diff --git a/docs/js-sdk/js-sdk-components/credential-wallet.md b/docs/js-sdk/js-sdk-components/credential-wallet.md index b847b833..c31f5765 100644 --- a/docs/js-sdk/js-sdk-components/credential-wallet.md +++ b/docs/js-sdk/js-sdk-components/credential-wallet.md @@ -5,7 +5,7 @@ sidebar_label: Credential Wallet description: Credential Wallet components and capabilities. keywords: - docs - - polygon id + - privado id - holder - issuer - verifier @@ -14,156 +14,206 @@ keywords: - credential --- -A Credential Wallet holds the credentials issued by the Issuer. The Credential Wallet is implemented with a Credential Interface that lets you interact with the credential storage. +A Credential Wallet manages credentials issued by issuers and provides secure storage and retrieval capabilities. The Credential Wallet is implemented through a Credential Interface that enables interaction with the underlying credential storage system. -The methods described below let you create and manage a credential wallet: +The methods described below enable you to create and manage credential wallets effectively: -## Get List of Credentials with list() method +## Credential Retrieval -This method retrieves a set of Verifiable Credentials in the W3C format: +### list() + +Retrieves all stored Verifiable Credentials in W3C format from the wallet. ```typescript list(): Promise; ``` -Click here for the API Reference. +**Returns:** An array of all W3C Verifiable Credentials stored in the wallet. + +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.list#credentialwalletlist-method) -## Save Credentials with save() method +### findByQuery() -This method saves the W3C Credentials to the database using upsert. +Searches for credentials using the Iden3 protocol's query language, enabling precise credential filtering based on multiple criteria. ```typescript -save(credential: W3CCredential): Promise; +findByQuery(query: ProofQuery): Promise; ``` -Click here for the API Reference. - -## Save All Credentials with saveAll() method - -This method saves a batch of W3C Credentials to the database using upsert. +**Parameters:** +- `query`: Query object containing search criteria +**ProofQuery Interface:** ```typescript -saveAll(credentials: W3CCredential[]): Promise; +export interface ProofQuery { + allowedIssuers?: string[]; // Authorized credential issuers + credentialSubject?: { [key: string]: unknown }; // Subject attributes to match + schema?: string; // JSON schema URL for credential validation + claimId?: string; // Specific credential identifier + credentialSubjectId?: string; // Subject's unique identifier + context?: string; // Credential context information + type?: string; // Credential type specification +} ``` -Click here for the API Reference. +**Query Parameters:** +- `allowedIssuers`: Array of issuer DIDs authorized to issue matching credentials +- `claimId`: Unique identifier of the target credential +- `credentialSubjectId`: Identifier of the credential subject (recipient) +- `type`: Specific credential type to filter by +- `schema`: JSON schema URL used for credential creation and validation +- `credentialSubject`: Subject attributes and claims to match against -## Remove Credential with remove() method +**Returns:** Array of W3C Verifiable Credentials matching the query criteria. -This method removes a W3C credential from data storage. +The returned credentials can be used for proof generation in verification scenarios. + +:::info Query Language + +Learn more about the Iden3 query language capabilities in the [Query Language documentation](https://docs.iden3.io/protocol/querylanguage/). + +::: + +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.findbyquery#credentialwalletfindbyquery-method) + +## Credential Storage + +### save() + +Stores a single W3C Verifiable Credential in the database using upsert operation (insert or update if exists). ```typescript -remove(id: string): Promise; +save(credential: W3CCredential): Promise; ``` -Click here for the API Reference. +**Parameters:** +- `credential`: W3C Verifiable Credential to be stored -## Find Credentials with Query with findByQuery() method +**Operation:** Uses upsert logic to either insert new credentials or update existing ones based on credential identifier. -This method lets you find credentials using the Iden3 protocol's query language. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.save#credentialwalletsave-method) -```typescript -findByQuery(query: ProofQuery): Promise; +### saveAll() + +Performs batch storage of multiple W3C Verifiable Credentials using upsert operations for improved performance. +```typescript +saveAll(credentials: W3CCredential[]): Promise; ``` -where `ProofQuery` can contain parameters including: +**Parameters:** +- `credentials`: Array of W3C Verifiable Credentials to be stored -- `allowedIssuers`: issuers that are allowed to issue a credential, -- `claimId`: ID of the credential issued, -- `credentialSubjectId : ID of the subject of the credential to whom a credential is issued, -- `type`: type of credential issued, -- `schema`: JSON schema used to create a credential, -- `credentialSubject`: subject of the credential to whom a credential is issued. +**Benefits:** Optimized for bulk operations, reducing database transaction overhead compared to multiple individual save operations. -This credential is then used to create a proof. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.saveall#credentialwalletsaveall-method) + +### remove() + +Permanently removes a specific W3C Verifiable Credential from storage. ```typescript -export interface ProofQuery { - allowedIssuers?: string[]; - credentialSubject?: { [key: string]: unknown }; - schema?: string; // string url - claimId?: string; - credentialSubjectId?: string; - context?: string; - type?: string; -} +remove(id: string): Promise; ``` -Read more on Query Language [here](https://docs.iden3.io/protocol/querylanguage/). +**Parameters:** +- `id`: Unique identifier of the credential to be removed + +**Warning:** This operation is irreversible. Ensure proper backup procedures before credential removal. -Click here for the API Reference. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.remove#credentialwalletremove-method) -## Retrieve Auth BJJ Credential with getAuthBJJCredential() method +## Authentication Credentials -This method allows you to retrieve a credential of Auth BJJ type for a specific user so that it can be used for signing. +### getAuthBJJCredential() + +Retrieves the Auth Baby Jubjub credential for a specific user, enabling cryptographic signing operations. ```typescript - getAuthBJJCredential(did: DID): Promise; +getAuthBJJCredential(did: DID): Promise; ``` -where `did` is the DID of the issuer that has issued the credential. +**Parameters:** +- `did`: DID of the credential holder (not the issuer) + +**Returns:** W3C Verifiable Credential of Auth BJJ type, containing the public key and signing capabilities. -This method returns a Verifiable Credential of the type Auth BJJ. +**Use Case:** Essential for identity authentication and message signing within the Iden3 ecosystem. -Click here for the API Reference. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.getauthbjjcredential#credentialwalletgetauthbjjcredential-method) -## Get Revocation Status for a Credential with getRevocationStatusFromCredential() method +## Revocation Status Management -This method retrieves or builds revocation status for a given credential. +### getRevocationStatusFromCredential() + +Retrieves or constructs the current revocation status for a given credential, determining whether it remains valid. ```typescript getRevocationStatusFromCredential(cred: W3CCredential): Promise; ``` -where `cred` is the Credential for which the revocation status is to be retrieved. +**Parameters:** +- `cred`: W3C Verifiable Credential to check for revocation + +**Returns:** `RevocationStatus` indicating whether the credential is currently valid or has been revoked. -The method returns a revocation status of the credential (whether a credential is revoked or not). The credential status could be either the **SparseMerkleTreeProof** or **Iden3ReverseSparseMerkleTreeProof** (if Reverse Hash Service is used) type. +**Supported Status Types:** +- **SparseMerkleTreeProof**: Standard on-chain revocation verification +- **Iden3ReverseSparseMerkleTreeProof**: Revocation verification using Reverse Hash Service -Click here for the API Reference. