1 of 3

Verifiable Credentials and Presentations

Learn about Verifiable Credentials and Presentations

If you want to learn more about what Verifiable Credentials and Presentations are, please go over to our learning site here.

Get started

Alternatives

Below are a list of alternatives for using Credentials with cheqd support. Each offers a different set of protocols and underlying technical capabilities.

Issue a Verifiable Credential

Using AnonCreds and the Issue Credential V2 Protocol, it is possible to issue Verifiable Credentials, signed by a cheqd DID, in a few clicks or lines of code. By following the following steps, you can effectively issue verifiable credentials using Credo Agent integrated with the cheqd ecosystem.

Step 1: Create a Connection with Holder

Use any supported method to create a connection with the Holder of the credential. Automated out-of-band protocol is recommended.

1a: Issuer Creates Connection Invite

The Issuer agent will create a new connection invite for the Holder. This is needed to securely communicate between the Issuer and the Holder agents.

Issuer

const createNewInvitation = async (agent: Agent) => {
  const outOfBandRecord = await agent.modules.oob.createInvitation()

  return {
    invitationUrl: outOfBandRecord.outOfBandInvitation.toUrl({ domain: 'http://localhost:3001' }),
    outOfBandRecord,
  }
}

1b: Holder receives invitation

The above request will have an invitation in the response. Holder will have to copy that invitation and pass URL as invitationUrl in the following code:

Holder

const receiveInvitation = async (agent: Agent, invitationUrl: string) => {
  const { outOfBandRecord } = await agent.modules.oob.receiveInvitationFromUrl(invitationUrl)
  if (!outOfBandRecord) {
      throw new Error(redText(Output.NoConnectionRecordFromOutOfBand))
  }
  return outOfBandRecord
}

Step 2: Prepare and Send Credential Offer

Generate a credential offer and send to the holder, informing them about the available credential and its attributes.

Issuer

await this.agent.modules.credentials.offerCredential({
      connectionId: connectionRecord.id,
      protocolVersion: 'v2',
      credentialFormats: {
        anoncreds: {
          attributes: [
            {
              name: 'name',
              value: 'Alice Smith',
            },
            {
              name: 'degree',
              value: 'Computer Science',
            },
            {
              name: 'date',
              value: '01/01/2022',
            },
          ],
          credentialDefinitionId: credentialDefinition.credentialDefinitionId,
        },
      },
    })

Step 3: Holder accepts credential offer

When we want to accept a credential, we have to listen to incoming credentials and handle accordingly. In this example we do not have any user interaction, but is likely that your application would have a user-interface which would display the credential. When receiving a credential offer you can get the values from credentialExchangeRecord.credentialAttributes.

Holder

this.agent.events.on(CredentialEventTypes.CredentialStateChanged,
  async ({ payload }: CredentialStateChangedEvent) => {
  switch (payload.credentialRecord.state) {
    case CredentialState.OfferReceived:
      console.log('received a credential')
      // custom logic here
      await this.agent.modules.credentials.acceptOffer({ credentialRecordId: payload.credentialRecord.id })
      break
    case CredentialState.Done:
      console.log(`Credential for credential id ${payload.credentialRecord.id} is accepted`)
      // For demo purposes we exit the program here.
      process.exit(0)
  }
})

Present a Verifiable Credential

It is possible to present Verifiable Credentials, signed by a cheqd DID, in a few clicks or lines of code. This process enables secure and trustworthy sharing of verifiable credentials within the Credo framework and cheqd ecosystem.

Step 1: Create a Connection with Holder

Use any supported method to create a connection with the Holder. Automated out-of-band protocol is recommended. You can follow the same steps as described in Issue a Verifiable Credential.

Step 2: Send Proof Request

After connection is established, the Verifier can send a proof request to the Holder.

Verifier/Issuer

await this.agent.modules.proofs.requestProof({
  protocolVersion: 'v2',
  connectionId: connectionRecord.id,
  proofFormats: {
    anoncreds: {
      name: 'proof-request',
      version: '1.0',
      requested_attributes: {
        name: {
          name: 'name',
          restrictions: [
            {
              cred_def_id: this.credentialDefinition?.credentialDefinitionId,
            },
          ],
        },
      },
    },
  },
})

Step 3: Holder sends Presentation Proof

Holder can get the stored credentials from own wallet and format a proof to send to the Verifier.

When we want to send a proof, we have to listen to incoming proof requests and handle accordingly. In this example we do not have any user interaction, but is likely that your application would have a user-interface which would display the request.

