DID Tokens

DID tokens are cryptographically-generated proofs that can manage user credentials to your application's resource server.

What is an DID Token?

By adopting the Decentralized Identifiers (DID) protocol. The DID token created by Fortmatic Whitelabel SDK (see getIdToken) makes use of Ethereum's—personal_sign—so that a user's proof of authorization can be encoded into a lightweight, digital signature.

The token is constructed as a Base64 JSON string tuple representing the proof, a digital signature, and a claim, which is the unsigned data a user asserts.

const claim = { ... }; // Data representing the user's access.
const proof = sign(claim); // personal_sign
const DIDToken = btoa(JSON.stringify([proof, claim]));

The spec for Fortmatic DID tokens Claim is as follows:

/* This is in the format of a Claim */
const claim = JSON.stringify({
iat: Math.floor(Date.now() / 1000), // Issued At (now) in seconds.
ext: Math.floor(Date.now() / 1000) + lifespan, // Expiry time in seconds.
iss: `did:ethr:${account.address}`, // Issuer (signer)
sub: subject, // Fortmatic Entity
aud: `did:magic:${uuid()}`, // Identifies project space of the DID
nbf: Math.floor(Date.now() / 1000), // Not before in seconds.
tid: uuid(), // Unique token identifier
// The final token is an encoded string containing a JSON tuple: [proof, claim]
// proof should be a signed claim, if correct.
const proof = Web3Service.personalSign(claim, account.privateKey);
return btoa(JSON.stringify([proof, claim]));