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.getrevocationstatusfromcredential#credentialwalletgetrevocationstatusfromcredential-method) -## Get Revocation Status Depending on Type of Credential Status with getRevocationStatus() method +### getRevocationStatus() -This method retrieves the revocation status for a given credential depending on the type of its credential status. +Retrieves revocation status based on the specific credential status type and configuration. ```typescript - /** - * - * - * @param {(CredentialStatus )} credStatus - credentialStatus field of the Verifiable Credential. - * @param {CredentialStatusResolveOptions} credentialStatusResolveOptions - options to resolve credential status - * @returns `Promise` - */ - getRevocationStatus( - credStatus: CredentialStatus, - credentialStatusResolveOptions?: CredentialStatusResolveOptions - ): Promise; +getRevocationStatus( + credStatus: CredentialStatus, + credentialStatusResolveOptions?: CredentialStatusResolveOptions +): Promise; ``` -where `credStatus` is the credential status type: with or without Reverse Hash Service / Agent / Onchain. +**Parameters:** +- `credStatus`: Credential status configuration specifying the revocation checking method +- `credentialStatusResolveOptions`: (Optional) Additional resolution parameters -`credentialStatusResolveOptions` are: +**CredentialStatusResolveOptions:** +- `issuerDID`: DID of the credential issuer +- `userDID`: DID of the user requesting status verification +- `issuerData`: Issuer metadata from either Signature Proof (BJJ) or Iden3SparseMerkleTreeProof -- `issuerDID` is the DID of the Issuer. -- `userDID` is the DID of the user who retrieves the status. -- `issuerData` is the metadata related to an Issuer. This metadata is contained in either the Signature Proof (BJJ Signature Proof) or Iden3SparseMerkleTreeProof (Merkle Tree Proof). +**Supported Status Types:** +- Standard revocation checking (on-chain verification) +- Reverse Hash Service integration +- Agent-based status resolution +- On-chain status verification -The method returns the revocation status of the credential (a credential is revoked or not). +**Returns:** Current revocation status indicating credential validity. -Click here for the API Reference. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.getrevocationstatus#credentialwalletgetrevocationstatus-method) -## Create a Credential using createCredential() method +## Credential Creation -This method creates a Verifiable Credential in the W3C format. +### createCredential() + +Creates a new W3C Verifiable Credential based on provided specifications and JSON schema validation. ```typescript - createCredential(issuer: DID, request: CredentialRequest, schema: JSONSchema): W3CCredential; +createCredential(issuer: DID, request: CredentialRequest, schema: JSONSchema): W3CCredential; ``` -where `Issuer` is the DID of the Issuer. -`request` is the specification for the credential creation parameters. -`schema` is the JSON schema used for creating a credential. +**Parameters:** +- `issuer`: DID of the credential issuer +- `request`: Credential creation specification containing subject data and requirements +- `schema`: JSON schema for credential structure validation and type definition + +**Process:** +1. Validates the credential request against the provided JSON schema +2. Creates credential claims based on the request specifications +3. Formats the credential according to W3C Verifiable Credential standards +4. Returns the properly structured credential ready for issuance -The method returns a Verifiable Credential in the W3C format. +**Returns:** W3C-compliant Verifiable Credential ready for signing and issuance. -Click here for the API Reference. +[API Reference](https://0xpolygonid.github.io/js-sdk-tutorials/docs/api/js-sdk.credentialwallet.createcredential#credentialwalletcreatecredential-property) \ No newline at end of file diff --git a/docs/js-sdk/js-sdk-components/iden3comm.md b/docs/js-sdk/js-sdk-components/iden3comm.md index c2c5d884..f64a4853 100644 --- a/docs/js-sdk/js-sdk-components/iden3comm.md +++ b/docs/js-sdk/js-sdk-components/iden3comm.md @@ -5,7 +5,7 @@ sidebar_label: Iden3comm description: Iden3comm components and capabilities. keywords: - docs - - polygon id + - privado id - holder - issuer - verifier @@ -17,13 +17,16 @@ keywords: - revocation --- -Iden3comm is the implementation of the messages that exist in the Iden3 protocol. It deals with different protocol message types; a few messages supported by the protocol are related to authentication, credentials, proof, and revocation. +Iden3comm is the reference implementation for message handling within the Iden3 protocol. It processes various protocol message types, including authentication requests, credential operations, proof generation, and revocation management. ## Packers -Iden3comm supports packers that receive some data as payload and create an envelope for different types of messages. +Iden3comm uses packers to encapsulate payload data into protocol-specific message envelopes. These components transform raw data into standardized message formats for secure transmission. -The Iden3 protocol supports packers for messages of 2 media types: plain messages and zero-knowledge proof (ZKP) messages. These packers let you generate tokens. +The Iden3 protocol supports packers for messages of 2 media types: - **Plain messages**: Standard unencrypted message format +- **Zero-knowledge proof (ZKP) messages**: Cryptographically secured messages with privacy-preserving properties + +These packers let you generate tokens. ### ZKP Packer @@ -51,7 +54,7 @@ For the messages of the type **ZKP**, the packer receives a payload (a serialize ## Handler -In Iden3, a handler manages the packers described above. There are two types of handlers that the protocol supports: Authentication and Fetch Handlers. +In Iden3, a handler manages the packers and orchestrate message processing workflows. There are two types of handlers that the protocol supports: Authentication Handler and Fetch Handler. ### Authentication Handler @@ -83,7 +86,7 @@ It gets the payload and an identity (that can handle that request) as the input Click here for the API Reference. -:::note +:::note **Privacy Consideration** When a user logs into a Verifier, it does not have to share its identity. Instead, it can share with it the profile as the user does not receive a credential on his/her identifier but on his/her profile. Sharing one's profile instead of his/her identity prevents the possible identity tracking by a Verifier. @@ -100,23 +103,33 @@ handleCredentialOffer( ): Promise ``` -The offer should just be passed to the function. The DID that is supposed to fetch the credential will be determined from the offer message itself. - -`offer` is the offer message that the Fetch handler receives. +**Parameters:** +- `offer` is the offer message that the Fetch handler receives. -The handler returns a Verifiable Credential in the W3C format. +**Process:** +- Automatically determines the target DID from the offer message content +- Processes the offer and retrieves the credential from the issuer +- Returns verifiable credentials in W3C standard format Read more about iden3comm [here](https://github.com/iden3/iden3comm/tree/main/protocol). Click here for the API Reference. -If you want to work with JWS instead of JWZ technology during the authorization or credential fetching you need to pass parameters to these functions. +## Alternative Message Formats + +For applications requiring JSON Web Signature (JWS) instead of JSON Web Zero-knowledge (JWZ) technology, you can specify alternative packer parameters: ```typescript -let params = { +const params = { mediaType: MediaType; packerOptions?: JWSPackerParams; } ``` -where `mediaType` is the media type of iden3comm protocol and `packerOptions` are JWS required parameters. +**Configuration:** +- `mediaType`: Specifies the iden3comm protocol media type +- `packerOptions`: JWS-specific parameters for