Skip to main content

Deploying the Wallet

caution

Please ensure that you have Helm installed correctly before proceeding with the steps outlined below. Refer to Installing Helm for details.

Wallet Deployment using Helm Charts

All FPX components, including the Wallet, are packaged as Helm charts for easy and convenient deployment. There are two ways to gain access to the chart, either directly via the chart source code, or by adding the remote repository:

$ helm repo add identos https://charts.dev.identos.ca

It should then show up with the command:

$ helm repo list

Finally, to install the Helm chart after building the configuration file, run the following command:

$ helm upgrade --install example identos/fpx-wallet -f configuration.yaml

During the installation, the components network will be deployed. Installation is complete when you run the following command and all deployments are ready, up-to-date and available (the numbers may differ based on the configuration applied):

$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
wallet-example 1/1 1 1 2m6s
wallet-exampleapi 1/1 1 1 2m6s
wallet-exampleui 1/1 1 1 2m6s

The deployed HTTP endpoints can be shown. Depending on your environment, the address field may or may not show an external address.

$ kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
wallet-example wallet.example.com 80, 443 6m6s
wallet-exampleapi wallet-api.example.com 80, 443 6m6s
wallet-exampleui wallet-ui.example.com 80, 443 6m6s

Building the Helm Chart Configuration File

Configuration for a Helm chart used for the deployment of a Wallet is provided as a YAML formatted file. The following table lists the configuration parameters, a description for each one, and their default values.

ParameterDescriptionDefault
registry.remoteSecretThe name of the secret where the image container credentials are stored.null
wallet.enabledIf the Wallet server should be deployed.true
wallet.replicaCountNumber of replicas to deploy of the Wallet server, set to a number > 1 for redundancy purposes.
Note: Replication will depend on the deployment of the Kubernetes instance. If Kubernetes is deployed in one zone on the cloud, the replica will be created within that zone.
1
wallet.registryDocker container image location.registry.git.identos.ca/fpx-wallet/wallet-server
wallet.tagDocker container image location.v0.11.0
wallet.hostOverrideDomain name that the Wallet server will respond to for ingress rules.null
wallet.configWallet application configuration details. Refer to Wallet Server.{}
wallet.resourcesPod resources and limits.{}
wallet.nodeSelectorNode selector rules.{}
wallet.tolerationsAny node taints to tolerate.{}
wallet.affinityAny resource affinities for node selection.{}
wallet.suffixsuffix value for walletnull
wallet.refreshUseful parameter to force application to restart when new configurations are applied.42
wallet.deployment.annotationsAny custom annotations for this deployment object{}
wallet.ingress.enabledBoolean value enabling or disabling the creation of an ingress record.false
wallet.ingress.hostHostname with which an ingress record can be configured.null
wallet.ingress.annotationsAny custom annotations for this ingress record.{}
wallet.ingress.tls.hostsHostname of environment.null
wallet.ingress.tls.secretNameRefers to SSL certificates for HTTPSnull
wallet.image.credentialsName of the secret within the deploy namespace that contains the credentials for the container image.identos
wallet.keystores.https.aliasThe alias (or name) under which the key is stored in the keystore. This needs to be in a base64 encoded format. Refer to the Keystore Creation and Configuration section for details.null
wallet.keystores.https.enabledEnable HTTPS.true
wallet.keystores.https.jwksThe key itself as a md5 encoded PKCS12 KeyStore. This needs to be in a base64 encoded format. Refer to the Keystore Creation and Configuration section for details.null
wallet.keystores.https.passwordThe password of the keystore. This needs to be in a base64 encoded format. Refer to the Keystore Creation and Configuration section for details.null
wallet.keystores.signingKey.enableKey used for signing/verifyingfalse
wallet.application.mountFileWallet application mountfile details.{}
walletapi.enabledIf the Wallet API server should be deployed.true
walletapi.replicaCountNumber of replicas to deploy of the Wallet API server, set to a number > 1 for redundancy purposes.1
walletapi.registryDocker container image location.registry.git.identos.ca/fpx-wallet/wallet-admin-api
walletapi.tagDocker container image location.v0.2.0
walletapi.hostOverrideDomain name that the Wallet API server will respond to for ingress rules.null
walletapi.configWallet API application configuration details. Refer to Wallet API.{}
walletapi.resourcesPod resources and limits.{}
walletapi.nodeSelectorNode selector rules.{}
walletapi.tolerationsAny node taints to tolerate.{}
walletapi.affinityAny resource affinities for node selection.{}
walletapi.refreshUseful parameter to force application to restart when new configurations are applied.42
walletapi.deployment.annotationsAny custom annotations for this deployment object{}
walletapi.ingress.enabledBoolean value enabling or disabling the creation of an ingress record.false
walletapi.ingress.hostHostname with which an ingress record can be configured.null
walletapi.ingress.annotationsAny custom annotations for this ingress record.{}
walletapi.ingress.tls.hostshostname of environmentnull
walletapi.ingress.tls.secretNameRefers to SSL certificates for HTTPSnull
walletapi.image.credentialsName of the secret within the deploy namespace that contains the credentials for the container imageidentos
walletapi.keystores.https.aliasThe alias (or name) under which the key is stored in the keystore. This needs to be in a base64 encoded format. Refer to the Keystore Creation and Configuration section for details.null
walletapi.keystores.https.enabledEnable HTTPS.true
walletapi.keystores.https.jwksThe key itself as a md5 encoded PKCS12 KeyStore. This needs to be in a base64 encoded format. Refer to the Keystore Creation and Configuration section for details.null
walletapi.keystores.https.passwordThe password of the keystore. This needs to be in a base64 encoded format. Refer to the Keystore Creation and Configuration section for details.null
walletapi.keystores.signingKey.enableKey used for signing/verifyingnull
walletui.enabledIf the Wallet UI server should be deployed.true
walletui.replicaCountNumber of replicas to deploy of the Wallet UI server, set to a number > 1 for redundancy purposes.
Note: Replication will depend on the deployment of the Kubernetes instance. If Kubernetes is deployed in one zone on the cloud, the replica will be created within that zone.
1
walletui.registryDocker container image location.registry.git.identos.ca/fpx-wallet/wallet-webui
walletui.tagDocker container image location.v1.0.0
walletui.hostOverrideDomain name that the Wallet server will respond to for ingress rules.null
walletui.configWallet application configuration details. Refer to Wallet UI.{}
walletui.resourcesPod resources and limits.{}
walletui.nodeSelectorNode selector rules.{}
walletui.tolerationsAny node taints to tolerate.{}
walletui.affinityAny resource affinities for node selection.{}
walletui.i18nLanguage configuration for the Wallet UI server. Refer to Language Configuration.{}
mysql.enabledDetermines whether a test version of MySQL will be deployed.{}
walletui.refreshUseful parameter to force application to restart when new configurations are applied.42
walletui.replicaCountNumber of replicas to deploy of the Wallet UI.1
walletui.deployment.annotationsAny custom annotations for this deployment object{}
walletui.ingress.enabledBoolean value enabling or disabling the creation of an ingress record.false
walletui.ingress.hostHostname with which an ingress record can be configured.null
walletui.ingress.annotationsAny custom annotations for this ingress record.{}
walletui.ingress.tls.hostshostname of environmentnull
walletui.ingress.tls.secretNameIt refer SSL certificates for httpsnull
walletui.image.credentialsName of the secret within the deploy namespace that contains the credentials for the container imageidentos

