

• If set, the service disallows the Solid-OIDC issuers in the list. If INRUPT_JWT_ISSUER_ALLOW_LIST is also set, issuers not in the INRUPT_JWT_ISSUER_ALLOW_LIST are also disallowed.

INRUPT_JWT_ALLOWED_SIGNATURE_ALGORITHMS

Default: ES256, RS256

A comma-separated list that specifies the allowed encryption algorithms used to sign ID tokens.

Additional Information

See also https://quarkus.io/guides/all-config.

[1]

The Solid Notifications Protocol is in Draft status. Features based on draft specifications are subject to change.