Set Access Grants Client Allow List#

The Access Grant Service uses INRUPT_VC_CLIENT_ID_ALLOW_LIST to specify which applications can access the /issue Endpoint and the /status Endpoint. Only the application(s) associated with the listed Client ID(s) can access the endpoints.

Example Customization#

The following customization updates INRUPT_VC_CLIENT_ID_ALLOW_LIST.

  1. Go to your ESS installation directory:

    cd ${HOME}/ess

  2. Create a ag-client-id-allow-list.yaml file with the following content:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: ess-verifiable-credentials
spec:
  template:
    spec:
      containers:
      - env:
        - name: INRUPT_VC_CLIENT_ID_ALLOW_LIST
          value: https://podbrowser.inrupt.com/api/app,https://myAccessGrantApp.example.com/api/app
        name: ess-verifiable-credentials

  3. Modify the kustomization.yaml (i.e., step 3 of the Applying Your Customizations procedure) to use ag-client-id-allow-list.yaml.

    Specifically, add the highlighted content to the kustomization.yaml file to the patches section:

    Tip

    If the patches key does not exist in kustomization.yaml, add the key patches as well.

    # kustomization.yaml in your ESS installation directory

# ...  Preceding content omitted for brevity 
# ...

patches:
  - path: ag-client-id-allow-list.yaml

  4. Continue with the rest of the Applying Your Customizations procedure.

On this page