Keystore Creation and Configuration

The Wallet Server deployment configuration YAML consists of several parameters that address keystore values. The keystore is used to store the custom signing encryption keys for the Wallet Server and the Wallet Server API. The parameters used to define keystore related values are:

  • wallet.keystores.https.alias
  • wallet.keystores.https.enabled
  • wallet.keystores.https.jwks
  • wallet.keystores.https.password
  • wallet.keystores.signingKey.enable
  • walletApi.keystores.https.alias
  • walletApi.keystores.https.enabled
  • walletApi.keystores.https.jwks
  • walletApi.keystores.https.password
  • walletApi.keystores.signingKey.enable

In order to populate the alias, JWKS key and password parameters, the following steps need to be executed: 1) Generate a keystore and alias key 2) Apply base64 encoding for the alias name, password and JWKS key. 3) Update these base64 encoded values into the YAML config file.

To generate the key and the keystore, run the following command:

keytool -genkey -v -keystore wallet.jks -alias <custom_alias> -keyalg RSA -sigalg SHA256withRSA -keysize 2048  -ext KeyUsage=keyCertSign -validity 10000
IMPORTANT

IMPORTANT: The Keystore alias defined should always be in lower case. The alias can be of alpha-numeric characters only.

To apply the base64 encoding for the alias name, password and JWKS key, run the following commands:

  • echo <alias name> | base64
  • echo <password> | base64
  • echo <JWKS Key> | base64

These commands will return the values in the base64 encoded format. Enter the encoded values in the configuration parameters listed above.

note

For production environments, it is recommended that individual keystores and key values exist for the Wallet Server and the Wallet Server API parameters.

Application Configuration

The following configuration files should be used in the Helm chart for the config directives under each application section including wallet.config, walletui.config, walletui.i18n, and walletapi.config. Values should be left to the defaults provided excluding the replacement values as listed in each section.

Wallet Server

The configuration details required under the wallet.config parameter are:

  • Authorization Server domain name, clientid and secret (eg. https://authserver, clientid, secret)
  • Wallet Server domain name (eg. https://walletserver)
  • Wallet Web UI domain name (eg. https://walletui)
  • Wallet Native url scheme (eg. com.identos.wallet)
  • Database host, dbname, username and password (eg. dbhost, dbwallet, dbusername, dbpassword)
Using Verifiable Credentials

Verifiable Credentials is an optional feature for the FPX Wallet that needs to be enabled via specific configuration parameters under wallet.config. The sample YAML shown in this section does not contain these optional parameters. Refer to the Verifiable Credentials chapter for more details on the specific configuration required to enable this feature.

A sample YAML file is shown below followed by a detailed description of each parameter listed here, whether it's a required parameter and accepted values.

