.. and press ENTER to ask a question on web5, how to write code and more.

Skip to main content

Verify Credentials

When an entity, receives the presentation of verifiable credentials (VCs) or verifiable presentations (VPs), they must verify the integrity, authenticity, and content of the credentials. The entity performing this verification is known as the Verifier.

A verifiable credential (VC) is a digital proof related to an entity, known as the Subject. In contrast, a verifiable presentation (VP) is a collection of one or more VCs bundled together for presentation.

Verify Verifiable Credentials​

Upon receipt, the presentation of the VCs is encoded as JWTs and can be verified via the VerifiableCredentials.verify() function.

This function will:

✅ Parse and validate the structure of the JWT

✅ Ensure the presence of alg and kid in the JWT header

✅ Resolve the issuer's Decentralized Identifier (DID)

✅ Ensure the presence and validity of a verification method in the issuer's DID document

✅ Verify the integrity and authenticity of the issuer's signature using the public key associated with the verification method

✅ Ensure that the credential has not expired

If any of these steps fail, the function will throw an error with a message indicating the nature of the failure.

Extracting VC JWTs from Presentation​

A Presentation object includes multiple things including the presentation submission as well as the verifiable credential JWTs themselves.

Example Presentation Result
JavaScript
Kotlin
Swift

The JavaScript SDK returns a Presentation Result:


{
  "presentation": {
    "@context": [
      "https://www.w3.org/2018/credentials/v1",
      "https://identity.foundation/presentation-exchange/submission/v1"
    ],
    "type": [
      "VerifiablePresentation",
      "PresentationSubmission"
    ],
    "presentation_submission": {
      "id": "bPLV_jMdN5XJengbX4M-l",
      "definition_id": "presDefIdloanAppVerification123",
      "descriptor_map": [
        {
          "id": "employmentVerification",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[0]"
        },
        {
          "id": "dobVerification",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[1]"
        },
        {
          "id": "nameVerification",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[1]"
        }
      ]
    },
    "verifiableCredential": [
        "/* JWT VC for EmploymentCredential */",
        "/* JWT VC for PIICredential */",
    ]
  },
  "presentationSubmissionLocation": 1,
  "presentationSubmission": {
    "id": "bPLV_jMdN5XJengbX4M-l",
    "definition_id": "presDefIdloanAppVerification123",
    "descriptor_map": [
      {
        "id": "employmentVerification",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "dobVerification",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "nameVerification",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[1]"
      }
    ]
  }
}

Since the VC JWTs are part of the larger Presentation JSON object, they must be extracted and verified individually. Below is an example of how this might be implemented:

JavaScript
Kotlin
Swift

The code snippet above shows how to extract the VC JWTs from the Presentation and verify each one, aggregating the results.

The Verifier would then examine the results of the verifications to determine the errors:

JavaScript
Kotlin
Swift

Verify Verifiable Presentations​

Upon receipt, a Verifiable Presentation is encoded as a JWT and can be verified via the VerifiablePresentation.verify() function.

JavaScript
Kotlin
Swift

Evaluate Presentation​

note

The information in this section is only applicable to the JavaScript SDK.

After verifying the authenticity of the VCs, the next step is to ensure that they actually satisfy the requirements outlined in the presentation definition. This can be done via the PresentationExchange.evaluatePresentation() function:

JavaScript
Kotlin
Swift
Example Evaluation Results
{
  "areRequiredCredentialsPresent": "info",
  "verifiableCredential": [
    "/* JWT VC for EmploymentCredential */",
    "/* JWT VC for PIICredential */",
  ],
  "warnings": [],
  "errors": [],
  "value": {
    "id": "WabEjZrPQQOQw8YUg9kIN",
    "definition_id": "presDefIdloanAppVerification123",
    "descriptor_map": [
      {
        "id": "employmentVerification",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "dobVerification",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "nameVerification",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[1]"
      }
    ]
  }
}

The areRequiredCredentialsPresent property of the evaluation results gives a status indication of whether the requirements were met:

  • info - all required credentials are present
  • warn - more credentials were presented than were required
  • error - all required credentials are not present

If the status is warn or error, the details will be in the warnings or error array of the response.

Revocation Check​

The VerifiableCredential.verify() function does not perform a revocation status check to determine whether the VCs have been revoked. We strongly recommend that you verify this information by referencing the VC's credentialStatus property before honoring the VC as valid.

Read VC Data​

Once you're confident that the VCs are valid, you can proceed to parse the JWTs into VC objects such that you may work with the credentials' data.

Connect with us on Discord

Submit feedback: Open a GitHub issue

Edit this page: GitHub Repo

Contribute: Contributing Guide