npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@iden3/js-iden3-auth

v1.6.0

Published

iden3-auth implementation in JavaScript

Downloads

8,963

Readme

js-iden3-auth

Library for verification of authorization response messages of communication protocol in JWZ format

npm i @iden3/js-iden3-auth --save

General description

The goal of iden3auth libraries is to handle authentication messages of communication protocol.

Currently, library implementation includes support of next message types

  1. https://iden3-communication.io/authorization/1.0/request
  2. https://iden3-communication.io/authorization/1.0/response

RUN AND TEST

npm run test

Temporal: For now to run jest tests without experimental feature support:

  1. add mocked folder https://github.com/iden3/js-iden3-auth/tree/develop/__mocks__/%40digitalbazaar/http-client/dist/cjs
  2. change jest config. https://github.com/iden3/js-iden3-auth/blob/develop/jest.config.js

Auth verification procedure:

  1. JWZ token verification
  2. Zero-knowledge proof verification of request proofs
  3. Query request verification for atomic circuits
  4. Verification of identity and issuer states for atomic circuits

Zero-knowledge proof verification

Groth16 proof are supported by auth library

Verification keys must be provided using IKeyLoader interface

Query verification

Proof for each atomic circuit contains public signals that allow extracting user and issuer identifiers, states, signature challenges, etc. Circuit public signals marshallers are defined inside library.To use custom circuit you need to register it with registerCircuitPubSignals function.

Verification of user / issuer identity states

The blockchain verification algorithm is used

  1. Gets state from the blockchain (address of id state contract and URL must be provided by the caller of the library):

    1. Empty state is returned - it means that identity state hasn’t been updated or updated state hasn’t been published. We need to compare id and state. If they are different it’s not a genesis state of identity then it’s not valid.
    2. The non-empty state is returned and equals to the state in provided proof which means that the user state is fresh enough and we work with the latest user state.
    3. The non-empty state is returned and it’s not equal to the state that the user has provided. Gets the transition time of the state. The verification party can make a decision if it can accept this state based on that time frame.
  2. Only latest states for user are valid. Any existing issuer state for claim issuance is valid.

Verification of GIST

The blockchain verification algorithm is used

  1. Get GIST from the blockchain (address of id state contract and URL must be provided by the caller of the library):
    1. A non-empty GIST is returned, equal to the GIST is provided by the user, it means the user is using the latest state.
    2. The non-empty GIST is returned and it’s not equal to the GIST is provided by a user. Gets the transition time of the GIST. The verification party can make a decision if it can accept this state based on that time frame.

How to use

  1. Import dependencies

    import {
        auth,
        resolver,
        protocol,
        loaders,
        circuits,
    } from 'js-iden3-auth';
  2. Request generation:

    basic auth:

    const request = auth.createAuthorizationRequestWithMessage(
       'test flow', // reason 
       'message to sign', // message
       '1125GJqgw6YEsKFwj63GY87MMxPL9kwDKxPUiwMLNZ', // sender 
      'http://example.com/callback?sessionId=1', // callback url
    );

    if you want request specific proof (example):

    const proofRequest: protocol.ZeroKnowledgeProofRequest = {
       id: 1,
       circuitId: 'credentialAtomicQueryMTPV2',
       query: {
         allowedIssuers: ['*'],
         type: 'KYCCountryOfResidenceCredential',
         context: 'https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json-ld/kyc-v2.json-ld',
         credentialSubject: {
           countryCode: {
             $nin: [840, 120, 340, 509],
           },
         },
     },
     };
     request.body.scope = [...scope, proofRequest];
  3. Token verification

Init Verifier:

const ethStateResolver = new resolver.EthStateResolver(
  ethUrl,
  contractAddress,
);

const resolvers: resolver.Resolvers = {
  ['polygon:mumbai']: ethStateResolver,
};

const schemaLoader = getDocumentLoader({
  ipfsNodeURL: 'ipfs.io'
});
const ethStateResolver = new resolver.EthStateResolver('rpc url', 'contractAddress');
const verifier = await auth.Verifier.newVerifier({
    stateResolver: resolvers,
    circuitsDir: path.join(__dirname, './testdata'),
    documentLoader: schemaLoader
  }
);

FullVerify

let authResponse: protocol.AuthorizationResponseMessage;
authResponse = await verifier.fullVerify(tokenStr, authRequest);

Verify manually or thread id is used a session id to match request

const token = await verifier.verifyJWZ(tokenStr);
authResponse = JSON.parse(
  token.getPayload(),
) as protocol.AuthorizationResponseMessage;
const authRequest: protocol.AuthorizationRequestMessage; // get request from you session storage. You can use authResponse.thid field

await verifier.verifyAuthResponse(authResponse, authRequest);

Generate types for state contract

We can use TypeChain for generate TS types for a smart contract.

  1. Install TypeChain;
  2. Install @typechain/ethers-v5;
  3. Run:
typechain --target ethers-v5 /path/to/state_contract.sol

License

js-iden3-auth is part of the iden3 project copyright 2024 0kims association

This project is licensed under either of

at your option.