      ##Tomcat Server Configuration
server.tomcat.remote_ip_header: x-forwarded-for
server.tomcat.protocol_header: x-forwarded-proto
server.tomcat.use-relative-redirects: true
server.port: 8080
web-host: https://wallet-ui.fpx-staging.dev.identos.ca
server.error.whitelabel.enabled: false
server-host: https://wallet.fpx-staging.dev.identos.ca
qrPageUrl:

##Wallet server OIDC client, provider and datasource details
oidc:
client:
redirectHost: ${server-host}
redirectSuffix: /callback
redirectPrefix: /login/idps/
deviceVerification: /tx
provider:
issuer: ${server-host}
redirectHost: ${server-host}
jwksEndpoint: /jwks
authzEndpoint: /transaction/authorize
datasource:
redirectSuffix: /callback
redirectPrefix: /data-sources/
redirectHost: ${server-host}
mobile-permission-path: consent_request
mobile-host: com.identos.demo.wallet://fpx-wallet/
navigator:
webUiRedirect: ${web-host}/as-authorize
navEndpointRedirect: ${server-host}/navigator
multiNav: true
redirects:
wallet-identos-nav-niagara-hint: com.identos.demo.wallet://fpx-wallet
wallet-identos-nav-shrc-hint: com.identos.demo.wallet://fpx-wallet
wallet-identos-nav-nygh-hint: com.identos.demo.wallet://fpx-wallet
wallet-identos-nav-stjoes-hint: com.identos.demo.wallet://fpx-wallet
wallet-identos-webui-hint: ${web-host}/as-authorize

consentPath: /${mobile-permission-path}
app:
nicknameSeparator: " "
redirect:
platforms:
useIntermediateCallbackUI: true
ios:
oauthCallback: com.identos.demo.wallet://fpx-wallet/oauth_callback
userConsentRequest: com.identos.demo.wallet://fpx-wallet/consent_request
android:
oauthCallback: com.identos.demo.wallet://fpx-wallet/oauth_callback
userConsentRequest: com.identos.demo.wallet://fpx-wallet/consent_request
web:
oauthCallback: ${web-host}/idp-callback
userConsentRequest: ${web-host}/as-authorize
rsCallback: ${web-host}/rs-callback
errorPageRedirectUrl: ${web-host}/login
device:
verificationUrl: ${mobile-host}${mobile-permission-path}
userCodeExpiry: 240000
confirmationCodeExpiry: 240000
accessTokenExpiry: 240000
sessionlength:
platforms:
ios: 600000
android: 600000
web: 36000000000
defaultLifeTime: 36000000000
idpManageUrl: https://idstore.rs.dev.identos.ca/auth/realms/user-portal/me/manage
cors:
origins:
- https://wallet-ui.fpx-staging.dev.identos.ca
fpxwallet.walletserver.resources.login-page.css: ${server-host}/style.css
spring:
thymeleaf:
cache: false
#prefix: https://identos-public-dropbox.s3.ca-central-1.amazonaws.com/environments/fpx-staging.dev.identos.ca/wallet/
prefix: classpath:./templates/
resources.static-locations: classpath:./static/
datasource:
driverClassName: com.mysql.jdbc.Driver
url: jdbc:mysql://identos-development.co81mhts8zg9.ca-central-1.rds.amazonaws.com:3306/fpx_staging_wallet?createDatabaseIfNotExist=true
username: admin
password: uP9qS4Zvb7VLn6WJ
jpa:
hibernate.ddl-auto: validate
generate-ddl: false
show-sql: false
flyway:
enabled: true
locations: classpath:db/development
i18n:
defaultLang: en
allLanguages: fr, en
basename: file:/etc/config/messages
cacheEvictFixedRateString: PT60S
mountFile:
- filename: messages_en.properties
identifier: i18n-en
folderpath: "/etc/config/"
data: |-
error_title=Session timed out
ontario_trusted_account=CareHub account
session_timed_out_title=Session Timed Out
session_timed_out_message=Your session timed out. Please restart your account set up process.
try_again=Please Start Again
no_script=You need to enable JavaScript to run this app.
redirect_to_app=Redirect to native app
oauth_success_title=Access your CareHub account
oauth_success_message=To complete this flow and access your CareHub account, you must return to your Navigator app.
oauth_success_button=Continue to my appp

Global Server Parameters

Configuration directives that are used for overall application configuration.

ParameterDescriptionSuggested ValueRequired
server.tomcat.remote_ip_headerHeader to use as remote IP address for client connections.x-forwarded-forYes
server.tomcat.protocol_headerHeader to use as remote protocol for client connections.x-forwarded-protoYes
server.tomcat.use-relative-redirectsWhen redirecting, assume links are relative.TrueYes
server.portApplication port to listen for client connections on.8080
server.error.whitelabel.enabledEnable built in spring configuration file.falseYes
spring.thymeleaf.prefixLocation of template files for Wallet selection and error pages. Can use external sources such as https://classpath:./templates/Yes
spring.resources.static-locationsLocation of static files such as css/html/javascript for template files.classpath:./static/Yes

Database Configuration

Database configuration for the Wallet Server

ParameterDescriptionSuggested ValueRequired
spring.flyway.enabledEnable or disable automatic Flyway migrations.trueYes
spring.flyway.locationsLocation for DB migration scripts.classpath:db/migration,classpath:db/developmentYes
spring.datasource.driverClassNameDriver to use for DB connections (only MySQL supported).com.mysql.jdbc.DriverYes
spring.datasource.urlDriver to use for DB connections.jdbc:mysql://database-hostname/authserver?createDatabaseIfNotExist=trueYes
spring.datasource.usernameUsername for database connection.usernameYes
spring.datasource.passwordPassword for database connection.passwordYes
spring.jpa.hibernate.ddl-autoValidate database structure on startup.validateYes
spring.jpa.show_sqlShow all SQL queries that are run against the database source in the logs.falseNo
spring.jpa.generate_ddlA flag that determines whether a SQL Database should be initialized at startup.trueYes

OIDC Configuration Settings

OIDC configuration settings including both client / sever settings.