signature-based authentication + +## Additional Resources + +For comprehensive protocol specifications and implementation details, refer to the [Iden3comm Protocol Documentation](https://github.com/iden3/iden3comm/tree/main/protocol). diff --git a/docs/js-sdk/js-sdk-components/identity-wallet.md b/docs/js-sdk/js-sdk-components/identity-wallet.md index 498c9520..0ec7445c 100644 --- a/docs/js-sdk/js-sdk-components/identity-wallet.md +++ b/docs/js-sdk/js-sdk-components/identity-wallet.md @@ -5,7 +5,7 @@ sidebar_label: Identity Wallet description: Identity Wallet components and capabilities. keywords: - docs - - polygon id + - privado id - holder - issuer - verifier @@ -14,19 +14,21 @@ keywords: - identity --- -An identity wallet holds the identity of the user and carries the following components: +An identity wallet manages a user's decentralized identity and comprises the following core components: -- Key Management Store (kms): it allows the user to sign data using keys and offers the storage that is allocated to these keys. It’s an abstraction that allows for communication with different kinds of key storage. +## Core Components -- Data Storage Interface: it is an interface that allows you to communicate with Credential storage, Identity storage, Merkle tree storage, and State interfaces. This interface lets you create an identity for the user. +- **Key Management Store (KMS)**: Enables users to sign data using cryptographic keys and provides secure storage for these keys. This abstraction layer facilitates communication with various types of key storage systems. -- Credential Wallet: it contains business logic on the top of the Credential storage. An Identity Wallet uses a Credential Wallet for mapping the credentials issued to an Identity. +- **Data Storage Interface**: Provides an interface for communicating with multiple storage systems including credential storage, identity storage, Merkle tree storage, and state interfaces. This interface enables identity creation and management for users. + +- **Credential Wallet**: Contains business logic built on top of credential storage. The Identity Wallet utilizes a Credential Wallet to map credentials issued to specific identities. The methods described below let you create and manage an identity wallet. ## Create an Identity using createIdentity() -This method creates an Auth Baby Jubjub Credential (for signing on behalf of an identity) and an Identifier for an Identity. The Baby Jubjub Key is the elliptic curve implementation used in Iden3. +Creates an Auth Baby JubJub Credential for identity signing and generates a unique identifier for the identity. Baby JubJub is the elliptic curve implementation used in the Iden3 protocol. Firstly, to create an Identity, the three Merkle trees (Claims tree, Revocation tree, and Roots of Root tree) are created. Auth BJJ key is then added to the Claims tree. The hash of these three trees creates a root that is used to create an Identity State. The first state created is called the Genesis State and it is from this Genesis State that a unique Identifier (in the DID format) is generated. @@ -60,9 +62,9 @@ where `method` is the type of `did` method used to create an identity. The `createIdentity` method returns a `did` (Decentralised Identifier) in the DID format and a credential based on the W3C standard for a Verifiable Credential. -:::note +:::note About DIDs -It is worth noting that `did` is a Decentralized Identifier associated with an identity and enables verifiable identities. A `did` could be a person, thing, organization, or even an abstract entity. The controller of the `did` can prove that it is the real owner of the identity without the need to seek permissions/approvals from any centralized authority. +A Decentralized Identifier (DID) is associated with an identity and enables verifiable, self-sovereign identities. A `did` could be a person, thing, organization, or even an abstract entity. The controller of the `did` can prove that it is the real owner of the identity without the need to seek permissions/approvals from any centralized authority. ::: @@ -80,7 +82,7 @@ Click here for the API Reference. @@ -269,7 +269,7 @@ Click here for the API Reference. -## Generate Zero-knowledge Proof using generateProof() method +## Zero-Knowledge Proof Generation + +### generateProof() Method This method generates the zero-knowledge proof for the given ZKP request, identity, and credential. @@ -52,23 +64,35 @@ generateProof( ): Promise ``` -where `proofReq` is the ZKP request for the proof generation. -`identifier` is the DID of the user's wallet for which the proof is requested. -`opts` are the options selected for the proof generation. These are some of the possible options: +**Parameters:** +- `proofReq`: The zero-knowledge proof request specifying verification requirements +- `identifier`: The DID of the user's wallet for which the proof is generated +- `opts`: Optional configuration parameters for proof generation. + +**Proof Generation Options:** ```typescript interface ProofGenerationOptions { - skipRevocation: boolean; - challenge?: bigint; - credential?: W3CCredential; + skipRevocation: boolean; // Skip revocation status checks + challenge?: bigint; // Custom challenge for proof uniqueness + credential?: W3CCredential; // Specific credential to use for proof } ``` -The method returns a Zero-knowledge Proof along with the credential used for proof generation. +**Returns:** +- `Promise`: Contains the generated zero-knowledge proof and associated credential metadata + +**Process Flow:** +1. Validates the proof request against available credentials +2. Applies optional configurations (revocation checks, challenges, specific credentials) +3. Generates cryptographic proof using the specified circuit +4. Returns proof response with necessary verification data Click here for the API Reference. -## Generate Authentication Inputs using GenerateAuthV2Inputs() Method +## Authentication Input Generation + +### generateAuthV2Inputs() Method This method generates authentication inputs for a given circuit, DID, profile nonce, and a payload (such as the hash of a token). It is used as a protocol in the package manager of a JWZ token. These inputs are used to generate a Zero-knowledge Proof for an authentication circuit. @@ -80,15 +104,25 @@ generateAuthV2Inputs( ): Promise; ``` -where `hash` is the payload token that the JS SDK signs. -`did` is the DID of the Identity that generates the proof. -`circuitId` is the ID of the circuit used for authentication. +**Parameters:** +- `hash`: The payload hash that the SDK will cryptographically sign +- `did`: The DID of the identity generating the authentication proof +- `circuitId`: The identifier of the authentication circuit to be used -This method returns an array of inputs for the authentication circuit. +**Returns:** +- `Promise`: Serialized array of inputs formatted for the authentication circuit + +:::note + +Public signals contain the identity state information that needs verification against the blockchain or other trusted state repositories. This method ensures that the state presented in the proof matches the current or valid historical state of the identity. + +::: Click here for the API Reference. -## Verify State using verifyState() Method +## State Verification + +### verifyState() Method This method is the state verification function that uses circuit ID and public signals to verify the state. These public signals are part of the Zero-knowledge Proof and contain an Identity State. To verify this state, you need to call this function. @@ -96,14 +130,18 @@ This method is the state verification function that uses circuit ID and public s verifyState(circuitId: string, pubSignals: Array): Promise; ``` -where `circuitId` is the ID of the circuit used for authentication. -`pubSignals` are the public signals created during the proof generation process. +**Parameters:** +- `circuitId`: The identifier of the circuit used for state verification +- `pubSignals`: Public signals extracted from the zero-knowledge proof containing the identity state -This method returns the state of verification in the boolean format. +**Returns:** +- `Promise`: Verification result indicating state validity Click here