Create Identity and Credentials
The example-1 script authenticates an Integration Service client to manage Identities using the Admin identity
created in example-0 and then performs the following tasks:
- Creates a new Identity (
userIdentity). - Creates a credential for that identity (
userCredential). - Verifies the generated credential (
await identity.checkCredential(userCredential)).
You can run the example with the following command:
- Java
- Node.js
Authentication
You can use the following script to authenticate the client using the admin identity and get the BasicIdentityCredential that the admin owns: this is a verifiable credential which is required for an issuer to sign verifiable credentials for other Identities.
- Java
- Node.js
// Recover the admin identity
final String didId = AddAsRootIdentity.authenticateRootIdentity(client);
IdentityInternal admin = client.find(didId);
if (admin == null) {
throw new Exception("admin identity is null");
}
// Get admin identity's VC
ArrayList<VerifiableCredential> vcs = (ArrayList<VerifiableCredential>) admin.getVerifiableCredentials();
if (vcs.size() > 0) {
VerifiableCredential firstCredential = vcs.get(0);
System.out.println(firstCredential);
} else {
throw new Exception("admin identity has no credentials");
}
import { IdentityClient, IdentityKeys } from '@iota/is-client';
...
// Initialize IdentityClient with previously setup parameters
const identity = new IdentityClient({
isGatewayUrl: process.env.IS_GATEWAY_URL,
ssiBridgeUrl: process.env.SSI_BRIDGE_URL,
auditTrailUrl: process.env.AUDIT_TRAIL_URL,
useGatewayUrl: process.env.USE_GATEWAY_URL === 'true' || false,
apiKey: process.env.API_KEY,
apiVersionAuditTrail: ApiVersion.v0_1,
apiVersionSsiBridge: ApiVersion.v0_2
});
// Recover the admin identity
const adminIdentity = JSON.parse(readFileSync("./adminIdentity.json").toString()) as IdentityKeys;
// Authenticate as the admin identity
await identity.authenticate(adminIdentity.id, adminIdentity.keys.sign.private);
// Get admin identity data
const adminIdentityPublic = await identity.find(adminIdentity.id);
// Get admin identy's VC
const identityCredential = adminIdentityPublic?.verifiableCredentials?.[0];
console.log("Identity Credential of Admin", identityCredential);
Create an Identity
The method createCredential requires a valid verifiable credential of type
BasicIdentity, the destination DID the type and the claim, which can be created using the following script.
- Java
- Node.js
// Create identity for user
JSONObject jsonClaim = new JSONObject().put("type", "Person").put("name", "randomName");
Claim claim = new Claim(jsonClaim);
final String randomUsername = Utils.getRandomUsernameOfLength(5);
System.out.println("username: " + randomUsername);
JSONObject newUserIdentity = client.create(randomUsername, claim);
System.out.println("created new user " + newUserIdentity);
VerifiableCredential assignedCredential = client.createCredential(vcs.get(0),
newUserIdentity.getJSONObject("doc").getString("id"), CredentialType.BASIC_IDENTITY,
new Claim(new JSONObject().put("type", "Person").put("position", "Professor")));
System.out.println("Created credential for new user " + assignedCredential.toString());
// Create identity for user
const userIdentity = await identity.create("User-" + Math.ceil(Math.random() * 100000);
console.log("~~~~~~~~~~~~~~~~");
console.log("Created user identity: ", userIdentity);
console.log("~~~~~~~~~~~~~~~~");
// Assign a verifiable credential to the user as rootIdentity.
// With the BasicIdentityCredential the user is not allowed to issue further credentials
const userCredential = await identity.createCredential(
identityCredential,
userIdentity?.id,
CredentialTypes.BasicIdentityCredential,
UserType.Person,
{
profession: "Professor",
}
);
Verify a Credential
You can verify a credential using the following script:
- Java
- Node.js
boolean verified = client.checkCredential(assignedCredential);
System.out.println("Verification result: " + verified);
const verified = await identity.checkCredential(userCredential);
console.log('Verification result: ', verified);