ParameterDescriptionSuggested ValueRequired
oidc.client.redirectHostHostname to use for redirect URIs back to Wallet server after authorizationhttps://walletserver.comYes
oidc.client.redirectSuffixPath suffix to use for redirect URIs back to Wallet server after authorization/callbackNo
oidc.client.redirectPrefixPath prefix to use for redirect URIs back to Wallet server after authorization/login/idpsNo
oidc.client.deviceVerificationEndpoint used by device verification/txYes
oidc.provider.issuerIssuer URL when acting as an OIDC providerhttps://walletserver.comYes
oidc.provider.redirectHostRedirect host when acting as an OIDC providerhttps://walletserver.comYes
oidc.provider.jwksEndpointEndpoint that contains JWKS for private key authentication/jwksNo
oidc.provider.authzEndpointAuthorization endpoint when acting as OIDC provider/transaction/authorizeYes
oidc.datasource.redirectSuffixPath suffix to use for redirect URIs back to Wallet server after authorization/callbackNo
oidc.datasource.redirectPrefixPath prefix to use for redirect URIs back to Wallet server after authorization/data-sources/No
oidc.datasource.redirectHostAuthorization endpoint when acting as OIDC providerhttps://walletserver.comYes

Configuration for Web + Mobile IDENTOS Navigator configuration as a Wallet user interface

ParameterDescriptionSuggested ValueRequired
navigator.webUiRedirectWeb Wallet UI authorization redirect endpointhttps://ui.walletserver.com/as-authorizeYes
navigator.navEndpointRedirectServer redirect for Navigator authorization redirect endpointhttps://walletserver.comYes
navigator.multiNavEnable support for multiple navigators mapped to a single Wallet serverfalseYes
navigator.redirectsRedirects for mobile Navigator.com.identos.wallet://fpx-walletYes
navigator.consentPathPath within Wallet for consent requests/consent_requestYes
app.nicknameSeparatorSeperator between nicknames" "Yes
app.redirect.platforms.useIntermediateCallbackUIShow intermediate page during redirect from Wallet server to Wallet user agentfalseYes
app.redirect.platforms.ios.oauthCallbackRedirect path to iOS user agent after OAuth completioncom.identos.wallet://fpx-wallet/oauth_callbackYes
app.redirect.platforms.ios.userConsentRequestRedirect path to iOS user agent after user consentcom.identos.wallet://fpx-wallet/consent_requestYes
app.redirect.platforms.android.oauthCallbackRedirect path to Android user agent after OAuth completioncom.identos.wallet://fpx-wallet/oauth_callbackYes
app.redirect.platforms.android.userConsentRequestRedirect path to android user agent after user consentcom.identos.wallet://fpx-wallet/consent_requestYes
app.redirect.platforms.web.oauthCallbackRedirect path to web user agent after OAuth completionhttps://ui.walletserver.com/idp-callbackYes
app.redirect.platforms.web.userConsentRequestRedirect path to web user agent after user consenthttps://ui.walletserver.com/as-authorizeYes
app.redirect.platforms.web.rsCallbackRedirect path to web user agent after resource authorizationhttps://ui.walletserver.com/rs-callbackYes
app.redirect.errorPageRedirectUrlURL to link users to on error pages""No
app.device.verificationUrlRedirect path for mobile user agent for verificationcom.identos.wallet://fpx-wallet/consent_requestYes
app.device.userCodeExpiryExpiry in seconds for user code240000No
app.device.confirmationCodeExpiryExpiry in seconds for confirmation code240000No
app.device.accessTokenExpiryAccess token expiry in seconds240000No
app.sessionlength.platforms.iosMaximum session length on iOS600000No
app.sessionlength.platforms.androidMaximum session length on android600000No
app.sessionlength.platforms.webMaximum session length on web3600000No
app.sessionlength.defaultLifeTimeDefault session length3600000No
app.idpManageUrlURL to provide to Wallet clients for IDP management.""Yes
cors.originsList of web origins to accept traffic from.[https://ui.walletserver.com/idp-callback]Yes
fpxwallet.walletserver.resources.login-page.cssPath to CSS file for default theme.https://walletserver.com/style.cssYes

Wallet Admin API

The configuration details required under the walletapi.application.config parameter are as follows. Note that the values shown for spring.datasource.username and spring.datasource.password are placeholders and should be replaced with credentials for the specific database used in your deployment.

