Verify Credentials
When an entity, receives the presentation of Verifiable Credentials (VCs) or Verifiable Presentations (VPs), they must verify the integrity, authenticity, and content of the credentials. The entity performing this verification is known as the Verifier.
A Verifiable Credential (VC) is a digital proof related to an entity, known as the Subject. In contrast, a Verifiable Presentation (VP) is a collection of one or more VCs bundled together for presentation.
Verify Verifiable Credentials​
Upon receipt, the presentation of the VCs is encoded as JWTs and can be verified via the VerifiableCredentials.verify()
function.
This function will:
✅ Parse and validate the structure of the JWT
✅ Ensure the presence of alg
and kid
in the JWT header
✅ Resolve the issuer's Decentralized Identifier (DID)
✅ Ensure the presence and validity of a verification method in the issuer's DID document
✅ Verify the integrity and authenticity of the issuer's signature using the public key associated with the verification method
✅ Ensure that the credential has not expired
If any of these steps fail, the function will throw an error with a message indicating the nature of the failure.
Extracting VC JWTs from Presentation​
A Presentation object includes multiple elements including the presentation submission as well as the Verifiable Credential JWTs themselves.
Example Presentation Result
The JavaScript SDK returns a Presentation Result:
{
"presentation": {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://identity.foundation/presentation-exchange/submission/v1"
],
"type": [
"VerifiablePresentation",
"PresentationSubmission"
],
"presentation_submission": {
"id": "bPLV_jMdN5XJengbX4M-l",
"definition_id": "presDefIdloanAppVerification123",
"descriptor_map": [
{
"id": "employmentVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "dobVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "nameVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[1]"
}
]
},
"verifiableCredential": [
"/* JWT VC for EmploymentCredential */",
"/* JWT VC for PIICredential */",
]
},
"presentationSubmissionLocation": 1,
"presentationSubmission": {
"id": "bPLV_jMdN5XJengbX4M-l",
"definition_id": "presDefIdloanAppVerification123",
"descriptor_map": [
{
"id": "employmentVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "dobVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "nameVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[1]"
}
]
}
}
Since the VC JWTs are part of the larger Presentation JSON object, they must be extracted and verified individually. Below is an example of how this might be implemented:
The code snippet above shows how to extract the VC JWTs from the Presentation and verify each one, aggregating the results.
The Verifier would then examine the results of the verifications to determine the errors:
Verify Verifiable Presentations​
Upon receipt, a Verifiable Presentation is encoded as a JWT and can be verified via the VerifiablePresentation.verify()
function.
Evaluate Presentation​
The information in this section is only applicable to the JavaScript SDK.
After verifying the authenticity of the VCs, the next step is to ensure that they actually satisfy the requirements outlined in the presentation definition.
This can be done via the PresentationExchange.evaluatePresentation()
function:
Example Evaluation Results
{
"areRequiredCredentialsPresent": "info",
"verifiableCredential": [
"/* JWT VC for EmploymentCredential */",
"/* JWT VC for PIICredential */",
],
"warnings": [],
"errors": [],
"value": {
"id": "WabEjZrPQQOQw8YUg9kIN",
"definition_id": "presDefIdloanAppVerification123",
"descriptor_map": [
{
"id": "employmentVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "dobVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "nameVerification",
"format": "jwt_vc",
"path": "$.verifiableCredential[1]"
}
]
}
}
The areRequiredCredentialsPresent
property of the evaluation results gives a status indication of whether the requirements were met:
- info - all required credentials are present
- warn - more credentials were presented than were required
- error - all required credentials are not present
If the status is warn
or error
, the details will be in the warnings
or error
array of the response.
Revocation Check​
The VerifiableCredential.verify()
function does not perform a revocation status check to determine whether the VCs have been revoked.
We strongly recommend that you verify this information by referencing the VC's credentialStatus
property before honoring the VC as valid.
Read VC Data​
Once you're confident that the VCs are valid, you can proceed to parse the JWTs into VC objects such that you may work with the credentials' data.
Was this page helpful?
Connect with us on Discord
Submit feedback: Open a GitHub issue
Edit this page: GitHub Repo
Contribute: Contributing Guide