• Stars
    star
    179
  • Rank 214,039 (Top 5 %)
  • Language
    TypeScript
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated about 1 month ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Create and verify W3C Verifiable Credentials and Presentations in JWT format

npm npm codecov

did-jwt-vc

Create and verify W3C Verifiable Credentials and Presentations in JWT format

Installation

npm install did-jwt-vc

Usage

Creating JWTs

Prerequisites

Create an Issuer object to sign JWTs using, for example ethr-did

import { EthrDID } from 'ethr-did'
import { Issuer } from 'did-jwt-vc'

const issuer = new EthrDID({
  identifier: '0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198',
  privateKey: 'd8b595680851765f38ea5405129244ba3cbad84467d190859f4c8b20c1ff6c75'
}) as Issuer

The Issuer object must contain a did attribute, an alg property that is used in the JWT header and a signer function to generate the signature.

Creating a Verifiable Credential

Specify a payload matching the CredentialPayload or JwtCredentialPayload interfaces. Create a JWT by signing it with the previously configured issuer using the createVerifiableCredentialJwt function:

import { JwtCredentialPayload, createVerifiableCredentialJwt } from 'did-jwt-vc'

const vcPayload: JwtCredentialPayload = {
  sub: 'did:ethr:0x435df3eda57154cf8cf7926079881f2912f54db4',
  nbf: 1562950282,
  vc: {
    '@context': ['https://www.w3.org/2018/credentials/v1'],
    type: ['VerifiableCredential'],
    credentialSubject: {
      degree: {
        type: 'BachelorDegree',
        name: 'Baccalauréat en musiques numériques'
      }
    }
  }
}

const vcJwt = await createVerifiableCredentialJwt(vcPayload, issuer)
console.log(vcJwt)
// eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQi...0CQmqB14NnN5XxD0d_glLRs1Myc_LBJjnuNwE

Creating a Verifiable Presentation

Specify a payload matching the PresentationPayload or JwtPresentationPayload interfaces, including the VC JWTs to be presented in the vp.verifiableCredential array. Create a JWT by signing it with the previously configured issuer using the createVerifiablePresentationJwt function:

import { JwtPresentationPayload, createVerifiablePresentationJwt } from 'did-jwt-vc'

const vpPayload: JwtPresentationPayload = {
  vp: {
    '@context': ['https://www.w3.org/2018/credentials/v1'],
    type: ['VerifiablePresentation'],
    verifiableCredential: [vcJwt]
  }
}

const vpJwt = await createVerifiablePresentationJwt(vpPayload, issuer)
console.log(vpJwt)
// eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1ODI1NDc...JNMUzZ6naacuWNGdZGuU0ZDwmgpUMUqIzMqFFRmge0R8QA

Verifying JWTs

Prerequisites

Create a Resolver using did-resolver and register the ethr-did-resolver. When verifying a JWT signed by a DID, it is necessary to resolve its DID Document to check for keys that can validate the signature.

import { Resolver } from 'did-resolver'
import { getResolver } from 'ethr-did-resolver'

// see also https://github.com/decentralized-identity/ethr-did-resolver#multi-network-configuration
const providerConfig = {
  rpcUrl: 'https://mainnet.infura.io/v3/<YOUR infura.io PROJECT ID>',
  registry: '0xdca7ef03e98e0dc2b855be647c39abe984fcf21b'
}
const resolver = new Resolver(getResolver(providerConfig))

Verifying a Verifiable Credential

Pass in a VC JWT along with the resolver to verify using the verifyCredential function:

import { verifyCredential } from 'did-jwt-vc'

const verifiedVC = await verifyCredential(vcJwt, resolver)
console.log(verifiedVC)
/*
{
  "payload": {
    // the original payload of the signed credential
  },
  "doc": {
    // the DID document of the credential issuer (as returned by the `resolver`)
  },
  "issuer": "did:ethr:0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198", //the credential issuer
  "signer": {
    //the publicKey entry of the `doc` that has signed the credential
  },
  "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NjY...Sx3Y2IdWaUpatJQA", // the original credential
  
