Verify a Credential or a Presentation
Whether a presentation involves selective disclosure or a whole credential is not technically relevant to Verifiers. This is because in KILT a presentation is a credential. This means that the logic for Verifiers does not change depending on the case, thus verifying a presentation is as easy as calling one SDK function, like the following code snippet:
- Typescript
- Javascript
import * as Kilt from '@kiltprotocol/sdk-js'
export async function verifyPresentation(
presentation: Kilt.ICredentialPresentation,
{
challenge,
trustedAttesterUris = []
}: {
challenge?: string
trustedAttesterUris?: Kilt.DidUri[]
} = {}
): Promise<void> {
// Verify the presentation with the provided challenge.
const { revoked, attester } = await Kilt.Credential.verifyPresentation(
presentation,
{ challenge }
)
if (revoked) {
throw new Error("Credential has been revoked and hence it's not valid.")
}
if (!trustedAttesterUris.includes(attester)) {
throw `Credential was issued by ${attester} which is not in the provided list of trusted attesters: ${trustedAttesterUris}.`
}
}
# loading code...
Verifying a presentation provides proof that all the information is correct and authentic, and that the credential has not been revoked. Verifiers still need to match the subject of the credential to the entity that is presenting it. One way of achieving this is by asking the Claimer to include a challenge in the presentation signature, as shown in the snippet above. Without a challenge, Verifiers must implement other measures to be certain about the identity of the presenter.
Verifiers must also have a registry of attesters they trust, and verify that the issuer of the credential they are verifying belongs to such list and, where necessary, whether it is still in operation or not, i.e., whether its DID still exists or has been deleted.