{"id":28704838,"url":"https://github.com/adorsys/status-list-server","last_synced_at":"2026-03-02T11:02:59.679Z","repository":{"id":278388845,"uuid":"935371400","full_name":"adorsys/status-list-server","owner":"adorsys","description":"status list server","archived":false,"fork":false,"pushed_at":"2026-02-20T10:36:12.000Z","size":3979,"stargazers_count":8,"open_issues_count":8,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-22T09:34:25.995Z","etag":null,"topics":["oauth","statuslist-2021","token-based-authentication"],"latest_commit_sha":null,"homepage":"https://statuslist.eudi-adorsys.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adorsys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-19T10:39:00.000Z","updated_at":"2026-02-16T09:34:50.000Z","dependencies_parsed_at":"2025-03-04T16:40:55.643Z","dependency_job_id":"55b510eb-d4a2-4566-8958-13d18c58a3ce","html_url":"https://github.com/adorsys/status-list-server","commit_stats":null,"previous_names":["adorsys-gis/status-list-server","adorsys/status-list-server"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/adorsys/status-list-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fstatus-list-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fstatus-list-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fstatus-list-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fstatus-list-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adorsys","download_url":"https://codeload.github.com/adorsys/status-list-server/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fstatus-list-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29999235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T09:59:02.300Z","status":"ssl_error","status_checked_at":"2026-03-02T09:59:02.001Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth","statuslist-2021","token-based-authentication"],"created_at":"2025-06-14T14:08:31.586Z","updated_at":"2026-03-02T11:02:54.668Z","avatar_url":"https://github.com/adorsys.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Status List Server\n\nThe Status List Server is a web service that manages and publishes status lists, allowing issuers to update statuses and verifiers to retrieve them. It implements JWT-based authentication using ES256 (ECDSA with P-256 and SHA-256) for securing its endpoints.\n\n## Prerequisites\n\nBefore setting up the Status List Server, ensure you have the following installed:\n\n- [Rust](https://www.rust-lang.org/tools/install): The programming language used to develop the server.\n- [Cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html): The Rust package manager.\n- [PostgreSQL](https://www.postgresql.org/download/): The database system used for storing status lists.\n\n## Installation\n\n**Clone the Repository:**\n\n```bash\n git clone https://github.com/adorsys/status-list-server.git\n cd status-list-server\n```\n\n## Running with Docker Compose\n\nYou can run the project directly using docker compose:\n\n- Execute the command below at the root of the project\n\n```sh\ndocker-compose up\n```\n\nThis command will pull and start postgres and also build the project image and start a container.\n\n## Configuration\n\n**Environment Variables:**\n\n\u003e **TODO:** Document other required environment variables.\n\nCreate a `.env` file in the root directory with the following configurations:\n\n```env\nDATABASE_URL=postgres://username:password@localhost/status_list_db\n```\n\nReplace `username` and `password` with your PostgreSQL credentials.\n\n## Running the Server\n\nTo start the server, execute:\n\n```bash\ncargo run\n```\n\nBy default, the server runs on `http://localhost:8000`. You can modify the port in the configuration settings.\n\n## API Endpoints\n\n### Health Check\n\n- **Endpoint:** `GET /health`\n- **Description:** Checks the health status of the server.\n- **Response:**\n - `200 OK`: Server is running.