for the API Reference. -## Generate State Transition Proof using transitState() Method +## State Transition Management + +### transitState() Method This method generates a state transition proof and publishes the identity's state to the blockchain. The state transition is always performed on the latest state of the identity. @@ -117,16 +155,22 @@ transitState( ): Promise; ``` -where `did` is the DID of the Identity for which the state transition is to be performed. -`oldTreeState` is the previous state of the identity. -`isOldStateGenesis` determines if the state transition has been done from the Genesis state of the identity or not. -`stateStorage` defines the storage of the identity states. Currently, only Ethereum-based storage is supported. -`ethSigner` is the signer for transactions. +**Parameters:** +- `did`: The DID of the identity undergoing state transition +- `oldTreeState`: The previous state of the identity's Merkle tree +- `isOldStateGenesis`: Boolean indicating whether transitioning from the genesis (initial) state +- `stateStorage`: Storage interface for identity states (currently supports Ethereum-based storage) +- `ethSigner`: Ethereum wallet signer for executing the state transition transaction + +**Returns:** +- `Promise`: Transaction hash of the successful state transition -The method returns the transaction hash. For a state transition to happen, a transaction needs to be done from an Ethereum Wallet. +Click here for the API Reference. -To know more about circuits, read [here](https://docs.iden3.io/protocol/main-circuits/). +## Additional Resources -To know more about state transition, read [here](https://docs.iden3.io/getting-started/state-transition/state-transition/). +**Circuit Information:** +For detailed information about the cryptographic circuits used in proof generation, refer to the [Iden3 Main Circuits Documentation](https://docs.iden3.io/protocol/main-circuits/). -Click here for the API Reference. +**State Transition Details:** +For comprehensive understanding of state transition mechanics, see the [State Transition Guide](https://docs.iden3.io/getting-started/state-transition/state-transition/). diff --git a/docs/js-sdk/js-sdk-dymanic-did.md b/docs/js-sdk/js-sdk-dymanic-did.md index dbcb5946..2bd29223 100644 --- a/docs/js-sdk/js-sdk-dymanic-did.md +++ b/docs/js-sdk/js-sdk-dymanic-did.md @@ -5,7 +5,7 @@ sidebar_label: Support of custom networks and dids description: Ecosystem extension. keywords: - did - - polygon id + - privado id - ID holder - network - custom diff --git a/docs/js-sdk/js-sdk-example.md b/docs/js-sdk/js-sdk-example.md index f9bfe924..25cb249a 100644 --- a/docs/js-sdk/js-sdk-example.md +++ b/docs/js-sdk/js-sdk-example.md @@ -2,10 +2,10 @@ id: js-sdk-example title: JS SDK Example sidebar_label: Example -description: Steps to run different modules of the Polygon ID JS SDK with exampling code. +description: Steps to run different modules of the Privado ID JS SDK with exampling code. keywords: - docs - - polygon id + - privado id - holder - issuer - verifier @@ -15,49 +15,68 @@ keywords: - proof --- -# JS SDK Example +# Privado ID JS SDK Example -This tutorial shows the steps to run different modules of the Polygon ID JS SDK with exampling code. After the steps for each module, you will find a sample output which is generated when these modules are run. +This comprehensive tutorial demonstrates how to implement different modules of the Privado ID JS SDK through practical examples. Each section includes detailed setup instructions, complete code samples, and expected outputs to help you understand the full credential lifecycle. -## Steps to Run Example Code +## Prerequisites -We have created a [JS SDK Example repository](https://github.com/0xPolygonID/js-sdk-examples) that you can download and run. Follow these steps: +- Node.js and npm installed on your system +- Basic understanding of TypeScript/JavaScript +- Access to Polygon Amoy testnet +- Wallet with MATIC balance for testnet transactions -1. Download the latest circuits from the following curl command: +## Initial Setup to Run Example Code - ```bash - curl https://iden3-circuits-bucket.s3.eu-west-1.amazonaws.com/latest.zip --output latest.zip - ``` +We provide a complete [JS SDK Example repository](https://github.com/0xPolygonID/js-sdk-examples) that you can download and run. Follow these steps: - where s3 is a bucket that has been created for storing the circuits' data in one of the Amazon Simple Storage Service (Amazon S3) for specific regions across the globe. +### 1. Download Required Circuits - The `latest.zip` folder is accessed from the s3 bucket and is the output to the local `latest.zip` file. +Download the latest zero-knowledge proof circuits using the following command: - Unzip the `latest.zip` folder downloaded above to the `circuits` folder in the repository: +```bash +curl https://iden3-circuits-bucket.s3.eu-west-1.amazonaws.com/latest.zip --output latest.zip +``` - ```bash - unzip latest.zip -d circuits - ``` +**Note:** The circuits are stored in an Amazon S3 bucket optimized for global distribution. These circuits are essential for generating and verifying zero-knowledge proofs. -2. To run the scripts, set the values for the following variables: +Extract the downloaded circuits to the appropriate directory: - ```bash - export WALLET_KEY="...key in hex format with matic balance" - export RPC_URL="...url to polygon amoy network rpc node" - export RHS_URL="..reverse hash service url" - export CONTRACT_ADDRESS="..state v2 contract address in the amoy network" - export CIRCUITS_PATH="..path to the circuits folder" - ``` +```bash +unzip latest.zip -d circuits +``` -3. Run the **_npm_** command. For this, Node.js (which contains the npm package) must be installed on your system. +### 2. Configure Environment Variables - ```bash - npm run start - ``` +Set up the required environment variables for your development environment: + +```bash +export WALLET_KEY="your_private_key_in_hex_format_with_matic_balance" +export RPC_URL="https://rpc-amoy.polygon.technology" +export RHS_URL="https://rhs-staging.polygonid.me" +export CONTRACT_ADDRESS="state_v2_contract_address_on_amoy_network" +export CIRCUITS_PATH="./circuits" +``` + +**Security Note:** Never commit private keys to version control. Use environment files or secure key management systems in production. + +### 3. Install Dependencies and Run -### Identity Creation +Install the required npm packages and start the example: -1. Initialize `DataStorage`: To initialize `DataStorage`, we need a new `CredentialStorage`, which could be as simple as a Memory Data Storage (`InMemoryDataSource`). Using Memory Data Storage for new credential storage is not recommended for the production environment. Instead, we could use Browser Data Storage or any other data storage. +```bash +npm install +npm run start +``` + + +## Module 1: Identity Creation + +Identity creation is the foundation of the Privado ID system. Each identity is represented by a Decentralized Identifier (DID) and associated cryptographic materials. + +### Step 1: Initialize `DataStorage` + +To initialize `DataStorage`, we need a new `CredentialStorage`, which could be as simple as a Memory Data Storage (`InMemoryDataSource`). Using Memory Data Storage for new credential storage is not recommended for the production environment. Instead, we could use Browser Data Storage or any other data storage. ```typescript const dataStorage = { @@ -81,7 +100,9 @@ The `CredentialStorage` accepts the interface of the Data Storage; it does not r `mt` stores Merkle Trees. `states` stores Ethereum states of identities. -2. Initialize `CredentialWallet` and `IdentityWallet`: To initialize Identity Wallet, we need `dataStorage`, and `kms` (Key Management System). +### Step 2: Initialize Wallets and Key Management + +To initialize Identity Wallet, we need `dataStorage`, and `kms` (Key Management System). ```typescript const memoryKeyStore = new InMemoryPrivateKeyStore(); @@ -101,7 +122,9 @@ The `CredentialStorage` accepts the interface of the Data Storage; it does not r For `kms`, we need to define a `provider` that works with keys. For example, we can provide a Baby Jubjub Provider (`BJJProvider`), an Ethereum Key