  //parsed payload aligned to the W3C data model
  "verifiableCredential": {
    "@context": [Array],
    "type": [ "VerifiableCredential", "UniversityDegreeCredential" ],
    "issuer": {
      "id": "did:ethr:0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198"
    },
    "issuanceDate": "2019-07-12T16:51:22.000Z",
    "credentialSubject": {
      "id": "did:ethr:0x435df3eda57154cf8cf7926079881f2912f54db4"
      "degree": {
        "type": "BachelorDegree",
        "name": "Baccalauréat en musiques numériques"
      },
    },
    "proof": {
      //  proof type for internal use, NOT a registered vc-data-model type
      "type": "JwtProof2020",
      "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NjY...Sx3Y2IdWaUpatJQA"
    }
  }
}
*/

Verifying a Verifiable Presentation

Pass in a VP JWT along with the resolver to verify using the verifyPresentation function:

import { verifyPresentation } from 'did-jwt-vc'

const verifiedVP = await verifyPresentation(vpJwt, resolver)
console.log(verifiedVP)
/*
{
  //original JWT payload
  payload: {
    iat: 1568045263,
    vp: {
      '@context': [Array],
      type: ['VerifiablePresentation'],
      verifiableCredential: [
        'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NjY5...lpNm51cqSx3Y2IdWaUpatJQA'
      ]
    },
    iss: 'did:ethr:0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198'
  },
  
  doc: {
    // the DID document of the presentation issuer (as returned by the `resolver`)
  },
  
  signer: {
    //the publicKey entry of the `doc` that has signed the presentation
  },
  
  issuer: 'did:ethr:0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198',

  jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NjgwNDUyNjMsInZwIjp7...ViNNCvoTQ-swSHwbELW7-EGPAcHLOMiIwE',

  // parsed payload aligned to the W3C data model
  verifiablePresentation: {
    verifiableCredential: [
      {
        iat: 1566923269,
        credentialSubject: {
          degree: { type: 'BachelorDegree', name: 'Baccalauréat en musiques numériques' },
          id: 'did:ethr:0x435df3eda57154cf8cf7926079881f2912f54db4'
        },
        issuer: { id: 'did:ethr:0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198' },
        type: ['VerifiableCredential', 'UniversityDegreeCredential'],
        '@context': [Array],
        issuanceDate: '2019-07-12T16:51:22.000Z',
        proof: {
          type: 'JwtProof2020',
          jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NjY5...lpNm51cqSx3Y2IdWaUpatJQA'
        }
      }
    ],
    holder: 'did:ethr:0xf1232f840f3ad7d23fcdaa84d6c66dac24efb198',
    type: ['VerifiablePresentation'],
    '@context': [Array],
    issuanceDate: '2019-09-09T16:07:43.000Z',
    proof: {
      // proof type for internal use, NOT a registered W3C vc-data-model proof type
      type: 'JwtProof2020',
      jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NjgwNDUyNjMsInZwI...ViNNCvoTQ-swSHwbELW7-EGPAcHLOMiIwE'
    }
  }
}
*/

Notes on verification and proof properties

The result of the verification methods, when successful, also conveniently contain the decoded and parsed payloads, in a format that closely matches the W3C data model for verifiable credentials and presentations. This makes it easier to work with both credential encodings in the same system. This parsed payload also shows a proof property that lists the full JWT credential or presentation.

The JwtProof2020 is a synthetic proof type, usable for differentiating credentials by type. It is not a registered W3C VC Data Model algorithm and should not be treated as such.

Also note that the @context fields that appear in this parsed payload are the same as the ones in the incoming JWT. This means that the parsed payload will probably not be suitable for an LD-processor.

Please see #54 for more information.

More Repositories

1

ion

The Identity Overlay Network (ION) is a DID Method implementation using the Sidetree protocol atop Bitcoin
HTML
1,225
star
2

universal-resolver

Universal Resolver implementation and drivers.
Java
545
star
3

sidetree

Sidetree Specification and Reference Implementation
HTML
438
star
4

decentralized-web-node

Decentralized data storage and message relay for decentralized identity and apps.
HTML
402
star
5

did-jwt

Create and verify DID verifiable JWT's in Javascript
TypeScript
335
star
6

did-resolver

Universal did-resolver for javascript environments
TypeScript
213
star
7

ethr-did-resolver

DID resolver for Ethereum Addresses with support for key management
TypeScript
168
star
8

didcomm-messaging

JavaScript
163
star
9

github-did

Decentralized Identity with Github
JavaScript
139
star
10

ion-tools

Tools and utilities to make working with the ION network and using ION DIDs easy peasy lemon squeezy
JavaScript
139
star
11