server.port: 8080
server.error.include-binding-errors: ALWAYS
server.error.include-exception: true
server.error.include-message: ALWAYS
server.error.include-stacktrace: ALWAYS

logging:
level:
com.identos.wallet.admin: DEBUG
org.springframework.web: DEBUG
org.hibernate.SQL: DEBUG
org.hibernate.type: TRACE

spring.jpa.properties.hibernate.format_sql: true

wallet-admin:
staticToken: {{WS_ADMIN_STATIC_TOKEN}}

spring:
output.ansi.enabled: ALWAYS
jpa:
generate-ddl: false
hibernate:
ddl-auto: validate
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost/wallet_admin?useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC
username: {{DATABASE_USERNAME}}
password: {{DATABASE_PASSWORD}}

elide:
modelPackage: 'com.identos.wallet.admin.entity'
pageSize: 1000
maxPageSize: 10000
json-api:
path: /json-api
enabled: true
graphql:
path: /graphql
enabled: false
swagger:
path: /json-api/openapi
enabled: true
name: 'Wallet Admin API'
version: "v1.0"

Logging and Response Output

These settings control what should be logged and at what level of detail, as well as the information returned in Wallet Admin API error responses. Because this is an Admin API, we are not concerned with stack traces and application internals being returned in responses. Therefore, these can be left as default for the majority of use cases.

ParameterDescriptionSuggested ValueRequired
server.error.include-binding-errorsThe server will not be prevented from including binding errors in error response payloadsALWAYSNo
server.error.include-exceptionThe server will not be prevented from including exceptions in error response payloadstrueNo
server.error.include-messageThe server will not be prevented from including messages in error response payloadsALWAYSNo
server.error.include-stacktraceThe server will not be prevented from including stack traces in error response payloadsALWAYSNo
logging.level.com.identos.wallet.adminControls the level at which the Wallet Admin API logs will be outputDEBUGNo
logging.level.org.springframework.webControls the level at which the Spring framework Web logs will be outputDEBUGNo
logging.level.org.hibernate.SQLControls the level at which the Hibernate framework SQL logs will be outputDEBUGNo
logging.level.org.hibernate.typeControls the level at which the Hibernate framework SQL binding type logs will be outputDEBUGNo
spring.jpa.properties.hibernate.format_sqlThis will format the SQL that is output to the logs to make it more readabletrueNo

Authentication Token Configuration

ParameterDescriptionSuggested ValueRequired
wallet-admin.staticTokenDefines the value of the static token that the Wallet Admin API will expect to be included as an Authorization header on all requestsa UUIDYes

Database Configuration

NOTE: These values should match the values defined for the Wallet Server parameters in the previous section.

ParameterDescriptionSuggested ValueRequired
spring.datasource.driver-class-nameMySQL Driver name.com.mysql.cj.jdbc.DriverYes
spring.datasource.urlDriver to use for DB connections.jdbc:mysql://dbhost/dbnameYes
spring.datasource.usernameUsername for database connection.dbusernameYes
spring.datasource.passwordPassword for database connection.dbpasswordYes
spring.jpa.generate-ddlWhether Hibernate is responsible for generating the database schemafalseYes
spring.jpa.hibernate.ddl-autoThere are two options to manage the underlying database schema when working with JPA and Hibernate (leveraged by all backend IDENTOS components):
1) You can encapsulate schema changes in migration scripts and use a tool, like Flyway, to apply the migration scripts upon starting the application. This is the method we will use to generate and update the schema for the authorization server and the Admin Server.
2) You can generate or update the database schema from the JPA and Hibernate entity mappings (extrapolate the domain classes/entity mappings of the deployed server and auto generate the database schema) using the ddl.auto tool. We will not use this method to generate the schema for any of the components. This is why the value for this field should be set to "validate" as this option instructs Hibernate to ONLY validate the underlying database schema against the entity mappings.
validateYes
spring.output.ansi.enabledEnables coloured log output when viewed with a terminaltrueNo

JSON API Configuration

The parameters under the elide section are used to expose JSON APIs and configure their URL paths. IDENTOS recommends that these be left at the default values. For more information, refer to Elide Setup.

Wallet UI

The configuration details required under the walletui.config parameter are:

  • Wallet Server domain name (eg. https://walletserver)
  • Path to CSS file for style overrides (eg. https://cdn/style.css)
    {
"url": "https:\/\/walletserver",
"client_id": "authserver-client-id",
"authorization_code_inputs": 6,
"qrPollingInterval": 10000,
"numberOfNotificationToShow": 2,
"whitelabel": "/config-styles/whitelabel.identos.css",
"login_page_image": {
"__html": "<img src='/assets/innovation-software-the-solution-1.png' alt=\"\" />"
},
"login_intro_content": {
"__html": "<p class=\"login-content-intro\">Share your information with your digital wallet</p>"
},
"login_guide_content": {
"__html": "<p class=\"login-content-guide\">Log into your account</p>"
},
"login_identity_verifier_logo": "/assets/identos_logos/logo@3x.png"
}

Language Configuration

The walletui.i18n parameter is used to define all text elements of the Wallet UI. This includes definitions for each error and warning message as well as UI elements such as white-labeling application name, sidebar navigation entries, on-screen instructions, alt-text etc.

Additional language files can be created and added to the i18n folder as required.

