Skip to main content
Version: v0.5.x

Verifying Credentials using the OpenID4VC Verifier Module

This tutorial will guide you through the process of verifying credentials using the OpenID4VC Verifier Module. Before starting this tutorial, make sure you have completed the OpenID4VC Verifier Module Setup.

This guides only covers the verification of credentials using the OpenID4VC Verifier Module. Follow the Issuing Credentials using the OpenID4VC Issuer Module and Receiving and Proving Credentials using the OpenID4VC Holder Module guide to learn how to issuer, receive and prove credentials using the OpenID4VC Issuer and Holder Modules.

Creating the verifier

Once you have set-up your agent (under verifier variable), we first need to configure your verifier.

// Create a verifier
const openId4VcVerifier = await verifier.modules.openId4VcVerifier.createVerifier({})

// Create a did:key that we will use for signing OpenID4VP authorization requests
const verifierDidResult = await issuer.dids.create<KeyDidCreateOptions>({
  method: 'key',
  options: {
    keyType: KeyType.Ed25519,
  },
})

if (verifierDidResult.didState.state !== 'finished') {
  throw new Error('DID creation failed.')
}

const verifierDidKey = DidKey.fromDid(verifierDidResult.didState.did)

Creating an authorization request

Once you have configured the verifier, you can create an authorization request including an OpenID4VP presentation request based on DIF Presentation Exchange V2. The authorization request method will generate an authorization request URI that you can share with a holder.

const { authorizationRequest, verificationSession } =
  await verifier.modules.openId4VcVerifier.createAuthorizationRequest({
    verifierId: openId4VcVerifier.verifierId,
    requestSigner: {
      didUrl: `${verifierDidKey.did}#${verifierDidKey.key.fingerprint}`,
      method: 'did',
    },
    // Add DIF presentation exchange data
    presentationExchange: {
      definition: {
        id: '9ed05140-b33b-445e-a0f0-9a23aa501868',
        name: 'Employee Verification',
        purpose: 'We need to verify your employee status to grant access to the employee portal',
        input_descriptors: [
          {
            id: '9c98fb43-6fd5-49b1-8dcc-69bd2a378f23',
            constraints: {
              // Require limit disclosure
              limit_disclosure: 'required',
              fields: [
                {
                  filter: {
                    type: 'string',
                    const: 'AcmeCorpEmployee',
                  },
                  path: ['$.vct'],
                },
              ],
            },
          },
        ],
      },
    },
  })

// Listen and react to changes in the verification session
verifier.events.on<OpenId4VcVerificationSessionStateChangedEvent>(
  OpenId4VcVerifierEvents.VerificationSessionStateChanged,
  async (event) => {
    if (event.payload.verificationSession.id === verificationSession.id) {
      console.log('Verification session state changed to ', event.payload.verificationSession.state)
    }

    if (event.payload.verificationSession.state === OpenId4VcVerificationSessionState.ResponseVerified) {
      const verifiedAuthorizationResponse = await verifier.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(
        verificationSession.id
      )
      console.log('Successfully verified presentation.', JSON.stringify(verifiedAuthorizationResponse, null, 2))

      console.log('Exiting...')
      process.exit()
    }
  }
)

We have also added an event listener that listens for state changed events, this allows us to know when the verification session is done.