Створити командуДодайте свій APIДокументи
Увійти
Зареєструйтесь
Назад до всіх навчальних посібників (1)

KYP Suite Tutorial

Verifying SD-JWT VC Credentials

Preparing the Verification

The verification process will be as follows:

Specify the type of SD-JWT VC Credential to request from a user and the verification policies to
be applied to the credential.

After you have provided the required information:

  1. The API generates a Presentation Definition.
  2. API returns a URL which can passed to OIDC-compliant wallet.

You can then access the verification results by using the id of the verification
session, which can be found in the URL generated by the API, as well as in the query or
path parameters of the redirect URL.

Verification Request

CURL

curl -X 'POST' \
'https://identityplatform-v2.facephi.pro/api/verifier/openid4vc/verify' \
-H 'accept: */*' \
-H 'authorizeBaseUrl: openid4vp://authorize' \
-H 'responseMode: direct_post' \
-H 'successRedirectUri: https://example.com/success?id=$id' \
-H 'errorRedirectUri: https://example.com/error?id=$id' \
-H 'statusCallbackUri: https://example.com/verificationResult'\
-H 'Content-Type: application/json' \
-d '{
"request_credentials": [
{ "vct": "epassport_copy_vc", "format": "vc+sd-jwt" }
]
}'

Header Parameters

authorizeBaseUrl - is used to modify the start of the OID4VC request URL. The
default value is openid4vp://authorize. If you are required to use the HAIP OID4VC profile,
you need to update the value as follows: haip://
openId4VPProfile - Define profile for VP (Verifiable Presentation) request.
The default is W3C OpenID4VP, which can optionally provided as DEFAULT. You can use HAIP profile: HAIP.
responseMode - should be direct_post.
successRedirectUri (optional) - is used to redirect the user if verification is
successful.
errorRedirectUri (optional) - is used to redirect the user if verification is
unsuccessful.
statusCallbackUri (optional) - URL that should be called when the presentation
request has been fulfilled by a wallet. The request sent will be a POST including the
whole presentation result.
statusCallbackApiKey (optional) - If the endpoint you provide via
statusCallbackUri is protected, you can use the statusCallbackApiKey to
authenticate.

Body Parameters

vp_policies - Policies applied to the Verifiable Presentation.
vc_policies - Policies applied to all requested credentials.
request_credentials - An array of objects detailing the credentials to be requested
from the user:

{ "vct": "epassport_copy_vc", "format": "vc+sd-jwt" }

A list of policies can be found here:

curl 'https://identityplatform-v2.facephi.pro/api/verifier/openid4vc/policy-list' -X get

Example Verification Request 2 - Defining VC/VP Policies

Define specific policies that should be executed upon their verification. These include
Verifiable Credential (VC) policies applied to credentials, or Verifiable Presentation (VP)
policies applied to the VP. The default policy applied for both VP and VC(s) is the
signature policy.

curl 'https://identityplatform-v2.facephi.pro/api/verifier/openid4vc/policy-list' -X GET

VC policies, once defined, are applied globally.

VC and VP policies are formatted as lists: the policy can be represented as a string if no
arguments are required, or as an object if arguments are needed.

Example Polices

[
"signature",
"expired",
"not-before"
]

Initiation Request

CURL

curl -X 'POST' \
'https://identityplatform-v2.facephi.pro/api/verifier/openid4vc/verify' \
-H 'accept: */*' \
-H 'authorizeBaseUrl: openid4vp://authorize' \
-H 'responseMode: direct_post' \
-H 'successRedirectUri: https://example.com/success?id=$id' \
-H 'errorRedirectUri: https://example.com/error?id=$id' \
-H 'statusCallbackUri: https://example.com/verificationResult'\
-H 'Content-Type: application/json' \
-d '{
    "vp_policies": ["signature", "expired", "not-before"],
    "vc_policies": ["signature", "expired", "not-before"],
    "request_credentials": [
     { "vct": "VerifiableDiploma", "format": "vc+sd-jwt" }
    ]
}'

Header Parameters

authorizeBaseUrl - is used to modify the start of the OID4VC request URL.
responseMode - should be direct_post.
successRedirectUri (optional) - is used to redirect the user if verification is
successful.
errorRedirectUri (optional) - is used to redirect the user if verification is
unsuccessful.
statusCallbackUri (optional) - URL that should be called when the presentation
request has been fulfilled by a wallet.
statusCallbackApiKey (optional)
openId4VPProfile (optional) - Define profile for VP (Verifiable Presentation)
request.

Body Parameters

vp_policies - Policies applied to the Verifiable Presentation.
vc_policies - Policies applied to all requested credentials.
request_credentials - An array of objects detailing the credentials to be requested
from the user.

Example Verification Request 3 : Applying Policies to Specific Credentials

{
    "vp_policies": [
        "signature",
        "expired"
    ],
    "vc_policies": [
        "signature",
        "expired"
    ],
    "request_credentials": [
        {
            "vct": "epassport_copy_vc",
            "format": "vc+sd-jwt",
            "policies": [
                "signature"
            ]
        },
    ]
}

#Example Verification Request 4 : Implementing a Custom Presentation

Definition

Provide your own input_descriptor that will be merged with the autogenerated presentation definition.

Important: Please also provide an id in the input_descriptor object.

Example

{
    "vp_policies": [...],
    "vc_policies": [...],
    "request_credentials": [
        { "vct": "epassport_copy_vc", "format": "vc+sd-jwt" },
        {
            "format": "vc+sd-jwt",
            "vct": "loyalty_vc",
            "input_descriptor": {
                "id": "09876",
                "constraints": {
                    "fields": [
                        {
                            "path": ["$.birthdate"],
                            "filter": {
                                "type": "string",
                                "pattern": ".*"
                            } 
                        } 
                    ] 
                } 
            } 
        } 
    ] 
}

Retrieving the Verification Status

After the user presents the credential, you can verify the status.

Example

openid4vp://authorize?...state=a12345...

curl -X 'GET' \
'https://identityplatform-v2.facephi.pro/api/verifier/openid4vc/session/$state' \
-H 'accept: */*'

Verification Result Response

It will be the response to the call to the statusCallbackUri header URL to be implemented by the consumer.

The response of the verification status call will contain the status of the verification policies applied to the credential(s) presented by the user. The policy results will be in the following format:

{
  "verificationResult": true,
  "policyResults": {
    "results": [
      {
        "credential": "epassport",
        "policies": [
          {
            "policy": "signature",
            "is_success": true
          }
        ]
      }
    ]
  }
}

The verificationResult field will be true if all policies were successful.

The policyResults field will contain the results of the policies applied to each credential. The credential field will contain the name of the credential, and the policies field will contain the results of the policies applied to the credential. The policy field will contain the name of the policy, and the is_success field will contain the result of the policy.