element

DID Method implementation using the Sidetree protocol on top of Ethereum and IPFS
JavaScript
100
star
12

decentralized-identity.github.io

Site for the open source, community-driven group of dev and organizations working toward an interoperable, decentralized identity ecosystem
HTML
98
star
13

interoperability

The archive and information hub for the cross-community interoperability project. Focus is on education and familiarity for various efforts across multiple groups for interoperable decentralized identity infrastructure.
93
star
14

presentation-exchange

Specification that codifies an inter-related pair of data formats for defining proof presentations (Presentation Definition) and subsequent proof submissions (Presentation Submission)
JavaScript
85
star
15

confidential-storage

Confidential Storage Specification and Implementation
TypeScript
80
star
16

bbs-signature

The BBS Signature Scheme
Rust
76
star
17

keri

Key Event Receipt Infrastructure - the spec and implementation of the KERI protocol
HTML
72
star
18

web-did-resolver

DID resolver for HTTPS domains
TypeScript
70
star
19

universal-registrar

Universal Registrar implementation and drivers.
Java
64
star
20

DIDComm-js

JS implementation of pack and unpack
TypeScript
55
star
21

.well-known

Specs and documentation for all DID-related /.well-known resources
HTML
53
star
22

fuzzy-encryption

A variant of a Fuzzy Vault cryptographic scheme designed for encrypting data with better human recovery features.
C++
49
star
23

did-key.rs

Rust implementation of the did:key method
Rust
47
star
24

didcomm-rs

DIDComm messaging specifications implementation: https://identity.foundation/didcomm-messaging/spec/
Rust
46
star
25

keriox

Rust Implementation of the KERI Core Library
Rust
43
star
26

papers

Notes, ideas, and write-ups from DIF members and collaborators
40
star
27

org

DIF docs, wiki, and organizational material
Rich Text Format
39
star
28

did-auth-jose

JOSE-based implementation of DID Authenticated Encryption
TypeScript
39
star
29

did-common-java

Shared DID Java library.
Java
37
star
30

didcomm.org

TypeScript
36
star
31

did-siop

TypeScript
35
star
32

spec-up

Create beautiful, feature-rich technical specifications in markdown
HTML
32
star
33

credential-manifest

Format that normalizes the definition of requirements for the issuance of a credential
JavaScript
30
star
34

ion-sdk

TypeScript SDK for ION
TypeScript
29
star
35

keripy

Python Implementation of the KERI Core Libraries
Python
28
star
36

sidetree-ethereum

Blockchain-specific code for the Sidetree-based DID Method implementation on Ethereum
TypeScript
28
star
37

peer-did-method-spec

A rich DID method that has no blockchain dependencies. The verifiable data registry is a synchronization protocol between peers.
JavaScript
27
star
38

universal-resolver-frontend

Frontend web UI for Universal Resolver.
JavaScript
25
star
39

snark-credentials

25
star
40

identifiers-discovery

Identifiers & Discovery WG operating repo
21
star
41

trustdidweb

Trust DID Web (did:tdw)
18
star
42

waci-presentation-exchange

Wallet And Credential Interactions for Presentation Exchange (Work continues at decentralized-identity/waci-didcomm#1 )
HTML
17
star
43

did-common-dotnet

C#
17
star
44

did-methods

DID Method specs, docs, and materials
17
star
45

hub-node-core

Node.js implementation of the Identity Hub interfaces, business logic, and replication protocol.
TypeScript
17
star
46

lds-ecdsa-secp256k1-2019.js

EcdsaSecp256k1Signature2019 JSON-LD Signature Suite
TypeScript
17
star
47

vc-marketplace

To establish the reference architecture for a Verifiable Credentials Marketplace
HTML
16
star
48

didcomm-bluetooth

a specification that describes discovery and transport over Bluetooth for DIDcomm
16
star
49

horcrux

Horcrux Protocol
16
star
50

kerigo

Go implementation of KERI (Key Event Receipt Infrastructure)
Go
16
star
51

did-security-csharp

C# implementation of DID security and privacy controls
C#
15
star
52

claims-credentials

Claims and Credentials WG operations repo
15
star
53

uni-resolver-driver-did-ccp

A Universal Resolver driver for Baidu did:ccp identifiers.
Java
15
star
54

jwt-vc-presentation-profile

HTML
15
star
55

hub-reference

The official Identity Hub reference implementation bundle for Node.js
JavaScript
15
star
56