Provider, or a Register Key Provider(`registerKeyProvider`), to name a few. For each Provider, we need to pass the storage: `AbstractPrivateKeyStore`. This storage allows you to create customized encrypted storage. For demo purposes, we have used `memoryKeyStore`. So in a nutshell, we create storage(`memoryKeyStore`), pass it to the Provider(`BJJProvider`), and register this Provider in the Key Management System(`registerKeyProvider`). -3. After initialization is complete, to create identity, we need to pass some options, which are accepted by the `IdentityCreationOptions` interface. The options are as follows: +### Step 3: Create Identity + +After initialization is complete, to create identity, we need to pass some options, which are accepted by the `IdentityCreationOptions` interface. The options are as follows: ```typescript export interface IdentityCreationOptions { @@ -142,9 +165,11 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt ::: -### Issue Credential +## Module 2: Credential Issuance -1. #### Initialize all storage types +Credential issuance involves creating verifiable credentials that can be cryptographically proven without revealing the underlying data. + +### Step 1: Initialize Storage and Wallets ```typescript const dataStorage = { @@ -177,7 +202,7 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt const wallet = new IdentityWallet(kms, dataStorage, credWallet); ``` -2. #### Create Issuer's Identity +### Step 2: Create Issuer Identity ```typescript const seedPhraseIssuer: Uint8Array = byteEncoder.encode("seedseedseedseedseedseedseedseed"); @@ -193,7 +218,7 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt }); ``` -3. #### Create User's Identity +### Step 3: Create User Identity ```typescript const seedPhraseUser: Uint8Array = byteEncoder.encode("userseedseedseedseedseedseeduser"); @@ -209,7 +234,7 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt }); ``` -4. #### Create Credential Request (`credentialRequest`) and Issue Credential (`issueCredential`): +### Step 4: Create Credential Request (`credentialRequest`) and Issue Credential (`issueCredential`): ```typescript const claimReq: CredentialRequest = { @@ -230,7 +255,7 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt const issuerCred = await wallet.issueCredential(issuerDID, claimReq); ``` -#### Output of Run Command +### Expected Output ```json { @@ -290,7 +315,7 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt
-### Generate Proof +## Module 3: Zero-Knowledge Proof Generation 1. [Initialize all storages](#initialize-all-storage-types) including `dataStorage`, `identityWallet`, `credentialWallet`, `circuitStorage`, and `stateStorage`. @@ -518,7 +543,7 @@ If we do not use `rhsUrl` within createIdentity() method, we get a `credentialSt } ``` -### Verify Proof +## Module 4: Proof Verification 1. Once the proof is generated, the Verifier can verify the proof (Signature or MTP). diff --git a/docs/js-sdk/js-sdk-overview.md b/docs/js-sdk/js-sdk-overview.md index f2c2d0f7..e429ee9c 100644 --- a/docs/js-sdk/js-sdk-overview.md +++ b/docs/js-sdk/js-sdk-overview.md @@ -5,7 +5,7 @@ sidebar_label: Overview description: An overview of the JS SDK components and capabilities. keywords: - docs - - polygon id + - privado id - holder - issuer - verifier @@ -13,11 +13,14 @@ keywords: - js sdk --- -Based on the Iden3 core protocol libraries, the Polygon ID JS SDK is used for interacting with REST APIs and developing browser-based applications. +## Overview +The PrivadoID JS SDK is built upon the foundational Iden3 core protocol libraries, providing developers with comprehensive tools for creating browser-based applications and interacting with REST APIs in the decentralized identity ecosystem. -The Polygon ID JS SDK allows developers to create applications like mobile or web wallets, browser extensions, and issuer nodes. Using this SDK, developers can start creating and issuing verifiable credentials, and generating zero knowledge proofs based on our [Iden3 protocol](https://docs.iden3.io/). Individuals and organizations can use this SDK for their existing applications. -:::note +## Introducation +The Privado ID JS SDK allows developers to create applications like mobile or web wallets, browser extensions, and issuer nodes. Using this SDK, developers can start creating and issuing verifiable credentials, and generating zero knowledge proofs based on our [Iden3 protocol](https://docs.iden3.io/). Individuals and organizations can use this SDK for their existing applications. + +:::note **Extensibility and Customization** With JS SDK, you can build custom applications/modules by providing your own implementation of our core interfaces. The functionalities that we provide in these tutorials can be extended as per your requirements. For example, JS SDK does not provide a codebase for database storage but you can implement that by extending the SDK's functionalities. @@ -25,29 +28,31 @@ With JS SDK, you can build custom applications/modules by providing your own imp ## Why JS SDK? -The Polygon ID JS SDK has been developed to provide the following functionalities for a user's browser-based wallet: +The Privado ID JS SDK has been developed to provide the following functionalities for a user's browser-based wallet: -- Create and manage Identity wallet -- Issue and manage credentials -- Generate zero-knowledge proofs after credential issuance -- Publish the updated state of the Issuer once a credential is added to the claims Merkle tree -- Handle authorization requests +### Core Capabilities +- **Identity Management**: Create and manage decentralized identity wallets +- **Credential Operations**: Issue, store, and manage verifiable credentials +- **Zero-Knowledge Proofs**: Generate privacy-preserving proofs following credential issuance +- **State Management**: Publish updated issuer states when credentials are added to claims Merkle trees +- **Protocol Communication**: Handle authorization requests and protocol messages ## Components of JS SDK -The following components form the inherent part of the JS SDK. In the upcoming tutorials, we shall read more about the implementation of these components in JS SDK. To know what each of these components stands for, go through their links: +The following components form the inherent part of the JS SDK. In the upcoming tutorials, we shall read more about the implementation of these components in JS SDK. To know what each of these components stands for, please visit: -- [Identity Wallet](/docs/category/identity) +- **[Identity Wallet](/docs/js-sdk/js-sdk-components/identity-wallet.md)**: Manages decentralized identities and cryptographic key operations +- **[Credential Wallet](/docs/js-sdk/js-sdk-components/credential-wallet.md)**: Handles verifiable credential storage, management, and operations +- **[Iden3comm](/docs/js-sdk/js-sdk-components/iden3comm.md)**: Implements protocol message handling and communication +- **[Proof](/docs/js-sdk/js-sdk-components/proof.md)**: Manages zero-knowledge proof generation and verification -- [Credential Wallet](/docs/category/credential) +Each component is designed with specific responsibilities while maintaining seamless integration with other SDK components. -- [Iden3comm](/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/overview.md) +## System Requirements -- [Proof](/docs/wallet/wallet-sdk/polygonid-sdk/proof/overview.md) +### Prerequisites -## Prerequisites - -- Node.js must be installed on your system. Version 16.14 or above is required for Polygon ID JS SDK. +- Node.js must be installed on your system. Version 16.14 or above is required for Privado ID JS SDK. :::note @@ -57,7 +62,7 @@ While installing Node.js, make sure that you select all the checkboxes related t - A browser where you can install and manage your browser wallet. -## Dependencies +### Dependencies You can install project dependencies using either one of the following ways: @@ -92,7 +97,7 @@ npm install @0xpolygonid/js-sdk ## Core Libraries -JS SDK is a fully-functional wrapper on top of our Iden3 core libraries. The following set of core Iden3 libraries has been used to implement Polygon ID JS SDK: +JS SDK is a fully-functional wrapper on top of our Iden3 core libraries. The following set of core Iden3 libraries has been used to implement Privado ID JS SDK: - Iden3 JS Crypto: Implementation of the Elliptic Curve for Baby Jubjub Key, Poseidon hash and other cryptographic elements. @@ -115,13 +120,18 @@ Follow the links below to learn more about W3C standards for DID (Decentralised ## What Can Be Built Upon JS SDK? -On the Polygon ID JS SDK, you can build the following functionalities: +On the Privado ID JS SDK, you can build the following functionalities: - An Issuer on a Merkle Tree - A Verifier that can verify zero-knowledge proofs generated by a user's identity wallet - An Identity Wallet based on the Iden3 core protocol - The JS SDK also provides a revocation feature for credentials and proof generation -