\n\n### Register Issuer\n\n- **Endpoint**: `POST /credentials/`\n- **Description**: Allows issuers to register their public key and identifier for later authentication\n- **Request Body**\n ```json\n {\n \"issuer\": \"\u003cissuer_id\u003e\",\n \"public_key\": \"\u003cpublic_key.pem\u003e\",\n \"alg\": \"ES256\"\n }\n ```\n - `issuer`: Unique identifier for the issuer\n - `public_key`: PEM-encoded public key\n - `alg`: \"ES256\" (ECDSA with P-256 and SHA-256)\n\n### Publish Status List\n\n- **Endpoint**: `POST /statuslists/publish`\n- **Description**: Allows an issuer to publish their token status list\n- **Authorization**: Requires a valid signed JWT token with the corresponding registered private key with issuer's ID as the `kid` (Key ID) in the header\n- **Request Body**\n ```json\n {\n \"list_id\": \"30202cc6-1e3f-4479-a567-74e86ad73693\",\n \"status\": [\n { \"index\": 1, \"status\": \"INVALID\" },\n { \"index\": 8, \"status\": \"VALID\" }\n ]\n }\n ```\n - `index`: Position in the status list\n - `status`: Status value (VALID, INVALID, SUSPENDED, APPLICATIONSPECIFIC)\n\n### Update Status List\n\n- **Endpoint:** `PUT /statuslists/update`\n- **Description:** Allows an issuer to update an existing status list\n- **Authorization:** Requires a valid signed JWT token with the corresponding registered private key with issuer's ID as the `kid` (Key ID) in the header\n- **Request Body:**\n\n ```json\n {\n \"list_id\": \"755a0cf7-8289-4f65-9d24-0e01be92f4a6\",\n \"status\": [\n {\n \"index\": 1,\n \"status\": \"VALID\"\n },\n {\n \"index\": 8,\n \"status\": \"INVALID\"\n }\n ]\n }\n ```\n\n - `list_id`: UUID of the status list to update\n - `status`: Array of status updates\n - `index`: Position in the status list\n - `status`: New status value (VALID, INVALID, SUSPENDED, APPLICATIONSPECIFIC)\n\n Example of a complete status update payload:\n\n ```json\n {\n \"list_id\": \"755a0cf7-8289-4f65-9d24-0e01be92f4a6\",\n \"status\": [\n {\n \"index\": 1,\n \"status\": \"VALID\"\n },\n {\n \"index\": 2,\n \"status\": \"INVALID\"\n },\n {\n \"index\": 3,\n \"status\": \"SUSPENDED\"\n },\n {\n \"index\": 4,\n \"status\": \"APPLICATIONSPECIFIC\"\n }\n ]\n }\n ```\n\n- **Responses:**\n - `200 OK`: Update successful\n - `400 BAD REQUEST`: Invalid input data\n - `401 UNAUTHORIZED`: Invalid or missing JWT token\n - `403 FORBIDDEN`: Token issuer doesn't match list owner\n - `404 NOT FOUND`: Status list not found\n - `500 INTERNAL SERVER ERROR`: System incurred an error\n\n### Retrieve Status List\n\n- **Endpoint:** `GET /statuslists/{list_id}`\n- **Description:** Retrieves the current status list for the requested list_id. This endpoint is publicly accessible with no authentication required.\n- **Headers:**\n - `Accept`: Specifies the desired response format\n - `application/jwt`: Returns the status list as a JWT token\n - `application/cwt`: Returns the status list as a CWT token\n - Default: Returns the status list in a compressed and encoded format\n- **Responses:**\n - `200 OK`: Returns the status list in the requested format\n - `404 NOT FOUND`: Status list not found\n - `406 NOT ACCEPTABLE`: Requested format not supported\n\n## Authentication\n\nThe server uses JWT-based authentication with the following requirements:\n\n1. Issuers must first register their public key using the `/credentials/` endpoint\n2. All authenticated requests must include a JWT token in the Authorization header:\n ```\n Authorization: Bearer \u003cjwt_token\u003e\n ```\n3. The JWT token must:\n - Be signed with the algorithm specified during issuer registration.\n - Include the issuer's ID as the `kid` (Key ID) in the header\n - Be signed with the private key corresponding to the registered public key\n - Have valid `exp` (expiration) and `iat` (issued at) claims\n\nExample JWT header:\n\n```json\n{\n \"alg\": \"ES256\",\n \"kid\": \"issuer-id\"\n}\n```\n\n## Error Handling\n\nThe server implements proper error handling and returns appropriate HTTP status codes:\n\n- `400 BAD REQUEST`: Invalid input data\n- `401 UNAUTHORIZED`: Missing or invalid authentication token\n- `403 FORBIDDEN`: Insufficient permissions\n- `404 NOT FOUND`: Resource not found\n- `500 INTERNAL SERVER ERROR`: Server-side error\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadorsys%2Fstatus-list-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadorsys%2Fstatus-list-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadorsys%2Fstatus-list-server/lists"}