POC of Verifiable Credential Issuer and Risk Assessor, built using RIdentity tools
Code is derived from Bankathon backend.
-
If local node is used, run, deploy and seed contracts from core protocol repo
Add Verifier identity in the deploy and seed [script](https://github.com/growr-xyz/growr-core-protocol/blob/7063b6e8fc9668c3281e13a206232eebf83379c6/scripts/dev/deploy-and-seed.js#L51). To -
This should work with SSFI demo app
example .env file
DB_HOST=mongodb
DB_PORT=27017
BANK_APP_KEY=null
PRIVATE_KEY=<random 32 bytes>
VERIFICATION_REGISTRY_ADDRESS=<address of the Verification Registry contract>
NODE_HOST=<host of the node>
VERIFICATION_REGISTRY_ADDRESS should be recevied from core protocol deployment
DB_HOST should be mongodb if running in docker environment, or localhost if the Isser runs as local service
PRIVATE_KEY is used to create Issuer identity and Risk Assesor contract
Note: Current version of Growr protocol in RSK testnet is 0.3:
- VerificationRegistry : 0xA05A7F9f6aA39d37f3fcE95D4A4ad5D273c0Db6C
- Clone this repo
$ git clone [email protected]:https://github.com/growr-xyz/vc-issuer, then initialise the submodules by running:$ git submodule initand$ git submodule update - Build docker image
$ docker build --no-cache -t <docker-username>/<image-name>:<image-version> . - Run docker-compose build script
$ docker compose build - Run docker-compose up script
$ docker compose up -d - Open GraphQL playground with browser at
http://localhost:4000
- Request verification:
mutation requestVC($did: String, $type: String, $subject: String) {
requestVerification($did, $type, $subject)
}Currently only atomic VC types are working:
- dateOfBirth
- relationshipStatus
- dependants
- education
- employmentStatus
- highestEducationAttained
- kycStatus
- bankVCs
- creditRating
response should look like:
{
"data": {
"requestVerification": "ea2823bb684cd67e382149066dc4b7400acd3fdaa468c07ff6312b65d3c92fa6"
}
}Used to pass BH username.
The receivedVerification value should be signed by the did and used as message parameter in the next query.
Currently the receivedVerification value should be used to encrypt the password:
In next versions the code should be passed on another channel - email or sms.
const CryptoJS = require('crypto-js')
const password = CryptoJS.AES.encrypt('X!c9a49d53', receivedVerification).toString();both signed message and AES generated password should be used in the following graphQL query to request VC
- Request VC
query bankVC($did: String, $message: String, $type: VCTypeEnum, $parameters: String) {
bankVC(did:$did, message:$message, parameters: $parameters, type: $type)
}Response:
{
"data": {
"bankVC": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRGF0ZU9mQmlydGgiXSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6ImRpZDpldGhyOnJzazoweDZhMzAzNWVjMzEzN2JlZWI2Nzg5ZmZhOTA4OThjY2FkNWNkMDZmNzk7aWQ9MDkzZWNkOTgtNDJkMC00ZWZjLTg5NTAtZjhjYmYwZWFhZDM1O3ZlcnNpb249MS4wIiwidHlwZSI6Ikpzb25TY2hlbWFWYWxpZGF0b3IyMDE4In0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImRhdGVPZkJpcnRoIjoiMjAyMS0xMS0xNyJ9fSwic3ViIjoiZGlkIiwibmJmIjoxNjQ4MDI4MjAwLCJpc3MiOiJkaWQ6ZXRocjpyc2s6MHg3RkRiYjFDQjNDMmVEMzU3NEMwNTg2Nzk5Y0NCMTRCRjE3MkE5RjEyIn0._nmmp_xrpcIZbeGG0uDEMnwGYFnrPAxjrULXmexehCQ3SGYwTrPp0Z77yOpGu1sb2-pEhn9UPpIX-wZSUFiZYA"
}
}- Verify Credentials match pond
mutation verifyVCs{
verifyVCs(did:"did:ethr:rsk:0x6a3035ec3137beeb6789ffa90898ccad5cd06f79",
vps:["eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiQ2l0aXplbnNoaXAiXSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6ImRpZDpldGhyOnJzazoweDZhMzAzNWVjMzEzN2JlZWI2Nzg5ZmZhOTA4OThjY2FkNWNkMDZmNzk7aWQ9MjM3MzBhMWQtOGYyNS00YzZhLWI1MjctN2Y4YWQ5MDFlZWE5O3ZlcnNpb249MS4wIiwidHlwZSI6Ikpzb25TY2hlbWFWYWxpZGF0b3IyMDE4In0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7IkNpdGl6ZW5zaGlwIjoiU1YifX0sInN1YiI6ImRpZDpldGhyOnJzazoweDZhMzAzNWVjMzEzN2JlZWI2Nzg5ZmZhOTA4OThjY2FkNWNkMDZmNzkiLCJuYmYiOjE2NDg5NzU5OTEsImlzcyI6ImRpZDpldGhyOnJzazoweDdGRGJiMUNCM0MyZUQzNTc0QzA1ODY3OTljQ0IxNEJGMTcyQTlGMTIifQ.A_vnZO7yudlvvVnIZ7zmZ6Ce_e1Ypg9LL52UCx3uBiVxk0fIUrJjrede0DbXjKlTT87oDWZJRPssQb6kQeXlnw"],
pondAddress:"0x94099942864EA81cCF197E9D71ac53310b1468D8")
}Response:
{
"data": {
"verifyVCs": true
}
}Current flow
sequenceDiagram
participant Wallet
participant Peseta
participant Issuer
participant Data Vault
participant BH as Banco Hipo
Peseta ->> Wallet: sign in wallet
Peseta ->> Issuer: Request VC
note right of Peseta: see requestVC mutation
Issuer ->> Peseta: Response: Salt
Peseta ->> Issuer: Verify and get bank info
note right of Peseta: { did, signed(salt), salted(password), type }
Issuer ->> Issuer: Decode the signed salt
alt: did doesn't match the salt signer
Issuer ->> Peseta: Error
else: did matches the salt signer
Issuer ->> Issuer: decode salted password
Issuer ->> BH: Login
BH ->> Issuer: Get user data (credit score)
Issuer ->> Issuer: Create and sign VC
Issuer ->> Peseta: send VC
Peseta ->> Data Vault: VC
end