- +### Use Cases +- Digital identity wallets for individuals +- Enterprise credential management systems +- Educational credential verification platforms +- Healthcare record management applications +- Supply chain verification systems +The SDK's modular architecture and extensive API surface enable developers to create both simple proof-of-concept applications and production-ready identity management systems. \ No newline at end of file diff --git a/docs/mumbai-to-amoy-migration.md b/docs/mumbai-to-amoy-migration.md index f6040ffe..589d64cc 100644 --- a/docs/mumbai-to-amoy-migration.md +++ b/docs/mumbai-to-amoy-migration.md @@ -21,7 +21,7 @@ To migrate to the Amoy testnet, developers must set up a new Issuer node configu 1. Setting up a new Issuer node using the latest configuration guidelines. - To set up a new issuer node, please refer to [this installation guide](https://github.com/0xPolygonID/issuer-node/tree/develop). It includes the latest configuration for the Amoy testnet. - - An Issuer will need to create a new identity for Amoy, through the core API specifying the proper "network": "amoy". If you do it with the make generate-issuer-did command, then the program will ge the variables from the .env files that must be properly filled. (.env-samples are available at [Issuer Node GitHub repository](https://github.com/0xPolygonID/issuer-node/tree/main)). + - An Issuer will need to create a new identity for Amoy, through the core API specifying the proper "network": "amoy". If you do it with the make generate-issuer-did command, then the program will get the variables from the .env files that must be properly filled. (.env-samples are available at [Issuer Node GitHub repository](https://github.com/0xPolygonID/issuer-node/tree/main)). - Here you can find more details about issuer configuration ([advanced Issuer Node configuration](https://devs.polygonid.com/docs/issuer/issuer-configuration)). 2. Deprecating and shutting down existing Issuer nodes configured for the Mumbai testnet. diff --git a/docs/wallet/push-notification.md b/docs/wallet/push-notification.md index 59ba6a11..e61625de 100644 --- a/docs/wallet/push-notification.md +++ b/docs/wallet/push-notification.md @@ -5,33 +5,39 @@ sidebar_label: Push Notifications description: Implement push notifications on your app. keywords: - docs - - polygon id + - privado id - wallet - push notification --- import useBaseUrl from '@docusaurus/useBaseUrl'; -## Guide +# Push Notifications Implementation Guide -Currently, to be able to implement a notification flow for a certain app, this app must be registered in the push gateway config. This can result in a centralization point for developers who want to use such feature and some expenses and efforts on support of the current gateway. +Push notifications in the Privado ID ecosystem enable real-time communication between verifiers and wallet applications while maintaining privacy and security standards. This guide provides comprehensive instructions for implementing secure push notification functionality in your applications. -For the Polygon ID wallet, this push service is used: [https://push-staging.polygonid.com/api/v1](https://push-staging.polygonid.com/api/v1). +## Overview + +Currently, to be able to implement a notification flow for a certain app, the app must be registered in the push gateway config. This can result in a centralization point for developers who want to use such feature and some expenses and efforts on support of the current gateway. + +For the Privado ID wallet, this push service is used: [https://push-staging.polygonid.com/api/v1](https://push-staging.polygonid.com/api/v1). Current notification flow: ![push](/img/wallet/push.png) -1. User creates a device push token. After scanning the authorization request, the user must prepare an authorization response according to the current rules, but with an addition: the inclusion of the DID document. This - DID document contains the user DID and service to send push notifications. The user encrypts the device push token with the Push Gateway public encryption key and embeds it onto the DID document. -2. Verifier sends a message to Push Gateway with information from the user DID document. -3. Push Gateway decrypts push token, stores messages, and sends the push notification to the wallet. -4. The wallet gets the message with the message ID and PPG URL. The application fetches notifications from the service, handles protocol messages and asks the user if he wants to perform a needed action, e.g. fetch credential. +1. The user creates a device push token and prepares an authorization response that includes a DID document containing the user's DID and push notification service information. The device push token is encrypted using the Push Gateway's public encryption key and embedded in the DID document. + +2. The verifier sends a message to the PG using information extracted from the user's DID document, including the encrypted device token and service endpoint. + +3. The PG decrypts the push token, stores the message securely, and sends the push notification to the registered wallet application. + +4. The wallet receives the notification containing a message ID and PG URL, fetches the complete message from the service, processes the protocol message, and prompts the user for appropriate action (e.g., credential retrieval). **Glossary:** -- _wallet_ - mobile application published by Polygon. -- _verifier_ - backend for Polygon Verify application that verifies user documents. +- _wallet_ - mobile application published by Privado. +- _verifier_ - backend for Privado Verify application that verifies user documents. - _Push Gateway (PG)_ - service to deliver push notifications to the wallet app. - _Push notification_ - notification that contains a link to protocol message or protocol message itself that is delivered through the notification provider. @@ -104,7 +110,7 @@ You can add information about keys / authentication info optionally. Follow [thi ## How to send a push from verifier -1. Parse a dDIDd document from the authorization response +1. Parse a DID document from the authorization response 2. Proxy device info to push service using serviceEndpoint using the following format 1. Message is the protocol message that is meant to be delivered to users @@ -112,7 +118,7 @@ You can add information about keys / authentication info optionally. Follow [thi ```json { - "message": "JSON stringlied message", + "message": "JSON stringified message", "metadata": { "devices": [ { @@ -123,3 +129,8 @@ You can add information about keys / authentication info optionally. Follow [thi } } ``` + + +## Conclusion + +Implementing push notifications in the Privado ID ecosystem requires careful attention to security, privacy, and performance. By following this guide, you can create a robust notification system that maintains the principles of self-sovereign identity while providing excellent user experience. diff --git a/docs/wallet/universal-links.md b/docs/wallet/universal-links.md index 6e78db38..1738a276 100644 --- a/docs/wallet/universal-links.md +++ b/docs/wallet/universal-links.md @@ -2,28 +2,33 @@ id: universal-links title: Universal Links sidebar_label: Universal Links -description: Tutorial on how to configure universal links. +description: Comprehensive guide for implementing universal links with Privado ID wallets across web and mobile platforms. keywords: - docs - - polygon id + - privado id - ID holder - issuer - verifier - auth + - verification + - credentials --- import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; import useBaseUrl from '@docusaurus/useBaseUrl'; -[Universal Links](https://developer.apple.com/ios/universal-links/) are a convenient way to create a single URL that works across all platforms. This URL can open content within an app on a mobile device or within a web browser, ensuring a seamless user experience. +# Universal Links Implementation Guide -In context with our protocol, a single URL can be configured to work with Web Wallet in case of a browser and Privado ID mobile app in case of a mobile phone. +[Universal Links](https://developer.apple.com/ios/universal-links/) provide a seamless way to create cross-platform URLs that intelligently route users to the appropriate application or web interface. In the Privado ID ecosystem, universal links enable a single URL to open the Web Wallet in browsers and the Privado ID mobile app on mobile devices, ensuring optimal user experience across all platforms. -## Advantages -- **Supports Any Protocol Message**: Enables communication between the web wallet or mobile app, regardless of the type of protocol message being sent. The protocol message for instance can be a [Verification Request](https://iden3-communication.io/authorization/1.0/request/) or a [Credential Offer](https://iden3-communication.io/credentials/1.0/offer/) -- **More Flexible than Deep Links**: Universal Links offer greater flexibility in their usage and compatibility across platforms. -- **Single Format for Multiple Platforms**: Provides a single URL format that works both on mobile apps and web wallets. +## Overview + +Universal links in Privado ID create a unified entry point for credential and verification operations. When a user clicks a universal link: + +- **On Desktop/Web**: Opens the Privado ID Web Wallet in the browser +- **On Mobile**: Opens the Privado ID mobile app (if installed) or falls back to the web wallet +- **Cross-Platform**: Maintains consistent functionality regardless of the platform @@ -35,23 +40,88 @@ https://wallet.privado.id/ -## Configuration +## Advantages + +- **Supports Any Protocol Message**: Enables communication between the web wallet or mobile app, regardless of the type of protocol message being sent. The protocol message for instance can be a [Verification Request](https://iden3-communication.io/authorization/1.0/request/) or a [Credential Offer](https://iden3-communication.io/credentials/1.0/offer/) +- **More Flexible than Deep Links**: Universal Links offer greater flexibility in their usage and compatibility across platforms. +- **Single Format for Multiple Platforms**: Provides a single URL format that works both on mobile apps and web wallets. + +## URL Structure and Configuration + +### Basic URL Format The fragment of the URL (specs after `#`) should consist of a protocol message (i_m or request_uri) and in case of Web Wallet some optional parameters like back_url and finish_url. -:::note -The `i_m` request must be Base64 encoded while `request_uri`, `back_url` and `finish_url` must be URI encoded before adding them to the fragment of the URL. -URI encoding ensures that special characters such as ?, =, /, and & are converted to their percent-encoded equivalents, preventing conflicts with the URL's query parameters. URLs should always use percent-encoded rather than unicode escape sequences for special characters. -::: +### Core Parameters + +#### Protocol Message Parameters + + + + +**Parameter**: `i_m` +**Format**: Base64-encoded protocol message +**Use Case**: Direct message embedding for smaller payloads + +``` +i_m={base64_encoded_message} +``` + + + + +**Parameter**: `request_uri` +**Format**: URI-encoded URL pointing to the message +**Use Case**: Reference to externally hosted messages for larger payloads + +``` +request_uri={uri_encoded_url} +``` + + + + +#### Web Wallet Navigation Parameters + + + + +**Parameter**: `back_url` +**Format**: URI-encoded URL +**Purpose**: Defines where users are redirected when clicking the 'Back' button + +``` +back_url={uri_encoded_return_url} +``` + + + + +**Parameter**: `finish_url` +**Format**: URI-encoded URL +**Purpose**: Defines where users are redirected after successful completion -Standard query string delimiters (=, &, )should be used for the params. +``` +finish_url={uri_encoded_completion_url} +``` -`i_m`: Base64-encoded protocol message (used for **short messages**) + + + +### Parameter Priority and Validation + +:::note Message Parameter Priority +When both `i_m` and `request_uri` are present, `i_m` takes priority and `request_uri` is ignored. This ensures predictable behavior and prevents conflicts. +::: -`request_uri`: A URI-encoded shortened URL to the message. (used for **long messages**) +:::caution Encoding Requirements +- **`i_m`**: Must be Base64 encoded to handle binary data and special characters +- **`request_uri`**, **`back_url`**, **`finish_url`**: Must be URI encoded to prevent URL parsing conflicts +- **Query String Format**: Use standard delimiters (`=`, `&`) for parameter separation +::: :::note -If both params are present `i_m` is prioritized and `request_uri` is ignored. +URI encoding ensures that special characters such as ?, =, /, and & are converted to their percent-encoded equivalents, preventing conflicts with the URL's query parameters. URLs should always use percent-encoded rather than unicode escape sequences for special characters. ::: **Shortened URL algorithm:** @@ -213,18 +283,18 @@ app.listen(3000, () => { #### Valid Links Formats: ``` -https://wallet.privado.id#i_m={base64 encoded message}=&back_url={url}&finish_url={url}` // mobile and web wallet friendly for short messages +https://wallet.privado.id#i_m={base64_encoded_message}=&back_url={url}&finish_url={url}` // mobile and web wallet friendly for short messages ``` ``` -https://wallet.privado.id#request_uri={shortenedUrl to message}=&back_url={url}&finish_url={url}` // mobile and web wallet friendly for big messages +https://wallet.privado.id#request_uri={shortenedUrl_to_message}=&back_url={url}&finish_url={url}` // mobile and web wallet friendly for big messages ``` -:::caution - -For privacy reasons, all the parameters must be placed in the fragment part of the URL, i.e after the initial #. This ensures that all parameters stay on the client and are not sent to the server. - -For security reasons, integration of this tool via IFrame is not supported. Redirecting users is the recommended method for accessing our Web Wallet to ensure secure interaction. +:::caution Privacy Protection +All parameters must be placed in the URL fragment (after `#`) to ensure they remain client-side and are not transmitted to servers during navigation. This prevents sensitive protocol data from being logged or intercepted by intermediate services. +::: +:::caution IFrame Restrictions +For security reasons, integration via IFrame is not supported. Direct navigation or new window opening is the recommended method for accessing the Web Wallet to ensure secure interaction and prevent clickjacking attacks. ::: ## Example @@ -271,7 +341,7 @@ const base64EncodedRequest = btoa(JSON.stringify(request)); // Configure the Wallet URL (universal link) -walletUrlWithMessage = `https://wallet.privado.id/#i_m=${base64EncodedRequest}&back_url=${backUrl}&finish_url=${finishUrl}`; +const walletUrlWithMessage = `https://wallet.privado.id/#i_m=${base64EncodedRequest}&back_url=${backUrl}&finish_url=${finishUrl}`; // Open the Wallet URL to start the verification process window.open(walletUrlWithMessage); @@ -287,7 +357,7 @@ Note const requestUrl = encodeURIComponent("https://raw.githubusercontent.com/0xpulkit/Examples_Privado-ID/main/KYCV3.json"); // Configure the Wallet URL (universal link) using `request_uri` instead of `i_m` -walletUrlWithRequestUri = `https://wallet.privado.id/#request_uri=${requestUrl}&back_url=${backUrl}&finish_url=${finishUrl}`); +const walletUrlWithRequestUri = `https://wallet.privado.id/#request_uri=${requestUrl}&back_url=${backUrl}&finish_url=${finishUrl}`); // Open the Wallet URL with the `request_uri` window.open(walletUrlWithRequestUri); @@ -297,6 +367,8 @@ window.open(walletUrlWithRequestUri); ``` - The Verifier can present this Universal Link