c19-vc.com

(DEMO) COVID-19 VC Issuer
JavaScript
14
star
57

didcomm-demo

In browser DIDComm v2 demo.
TypeScript
14
star
58

attestations

Attestation API implementations for various languages and platforms.
JavaScript
14
star
59

hub-sdk-js

JavaScript SDK for interacting with Identity Hubs
TypeScript
14
star
60

wallet-security

Define a common terminology for understanding the security requirements applicable to wallet architectures and wallet-to-wallet and wallet-to-issuer/verifier protocols.
14
star
61

crypto-wg

Meeting notes, transcripts previous agendas and active working group items
13
star
62

edv-spec

Encrypted Data Vault Spec
HTML
13
star
63

veramo-agent-deploy

Generic @veramo/cli agent deployment configuration https://veramo-agent.herokuapp.com
Dockerfile
12
star
64

waci-didcomm

Wallet And Credential Interactions for DIDComm
HTML
12
star
65

agent-explorer

Explore data accross multiple DID agents
TypeScript
12
star
66

uni-resolver-driver-did-ion

Universal Resolver Driver for Identity Overlay Network (ION) DIDs
C#
11
star
67

ion-cli

ION Command Line Interface to make working with the ION network and using ION DIDs easy peasy lemon squeezy
TypeScript
11
star
68

didcomm

11
star
69

did-siop-browser-ext

DID based SIOP
TypeScript
10
star
70

did-registration

A specification for DID create/update/deactivate operations.
HTML
10
star
71

kerijs

JavaScript (nodes) Implementation of the KERI core library.
JavaScript
10
star
72

go-ipfs-ds-azure

Go implementation of ipfs Azure datastore
Go
10
star
73

trust-establishment

https://identity.foundation/trust-establishment
10
star
74

dwn-user-guide

TypeScript
9
star
75

EcdsaSecp256k1RecoverySignature2020

EcdsaSecp256k1RecoverySignature2020
JavaScript
9
star
76

vc-spec-map

Verifiable Credentials Specification Relationship Map
9
star
77

JWS-Test-Suite

JsonWebSignature2020 Test Suite
JavaScript
9
star
78

universal-registrar-frontend

Frontend web UI for Universal Registrar.
JavaScript
8
star
79

presentation-exchange-implementations

Multi-language implementation of the Presentation Exchange protocol.
Go
8
star
80

jsonld-document-loader

TypeScript
8
star
81

wallet-rendering

Specifications for rendering DID and Credential-centric data in wallet applications
JavaScript
8
star
82

jsonld-common-java

Shared JSON-LD Java library.
Java
7
star
83

OpenPgpSignature2019

OpenPgpSignature2019 Linked Data Cryptographic Suite in JavaScript
JavaScript
7
star
84

didcomm-usergroup

DIDComm User Group
7
star
85

wallet-and-credential-interactions

QR Codes and Button for Claiming and Sharing Credentials (and more!)
HTML
7
star
86

schema-directory

A work item of the Claims and Credentials WG at DIF
HTML
7
star
87

did-common-typescript

A common bundle of shared code and modules for working with DIDs, DID Documents, and other DID-related activities
TypeScript
7
star
88

hub-sdk-js-sample

Sample app demonstrating use of the DIF Identity Hub JavaScript SDK.
TypeScript
7
star
89

authentication-wg

6
star
90

presentation-request

Requirements Analysis and Protocol Design for a VC Presentation Request Format
6
star
91

did-crypto-typescript

Crypto library to handle key management for DIDs
TypeScript
6
star
92

universal-wallet-backup-containers

A work Item within the DIF Wallet Security WG aimed to develop a specification for wallet containers
HTML
6
star
93

didcomm-book

5
star
94

universal-resolver-java

5
star
95

did-spec-extensions

Extension parameters, properties, and values for the DID spec registries.
JavaScript
5
star
96

sidetree-reference-impl

Sidetree Reference Implementation
TypeScript
5
star
97

linked-vp

Linked Verifiable Presentation
JavaScript
5
star
98

uni-resolver-driver-dns

A Universal Resolver driver for domain names.
Java
4
star
99

schema-forms

JSON Schema-driven form generator for the input and construction of credentials based on user input
JavaScript
4
star
100

SIG-IoT

DIF IoT Special Interest Group (Open Group)
CSS
4
star