Set Access Grants Client Allow List

The Access Grant Service uses INRUPT_VC_CLIENT_ID_ALLOW_LIST to specify which applications can access the /issue Endpoint and the /status Endpoint. Only the application(s) associated with the listed Client ID(s) can access the endpoints.

Example Customization

The following customization updates INRUPT_VC_CLIENT_ID_ALLOW_LIST.

1. Go to your ESS installation directory:

   cd ${HOME}/ess
   

2. Create a ag-client-id-allow-list.yaml file with the following content:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: ess-verifiable-credentials
   spec:
     template:
       spec:
         containers:
         - env:
           - name: INRUPT_VC_CLIENT_ID_ALLOW_LIST
             value: https://podbrowser.inrupt.com/api/app,https://myAccessGrantApp.example.com/api/app
           name: ess-verifiable-credentials
   

3. Modify the kustomization.yaml (i.e., step 3 of the Applying Your Customizations procedure) to use ag-client-id-allow-list.yaml.

   Specifically, add the highlighted content to the kustomization.yaml file to the patches section:

   Tip

   If the patches key does not exist in kustomization.yaml, add the key patches as well.

   # kustomization.yaml in your ESS installation directory
   
   # ...  Preceding content omitted for brevity 
   # ...
   
   patches:
     - path: ag-client-id-allow-list.yaml
   

4. Continue with the rest of the Applying Your Customizations procedure.