Holder

this.agent.events.on(ProofEventTypes.ProofStateChanged
  async ({ payload }: ProofStateChangedEvent) => {
    if (payload.proofRecord.state === ProofState.RequestReceived) {
      const requestedCredentials = await this.agent.modules.proofs.selectCredentialsForRequest({
        proofRecordId: payload.proofRecord.id,
      })
      await this.agent.modules.proofs.acceptRequest({
        proofRecordId: proofRecord.id,
        proofFormats: requestedCredentials.proofFormats,
      })
    }
})

Next Steps

For more tutorials and examples, visit Credo Docs.

Present a Verifiable Credential

Step 1: Create a Connection with Holder

Use any supported method to create a connection with the Holder. Automated out-of-band protocol is recommended. You can follow the same steps as described in Issue a Verifiable Credential.

Step 2: Send Proof Request

After connection is established, the Verifier can send a proof request to the Holder.

Verifier/Issuer

await this.agent.modules.proofs.requestProof({
  protocolVersion: 'v2',
  connectionId: connectionRecord.id,
  proofFormats: {
    anoncreds: {
      name: 'proof-request',
      version: '1.0',
      requested_attributes: {
        name: {
          name: 'name',
          restrictions: [
            {
              cred_def_id: this.credentialDefinition?.credentialDefinitionId,
            },
          ],
        },
      },
    },
  },
})

Step 3: Holder sends Presentation Proof

Holder can get the stored credentials from own wallet and format a proof to send to the Verifier.

Holder

this.agent.events.on(ProofEventTypes.ProofStateChanged
  async ({ payload }: ProofStateChangedEvent) => {
    if (payload.proofRecord.state === ProofState.RequestReceived) {
      const requestedCredentials = await this.agent.modules.proofs.selectCredentialsForRequest({
        proofRecordId: payload.proofRecord.id,
      })
      await this.agent.modules.proofs.acceptRequest({
        proofRecordId: proofRecord.id,
        proofFormats: requestedCredentials.proofFormats,
      })
    }
})

Next Steps

For more tutorials and examples, visit Credo Docs.

Issue a Verifiable Credential

Step 1: Create a Connection with Holder

Use any supported method to create a connection with the Holder of the credential. Automated out-of-band protocol is recommended.

1a: Issuer Creates Connection Invite

The Issuer agent will create a new connection invite for the Holder. This is needed to securely communicate between the Issuer and the Holder agents.

Issuer

const createNewInvitation = async (agent: Agent) => {
  const outOfBandRecord = await agent.modules.oob.createInvitation()

  return {
    invitationUrl: outOfBandRecord.outOfBandInvitation.toUrl({ domain: 'http://localhost:3001' }),
    outOfBandRecord,
  }
}

1b: Holder receives invitation

The above request will have an invitation in the response. Holder will have to copy that invitation and pass URL as invitationUrl in the following code:

Holder

const receiveInvitation = async (agent: Agent, invitationUrl: string) => {
  const { outOfBandRecord } = await agent.modules.oob.receiveInvitationFromUrl(invitationUrl)
  if (!outOfBandRecord) {
      throw new Error(redText(Output.NoConnectionRecordFromOutOfBand))
  }
  return outOfBandRecord
}

Step 2: Prepare and Send Credential Offer

Generate a credential offer and send to the holder, informing them about the available credential and its attributes.

Issuer

await this.agent.modules.credentials.offerCredential({
      connectionId: connectionRecord.id,
      protocolVersion: 'v2',
      credentialFormats: {
        anoncreds: {
          attributes: [
            {
              name: 'name',
              value: 'Alice Smith',
            },
            {
              name: 'degree',
              value: 'Computer Science',
            },
            {
              name: 'date',
              value: '01/01/2022',
            },
          ],
          credentialDefinitionId: credentialDefinition.credentialDefinitionId,
        },
      },
    })

Step 3: Holder accepts credential offer

Holder

this.agent.events.on(CredentialEventTypes.CredentialStateChanged,
  async ({ payload }: CredentialStateChangedEvent) => {
  switch (payload.credentialRecord.state) {
    case CredentialState.OfferReceived:
      console.log('received a credential')
      // custom logic here
      await this.agent.modules.credentials.acceptOffer({ credentialRecordId: payload.credentialRecord.id })
      break
    case CredentialState.Done:
      console.log(`Credential for credential id ${payload.credentialRecord.id} is accepted`)
      // For demo purposes we exit the program here.
      process.exit(0)
  }
})