Skip to main content
info
IOTA Identity for Rebased is currently in alpha and may still be subject to significant changes

JwtCredentialValidator

@iota/identity-wasm API documentation

Class: JwtCredentialValidator

A type for decoding and validating Credential.

Constructors

new JwtCredentialValidator()

new JwtCredentialValidator(signatureVerifier?): JwtCredentialValidator

Creates a new JwtCredentialValidator. If a signatureVerifier is provided it will be used when verifying decoded JWS signatures, otherwise a default verifier capable of handling the EdDSA, ES256, ES256K algorithms will be used.

Parameters

signatureVerifier?

null | IJwsVerifier

Returns

JwtCredentialValidator

Methods

validate()

validate(credential_jwt, issuer, options, fail_fast): DecodedJwtCredential

Decodes and validates a Credential issued as a JWS. A DecodedJwtCredential is returned upon success.

The following properties are validated according to options:

  • the issuer's signature on the JWS,
  • the expiration date,
  • the issuance date,
  • the semantic structure.

Warning

The lack of an error returned from this method is in of itself not enough to conclude that the credential can be trusted. This section contains more information on additional checks that should be carried out before and after calling this method.

The state of the issuer's DID Document

The caller must ensure that issuer represents an up-to-date DID Document.

Properties that are not validated

There are many properties defined in The Verifiable Credentials Data Model that are not validated, such as: proof, credentialStatus, type, credentialSchema, refreshService and more. These should be manually checked after validation, according to your requirements.

Errors

An error is returned whenever a validated condition is not satisfied.

Parameters

credential_jwt

Jwt

issuer

IToCoreDocument | CoreDocument

options

JwtCredentialValidationOptions

fail_fast

FailFast

Returns

DecodedJwtCredential

verifySignature()

verifySignature(credential, trustedIssuers, options): DecodedJwtCredential

Decode and verify the JWS signature of a Credential issued as a JWT using the DID Document of a trusted issuer.

A DecodedJwtCredential is returned upon success.

Warning

The caller must ensure that the DID Documents of the trusted issuers are up-to-date.

Proofs

Only the JWS signature is verified. If the Credential contains a proof property this will not be verified by this method.

Errors

This method immediately returns an error if the credential issuer' url cannot be parsed to a DID belonging to one of the trusted issuers. Otherwise an attempt to verify the credential's signature will be made and an error is returned upon failure.

Parameters

credential

Jwt

trustedIssuers

(IToCoreDocument | CoreDocument)[]

options

JwsVerificationOptions

Returns

DecodedJwtCredential

checkExpiresOnOrAfter()

static checkExpiresOnOrAfter(credential, timestamp): void

Validate that the credential expires on or after the specified timestamp.

Parameters

credential

Credential

timestamp

Timestamp

Returns

void

checkIssuedOnOrBefore()

static checkIssuedOnOrBefore(credential, timestamp): void

Validate that the credential is issued on or before the specified timestamp.

Parameters

credential

Credential

timestamp

Timestamp

Returns

void

checkSubjectHolderRelationship()

static checkSubjectHolderRelationship(credential, holder, relationship): void

Validate that the relationship between the holder and the credential subjects is in accordance with relationship. The holder parameter is expected to be the URL of the holder.

Parameters

credential

Credential

holder

string

relationship

SubjectHolderRelationship

Returns

void

checkStatus()

static checkStatus(credential, trustedIssuers, statusCheck): void

Checks whether the credential status has been revoked.

Only supports RevocationBitmap2022.

Parameters

credential

Credential

trustedIssuers

(IToCoreDocument | CoreDocument)[]

statusCheck

StatusCheck

Returns

void

checkStatusWithStatusList2021()

static checkStatusWithStatusList2021(credential, status_list, status_check): void

Checks wheter the credential status has been revoked using StatusList2021.

Parameters

credential

Credential

status_list

StatusList2021Credential

status_check

StatusCheck

Returns

void

extractIssuer()

static extractIssuer(credential): CoreDID

Utility for extracting the issuer field of a Credential as a DID.

Errors

Fails if the issuer field is not a valid DID.

Parameters

credential

Credential

Returns

CoreDID

extractIssuerFromJwt()

static extractIssuerFromJwt(credential): CoreDID

Utility for extracting the issuer field of a credential in JWT representation as DID.

Errors

If the JWT decoding fails or the issuer field is not a valid DID.

Parameters

credential

Jwt

Returns

CoreDID