Verify a Verifiable Credential

Verify a SD-JWT Verifiable Credential, signed by a did:cheqd Decentralized Identifier (DID), using Credo and OpenID4VP.

Using the OpenID4VC module, you can verify OpenID compatible SD-JWT Credentials signed by a did:cheqd identifier. This guide walks through the flow of verification using the Credo Agent.

Prerequisites

Before you being, ensure you have:

Basic knowledge of Credo Agent configuration.
Issued a SD-JWT Verifiable Credential.
Presented a SD-JWT Verifiable Credential

Step 1: Configure the Verifier Agent

After setting the verifier as per these steps, configure the verifier as follows

// Create a verifier, assuming the agent is called 'verifier'
const openId4VcVerifier = await verifier.modules.openId4VcVerifier.createVerifier({})

// Create a did:key that we will use for signing OpenID4VP authorization requests
const verifierDidResult = await issuer.dids.create<KeyDidCreateOptions>({
  method: 'key',
  options: {
    keyType: KeyType.Ed25519,
  },
})

if (verifierDidResult.didState.state !== 'finished') {
  throw new Error('DID creation failed.')
}

const verifierDidKey = DidKey.fromDid(verifierDidResult.didState.did)

Step 2: Create an Authorization Request

Once you have configured the verifier, you can create an authorization request including an OpenID4VP presentation request based on DIF Presentation Exchange V2. The authorization request method will generate an authorization request URI that you can share with a holder.

const { authorizationRequest, verificationSession } =
  await verifier.modules.openId4VcVerifier.createAuthorizationRequest({
    verifierId: openId4VcVerifier.verifierId,
    requestSigner: {
      didUrl: `${verifierDidKey.did}#${verifierDidKey.key.fingerprint}`,
      method: 'did',
    },
    // Add DIF presentation exchange data
    presentationExchange: {
      definition: {
        id: '9ed05140-b33b-445e-a0f0-9a23aa501868',
        name: 'Employee Verification',
        purpose: 'We need to verify your employee status to grant access to the employee portal',
        input_descriptors: [
          {
            id: '9c98fb43-6fd5-49b1-8dcc-69bd2a378f23',
            constraints: {
              // Require limit disclosure
              limit_disclosure: 'required',
              fields: [
                {
                  filter: {
                    type: 'string',
                    const: 'AcmeCorpEmployee',
                  },
                  path: ['$.vct'],
                },
              ],
            },
          },
        ],
      },
    },
  })

Step 3: Add Event Listener to check Verification State Change

Add an event listener that listens for state changed events, this allows Verifier to know when the authorization session is complete.

// Listen and react to changes in the verification session
verifier.events.on<OpenId4VcVerificationSessionStateChangedEvent>(
  OpenId4VcVerifierEvents.VerificationSessionStateChanged,
  async (event) => {
    if (event.payload.verificationSession.id === verificationSession.id) {
      console.log('Verification session state changed to ', event.payload.verificationSession.state)
    }

    if (event.payload.verificationSession.state === OpenId4VcVerificationSessionState.ResponseVerified) {
      const verifiedAuthorizationResponse = await verifier.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(
        verificationSession.id
      )
      console.log('Successfully verified presentation.', JSON.stringify(verifiedAuthorizationResponse, null, 2))

      console.log('Exiting...')
      process.exit()
    }
  }
)

Last updated 8 months ago

Was this helpful?

hashtagPrerequisites

hashtagStep 1: Configure the Verifier Agent

hashtagStep 2: Create an Authorization Request

hashtagStep 3: Add Event Listener to check Verification State Change

Prerequisites

Step 1: Configure the Verifier Agent

Step 2: Create an Authorization Request

Step 3: Add Event Listener to check Verification State Change