The full list of parameters under walletui.i18n is defined below:

{
"charset": "utf-8",
"title": "Wallet WebUI",
"favicon": "%PUBLIC_URL%/favicon.ico",
"noscript": "You need to enable JavaScript to run this app.",
"login__idplist_error_title": "Unable to Load Identity Verifiers",
"login__idplist_error_desc": "We were unable to load the list of Identity Verifiers. Please try again if you wish to continue.",
"login__idplist_select_error_title": "Unable to Select Identity Verifier",
"login__idplist_select_error_desc": "An error occurred while trying to connect to the selected Identity Verifier.",
"login__logging_error_title": "Unable to Log In",
"login__logging_error_desc": "An error occurred while trying to log you in.",
"login__title_content": "IDENTOS Wallet",
"login__user_and_pass_link": "Login with username and password",
"login__no_account": "No account?",
"login__sign_up_now": "Sign up now",
"alt__logo": "Telus logo",
"alt__google_icon": "Google icon",
"qr__title": "Use your <span>{{walletName}}</span> wallet account to give <span>{{clientName}}</span> access to your information",
"qr__instruction": "Log into your <span>{{walletName}}</span> wallet account ",
"qr_desc": "You can complete this request by logging into your <span>{{walletName}}</span> wallet, or use the <span>{{walletName}}</span> in the <span>{{walletName}}</span> Navigator.",
"no_account": "No account?",
"sign_up": "Sign up now",
"menu": "Menu",
"qr__login_title": "Login to my Wallet account",
"qr__login_instructions": "Select the Identity Verifier you used to log into your existing account",
"qr__login_action--username_password": "Login with username and password",
"qr__or": "or",
"qr__login_action--nav_app": "Log in using my navigator app",
"qr__one": "1.",
"qr__one_info": "Open your <span>{{walletName}}</span> Navigator on your phone",
"qr__two": "2.",
"qr__two_info": "From your Account screen, tap Scan QR Code",
"qr__three": "3.",
"qr__three_info": "Point your phone at this screen to capture the QR code",
"qr__scan_problem": "Can't scan QR code?",
"qr__use_code": "Type in this initiation code instead: <span>{{code}}</span>",
"consent__title": "The {{ clientName }} wants access to your information",
"confirmAuth__title": "Use your <span>{{walletName}}</span> Wallet account to give <span>{{clientName}}</span> access to your information",
"confirmAuth__instruction": "Confirm your authorization",
"confirmAuth__instrucion_desc": "You have agreed to give {{clientName}} access to the following:",
"confirmAuth__code_desc": "To confirm that you have authorized access to your information, and ensure no one else has access to your account, please input the 6-digit Authorization Code that is displayed on your phone. ",
"confirmAuth__auth_code": "Authorization Code:",
"confirmAuth__submit": "Submit",
"confirmAuth__what_if": "What if I can’t see a code?",
"confirmAuth__source": "Source:",
"confirmAuth__details": "details",
"resourceDetailsModal__details": "Details",
"resourceDetailsModal__whats_this": "What's this",
"resourceDetailsModal__reason": "Reason:",
"resourceDetailsModal__close": "Close",
"submissionModal__processing": "Processing Your Request…",
"submissionModal__errorTitle": "Error",
"submissionModal__close": "Ok",
"submissionModal__201_error": "Too Many Tries",
"submissionModal__201_error_desc": "You have entered the incorrect Authorization Code too many times, and now now locked out. No access has been provided to {{client}}. Please begin a new session.",
"submissionModal__400_error": "Incorrect authorization code",
"submissionModal__400_error_desc": "The code you have entered is incorrect. Please try again. ",
"submissionModal__401_error": "Session Expired",
"submissionModal__401_error_desc": "This session has expired because of inactivity. No access has been provided to {{client}}. To continue, please begin a new session.",
"submissionModal__403_error": "Expired Code",
"submissionModal__403_error_desc": "The Authorization Code entered has expired. Please begin a new session.",
"submissionModal__404_error": "Unable to Complete Request",
"submissionModal__404_error_desc": "We could not complete the request because no claim for this transaction could be found.",
"consent__subtitle": "Authorization Request",
"consent__step_one_title": "Step 1.",
"consent__step_one": "Find a connection that can send {{ clientName }} the information they are requesting.",
"consent__change": "Change",
"consent__findconnection": "Find connection",
"consent__scope": "Scope: ",
"consent__reason": "Reason: ",
"consent__whats_this": "What is this?",
"consent__learn_more": "Learn More",
"rs_name": "{{ rsName }}",
"consent__step_two_title": "Step 2.",
"consent__step_two": "Choose the requested information you wish {{ rsName }} to have access to.",
"consent__doc_links": "You may review this Service Provider's ",
"consent__terms_of_use": "Terms of Use",
"consent__privacy_policy": "Privacy Policy",
"consent_doc_and": " and ",
"consent__auth_btn": "Send Authorization",
"consent__decline_btn": "Decline Request",
"consent__allow_access": "ALLOW ACCESS TO:",
"consent__deny_access": "DENY ACCESS TO:",
"consent__connection_text": "CONNECTION:",
"consent__decline_title": "Are you sure?",
"consent__decline_desc": "Declining this request means your information will not be shared.",
"consent__decline_btn1": "Decline",
"consent__decline_btn2": "No",
"consent__loading_list_error_title": "Unable to Load Requested Information",
"consent__loading_list_error_desc": "We were unable to load the information the organization is requesting. Please begin a new session.",
