DID Tokens
DID tokens are cryptographically-generated proofs that can manage user credentials to your application's resource server.
By adopting the Decentralized Identifiers (DID) protocol. The DID token created by Fortmatic Whitelabel SDK (see getIdToken) makes use of Ethereum's—personal_sign—so that a user's proof of authorization can be encoded into a lightweight, digital signature.
The token is constructed as a Base64 JSON string tuple representing the proof, a digital signature, and a claim, which is the unsigned data a user asserts.
const claim = { ... }; // Data representing the user's access.const proof = sign(claim); // personal_signconst DIDToken = btoa(JSON.stringify([proof, claim]));
The spec for Fortmatic DID tokens Claim is as follows:
/* This is in the format of a Claim */const claim = JSON.stringify({iat: Math.floor(Date.now() / 1000), // Issued At (now) in seconds.ext: Math.floor(Date.now() / 1000) + lifespan, // Expiry time in seconds.iss: `did:ethr:${account.address}`, // Issuer (signer)sub: subject, // Fortmatic Entityaud: `did:magic:${uuid()}`, // Identifies project space of the DIDnbf: Math.floor(Date.now() / 1000), // Not before in seconds.tid: uuid(), // Unique token identifier});​// The final token is an encoded string containing a JSON tuple: [proof, claim]// proof should be a signed claim, if correct.const proof = Web3Service.personalSign(claim, account.privateKey);return btoa(JSON.stringify([proof, claim]));
Last updated 11 months ago