Requesting a Verifiable Credential

This document describes how to use the Litentry’s client-sdk to request a Verifiable Credential.

The IdentityHub issues Verifiable Credentials (VCs) based on available Assertions. Users store the resulting VCs which can be claimed based on the Credential Definition constraints dictated by the IdentityHub. The resulting VCs are downloadable by users and they can be uploaded to any 3rd party as a user deems fit.

Before continuing, make sure you have completed all the steps from the Installation section.

1. Building the Assertion struct

The Assertion struct holds the subject clauses that the IdentityHub evaluates. It consequently dictates the output clauses of the Verifiable Credential.

You can check all the available Litentry’s assertions and their parameters here.

For this example, we will use the TokenHoldingAmount assertion and constrain it to LIT. It will assert if the number of LIT tokens of the subject is greater than 0.

// Note: `api` instance is explained in the Installation section.

const assertion = api.createType("CorePrimitivesAssertion", {
  'TokenHoldingAmount': 'Lit',
});

Tip: You can also use the Extrinsic builder in the Polkadot.js App to explore the assertions and their parameters.

2. Building the request

Build a secure trusted request

import { request } from "@litentry/enclave";

// The Subject of the VC. The prime identity.
const who = createLitentryIdentityType(api.registry, {
  addressOrHandle: '9oTtQwDrJk5FomPyhoTFyxRC1rmf5Dn6hYD4Ezfgiy6r',
  type: 'Solana',
});

const call = await request.requestBatchVC(api, {
  who,
  assertions: [assertion], // One or many.
});

The call object has the following properties:

  • call.payloadToSign: The hex-encoded trusted call.

  • call.txHash: The hash that will identify the request.

  • call.send: A callback function to send the request to the Litentry Enclave.

The trusted call needs to be signed by the prime identity. This ensures the request is legit. The message to sign is found in call.payloadToSign.

The signature should be a hex-encoded string. Optionally accepted formats are: base58-encoded string for Solana and base64-encoded for Bitcoin identities.

3. Sending the request.

Once the call.payloadToSign the message is signed by the prime identity, we can send the transaction.

import { u8aToString } from '@polkadot/util';

const result = await send({
  signedPayload,
});

console.log(`✨ success.`);
// displaying the resulting VC
const rawCredential: Uint8Array = result.vcPayloads[0];
const credential = JSON.parse(
	u8aToString(rawCredential)
)

console.log(`Verifiable Credential: `, credential);

// tip: check the VC Verification section to further manipulate VCs.

The result object has the following properties:

  • result.response: The raw Enclave’s response. An array of WorkerRpcReturnValue struct.

  • request.vcPayloads: And array containing the Byte representation of the VC or Error.

4. Subscribing to the request

Subscribing to the request is enabled for the requestBatchVc method as many assertions may be requested.

Here is an example of it:

import { u8aToString } from "@polkadot/util";
import type { WorkerRpcReturnValue } from "@litentry/chain-types";

const subscribe = (
  error: Error | null,
  data: {
    vcPayload: Uint8Array;
    index: number;
    partialResult: WorkerRpcReturnValue[];
  }
) => {
  console.log(`got assertion with index ${data.index}: `, {
    error,
    vcString: u8aToString(data.vcPayload),
    processed: data.partialResult.length,
  });
};

await send(
	{ signedPayload },
	subscribe
);

console.log(`✨ success.`);

Last updated