"consent__sending_auth_error_title": "Unable to Send Authorization",
"consent__sending_auth_error_desc": "We were unable to send authorization to the organization. Please try again if you wish to continue.",
"consent__expired_connection_error_title": "Expired Connection ",
"consent__expired_connection_error_desc": "We were unable to send authorization to the organization because a chosen connection has expired.",
"modal__title": "Find a Source",
"modal__subtitle": "Select the source that can provide your:",
"modal__rs_names": "{{ rsNames }}",
"modal__src_name": "{{ srcName }}",
"modal__connection_btn": "Use Connection",
"modal__connection_connecting": "Connecting...",
"modal__connect_btn": "Connect",
"session_modal__title--invalid": "Session Error",
"session_modal__title--expiry": "Session Timed Out",
"session_modal__message--invalid": "Something has gone wrong. Please log in again to resolve the problem.",
"session_modal__message--expiry": "Due to inactivity, your session has timed out! Please log in again to continue.",
"session_modal__login": "Ok",
"session_modal__contact--invalid": "Can't resolve the error?",
"session_modal__contact-link--invalid": "Contact Telstra",
"modal__reconnect_btn": "Reconnect Source",
"modal__connected_source_expired": "Connection to source is expired",
"modal__connect_api_error": "We were unable to connect! Please try again.",
"fpx_dl__add_btn": "Add Item",
"fpx_dl__select_default": "-- Select One --",
"fpx_dl__empty_field": "Field is empty",
"fpx_table__title": "{{ fpxTitle }}",
"fpx_table_row__remove": "Remove",
"fpx_table_title__title": "{{ title }}",
"idp": "{{ idpName }}",
"profile__title": "Current Identity",
"profile__verified_by": "Identity Verifier",
"google": "Google",
"profile__add_verifier": "Add another identity verifier",
"profile__improve_security_title": "Improve your account security",
"profile__improve_security_body": "Protect your information by adding another level of security to your account.",
"profile__no_security_title": "Your account is not secure",
"profile__no_security_body": "Protect your information by adding security to your account.",
"profile__notifications": "Notifications",
"profile__notifications_title": "You Have No Notifications",
"profile__notifications_body": "You will be notified of updates, requests for your information and any issues with your account security.",
"profile__notifications_history": "See notification history",
"sidebar__my_account": "My Account",
"sidebar__connection": "Connections",
"sidebar__settings": "Settings",
"connections__title": "Connections",
"connections__add_button": "Connection",
"connections__search": "Search...",
"connections__name": "Name",
"connections__type": "Type",
"connections__lastActive": "Last Active",
"connections__paginationRow": "Rows per page",
"connections__paginationOF": "of",
"connections__noResultsFound": "No Results Found",
"connections__couldNotFind": "We couldn’t find any connections with that query.",
"connections__noDataTitle": "No Connections found",
"connections__noDataDesc": "You have not authorized any services, information sources or identity verifers to access your information. ",
"connections__find_connections_btn": "Find Connections",
"connections_failure_load_title": "Unable to Load Connections List",
"connections_failure_load_desc": "We were unable to load your list of Connections. Please try again.",
"connections__internet_failure_load_title": "Unable to Load Connections List ",
"connections__internet_failure_load_desc": "We were unable to load this list of connections. Check your internet connection and try again.",
"findConnections_failure_load_title": "Unable to Load Add Connections List",
"findConnections_failure_load_desc": "We were unable to load this list of connections. Please try again if you wish to continue.",
"findConnections_conenction_failure_title": "Unable to Add a Connection",
"findConnections_conenction_failure_desc": "An error occurred while trying to add this connection. Please try again if you wish to continue.",
"findConnections__title": "Find Connections",
"findConnections__connections": "Connections",
"findConnections__sub_title": "Select an organization you would like to connect with and authorize to provide requested information.",
"findConnections__cancel": "Cancel",
"findConnections__modal_title": "Success",
"findConnections__modal_desc": "You have connected to the {{rsName}} and have authorized them to access your information.",
"findConnections__modal_button": "Ok",
"findConnections__connection_not_found_title": "No Connections",
"findConnections__connection_not_found_desc": "Currently, there are no more organizations to connect to.",
"connections_modal_title": "Add a new connection",
"connections_modal_message": "Are you sure?",
"connections_modal_add_connection": "Add Connection",
"settings__title": "Settings",
"settings__activity": "Activity",
"settings__see_all_activity": "See All Activity",
"settings__security": "Security",
"settings__add_two_step": "Add Two-Step Verification",
"settings__preferences": "Preferences",
"settings__recommend_sources_title": "Recommend sources for requests",
"settings__recommend_sources_body": "When you receive an authorization request, the app will automatically recommend the best information source for the request. You will be able to change this at any time",
"settings__my_devices": "My Devices",
"logout__logout": "Log out",
"logout__cancel": "Cancel",
