By adopting the Decentralized Identifiers (DID) protocol. The DID token created by Fortmatic Whitelabel SDK (see getIdToken
) makes use of Ethereum's—personal_sign
—so that a user's proof of authorization can be encoded into a lightweight, digital signature.
The token is constructed as a Base64 JSON string tuple representing the proof
, a digital signature, and a claim
, which is the unsigned data a user asserts.
const claim = { ... }; // Data representing the user's access.const proof = sign(claim); // personal_signconst DIDToken = btoa(JSON.stringify([proof, claim]));
The spec for Fortmatic DID tokens Claim is as follows:
/* This is in the format of a Claim */const claim = JSON.stringify({iat: Math.floor(Date.now() / 1000), // Issued At (now) in seconds.ext: Math.floor(Date.now() / 1000) + lifespan, // Expiry time in seconds.iss: `did:ethr:${account.address}`, // Issuer (signer)sub: subject, // Fortmatic Entityaud: `did:magic:${uuid()}`, // Identifies project space of the DIDnbf: Math.floor(Date.now() / 1000), // Not before in seconds.tid: uuid(), // Unique token identifier});​// The final token is an encoded string containing a JSON tuple: [proof, claim]// proof should be a signed claim, if correct.const proof = Web3Service.personalSign(claim, account.privateKey);return btoa(JSON.stringify([proof, claim]));