"logout__yes_logout": "Yes, log out",
"logout__body_text": "Would you like to log out of the Wallet account?",
"settings__logout_all_devices": "Log out from all devices",
"settings__lastActive": "Last active",
"settings__no_connected_devices": "No Connected Devices found",
"settings__lastActive_at": "at",
"connectionDetail__failure_load_title": "Unable to Load Connection Details",
"connectionDetail__failure_load_desc": "We were unable to load your list of Connections. Please try again.",
"connectionDetail__failure_disconnect_title": "Unable to Disconnect Connection",
"connectionDetail__failure_disconnect_desc": "An error occurred while trying to disconnect this connection. Please try again.",
"connectionDetail__failure_no_network_title": "Unable to Load Connection Details",
"connectionDetail__failure_no_network_desc": "We were unable to display the details of this Connection. Check your internet connection and try again.",
"connectionDetail__information": "Information",
"connectionDetail__source": "Source",
"connectionDetail__connected": "Connected",
"connectionDetail__expires": "Expires",
"connectionDetail__timesShared": "Time Shared",
"connectionDetail__recentActivity": "Recent Activity",
"connectionDetail__trustedNetworks": "Trusted Networks",
"connectionDetail__serviceProvider": "Service Provider",
"connectionDetail__disconnectServiceProvider": "Disconnect Service Provider",
"connectionDetail__reconnectServiceProvider": "Reconnect Service Provider",
"connectionDetail__serviceSubHeading": "Acting as a service provider, <span>{{name}}</span> has requested the following:",
"connectionDetail__informationSource": "Information Source",
"connectionDetail__disconnectInformationSource": "Disconnect Information Source",
"connectionDetail__reconnectInformationSource": "Reconnect Information Source",
"connectionDetail__informationSubHeading": "Acting as a source of information, <span>{{name}}</span> has provided the following:",
"connectionDetail__disconnected": "DISCONNECTED",
"connectionDetail__identityVerifier": "Identity Verifier",
"connectionDetail__disconnectIdentityVerifier": "Disconnect Identity Verifier",
"connectionDetail__identityVerifierSubHeading": "Acting as an Identity Verifier, <span>{{name}}</span> has provided proof of your identity to the following:",
"connectionDetail__informationModalBodyTop": "This action will block any service provider who you have authorized to access any information from <span>{{name}}</span> from being able to access any information from this source any longer.",
"connectionDetail__informationModalBodyBottom": "Some functionality may no longer be available, or you may lose the ability to use those services or apps.",
"connectionDetail__noThanks": "No Thanks",
"connectionDetail__disconnect": "Disconnect",
"connectionDetail__disconnectInformation": "Disconnect Information",
"connectionDetail__disconnectDetails": "Disconnect Details",
"connectionDetail__disconnetDetailsModalBodyTop": "Confirm you want to disconnect. Disconnecting will remove this Service Provider’s access to: ",
"connectionDetail__disconnetDetailsModalBody": "Your ",
"connectionDetail__Edit": "Edit",
"connectionDetail__View": "View",
"connectionResourceDetail__requested_by": "Requested By",
"connectionResourceDetail__requested_on": "Requested On",
"connectionResourceDetail__access_expires": "Access Expires",
"connectionResourceDetail__disconnect_all": "Disconnect from All Sources",
"connectionResourceDetail__sub_heading": "Your <span>{{name}}</span> has been shared with the following service providers:",
"connectionResourceDetail__disconnect_modal_sub_heading_top": "Would you like to remove all access to your <span>{{name}}</span>?",
"connectionResourceDetail__disconnect_information_modal_sub_heading_top": "Would you like to remove <span>{{client}}</span>'s access to your <span>{{name}}</span>?",
"connectionResourceDetail__disconnect_modal_sub_heading_bottom": "If you proceed, some functionality may no longer be available to you in some service providers, or you may lose the ability to use the service.",
"activity__activity": "Activity",
"activity__sub_heading": "This is a record of all activity done using this account.",
"activity__date": "Date",
"activity__type": "Type",
"activity__source": "Source",
"activity__expiry": "Expiry",
"authorization__authorization_request": "Authorization Request",
"authorization__disconnect_authorization": "Disconnect Authorization",
"authorization__sub_headingFront": "You have authorized ",
"authorization__sub_headingBack": "to access the following information:",
"authorization__requested_on": "Requested On",
"authorization__expiry": "Expiry",
"authorization__terms_of_use": "Terms of Use",
"authorization__view_details": "View Details",
"authorization__request_for_access": "Request for Access",
"authorization__view": "View",
"authorization__edit": "Edit",
"authorization__reason": "Reason: Allow tracking to be saved to health record for review by a physician",
"authorization__reason_text": "Reason:",
"disconnectAccess__disconnect_access": "Disconnect Access",
"disconnectAccess__sub_heading": "You have disconnected <span>{{name}}</span> to access the following information:",
"disconnectAccess__disconnected_on": "Disconnected On",
"disconnectAccess__disconnected_access": "Disconnected Access",
"proda": "PRODA",
"networkError__connection_failed": "No Network Connection",
"networkError__desc": "We could not process your request. Check your internet connection and try again.",
"ok": "Ok",
"reload": "Reload"
}