as a button within the application, allowing the user to open the Web Wallet in a browser or the Privado ID App on a mobile device, where the wallet will retrieve the verification request and user can take further action. +## Conclusion + +Universal links provide a powerful and flexible way to integrate Privado ID wallet functionality across platforms. By following the patterns outlined in this guide, you can create seamless user experiences that work reliably across web and mobile environments while maintaining the highest standards of security and privacy. \ No newline at end of file diff --git a/docs/wallet/wallet-app/features.md b/docs/wallet/wallet-app/features.md index 7d4485bd..63e6bc02 100644 --- a/docs/wallet/wallet-app/features.md +++ b/docs/wallet/wallet-app/features.md @@ -15,17 +15,25 @@ keywords: import useBaseUrl from '@docusaurus/useBaseUrl'; +# Privado ID Wallet Features -The Privado ID Wallet App supports the following features: +The Privado ID Wallet App provides comprehensive identity management capabilities with the following core features: -- Privacy by design and Self-sovereignty: The user is in full control of his/her identity data and exchanges credentials with other identities without the need for an intermediary or centralized authority. -- Seamless Authentication and Credential Management: This App enables users to authenticate via their Ethereum wallets, and automatically creates a derived identity wallet. Users can easily fetch, store, and manage their credentials. Credentials undergo encryption using keys and are securely stored in end-to-end encrypted cloud storage*, facilitating effortless access across multiple devices while streamlining processes. +## Core Features - Additionally, users can also create local accounts. In this case, the app generates an Ethereum wallet in the background and creates a derived identity wallet. This option is ideal for users who prefer to store credentials locally without using cloud storage or for those who do not have a wallets such as Metamask on their phone. +### Privacy-First Design and Self-Sovereignty +Users maintain complete control over their identity data and credential exchanges. The system operates without intermediaries or centralized authorities, ensuring true self-sovereign identity management. +### Seamless Authentication and Credential Management +The application offers two authentication methods: -:::info -\*The Cloud Storage serves as a secure repository for encrypted credentials, offering users the convenience of multi-device access to credentials and serving as a reliable backup solution. When a user signs the message using their Ethereum private key, an identity is derived and storage keys are generated. The digital signature scheme employed is ed25519. All the documents stored in the storage are end-to-end encrypted using AES256-GCM, guaranteeing that only the user with the storage keys can access his credentials, reinforcing the security of the stored information. +**Ethereum Wallet Integration**: This App enables users to authenticate via their Ethereum wallets, and automatically creates a derived identity wallet. Users can easily fetch, store, and manage their credentials. Credentials undergo encryption using keys and are securely stored in end-to-end encrypted cloud storage*, facilitating effortless access across multiple devices while streamlining processes. + +**Local Account Creation**: Additionally, users can also create local accounts. In this case, the app generates an Ethereum wallet in the background and creates a derived identity wallet. This option is ideal for users who prefer to store credentials locally without using cloud storage or for those who do not have a wallets such as Metamask on their phone. + + +:::info Cloud Storage Security +The cloud storage system serves as a secure repository for encrypted credentials, providing multi-device access and reliable backup capabilities. When users sign messages using their Ethereum private key, the system derives an identity and generates storage keys using the ed25519 digital signature scheme. All the documents stored in the storage are end-to-end encrypted using AES256-GCM, guaranteeing that only the user with the storage keys can access his credentials, reinforcing the security of the stored information. :::
@@ -33,24 +41,37 @@ The Privado ID Wallet App supports the following features:


-:::note -To sync the identity and its associated credentials between the Privado ID Web Wallet and the Privado ID Wallet App, the user must log in with the same crypto wallet account in both platforms. +:::note Synchronization Requirements +To synchronize identity and associated credentials between the Privado ID Web Wallet and the Privado ID Wallet App, users must authenticate with the same crypto wallet account on both platforms. ::: -- Zero-Knowledge Proofs Generation: The app enables users to generate cost-optimized zero-knowledge proofs (ZKPs) for the purpose of credential verification, ensuring privacy-preserving authentication. +### Zero-Knowledge Proof Generation +The application enables users to generate cost-optimized zero-knowledge proofs (ZKPs) for credential verification, ensuring privacy-preserving authentication while maintaining cryptographic integrity. -- Communication with Issuer and Verifier: The app facilitates seamless communication between users, credential issuers, and verifiers, allowing for secure and smooth credential exchanges. +### Multi-Party Communication +The app facilitates secure communication between three key parties: +- **Users**: Identity holders managing their credentials +- **Issuers**: Entities that create and distribute credentials +- **Verifiers**: Organizations that validate presented credentials -- Identity recovery using private key: In case of local accounts, the App includes an identity recovery feature using private key. Users can securely recover their identity and credentials even if they lose access to their original device. +This tri-party communication ensures secure and efficient credential exchange workflows. + +### Identity Recovery System +For local accounts, the application includes a robust identity recovery mechanism using private keys. Users can securely restore their identity and credentials even after losing access to their original device, ensuring continuity of their digital identity. + +### Credential Marketplace +The integrated marketplace allows users to proactively claim credentials before verification requests occur. While users can still receive credential offers directly from issuers during standard workflows, the marketplace provides: +- Convenient advance credential acquisition +- Faster verification processes +- Reduced friction during authentication scenarios -- Credential Marketplace: The app provides a credential marketplace, allowing users to proactively claim certain credentials in advance of verification. While users can still receive credential offers directly from issuers during the normal flow, the marketplace provides a convenient way to obtain select credentials beforehand, making future verifications quicker and smoother.
- Embedded Issuance: The App provides embedded issuance, allowing users to claim their credentials within the verification flow if they haven't done so before. -:::note +:::note Current Credential Limitations Currently, the tool provides Credential Marketplace and Embedded Issuance with limited number of credentials only: - Proof of Identity (refer to the schema [here](https://github.com/anima-protocol/claims-polygonid/blob/main/schemas/json-ld/poi-v1.json-ld)) @@ -60,13 +81,39 @@ Currently, the tool provides Credential Marketplace and Embedded Issuance with l -## How is Privado ID Wallet Different from Other Wallets? +## How Privado ID Wallet Differs from Traditional Crypto Wallets + +While you may be familiar with cryptocurrency wallets such as MetaMask, Trust Wallet, Coinbase Wallet, and Ledger, the Privado ID Wallet serves a fundamentally different purpose. How is Privado ID Wallet different from all these hot and cold storage wallets? Let us see: + +### Functional Differences + +**Traditional Crypto Wallets** (MetaMask, Trust Wallet): +- Primary function: Execute cryptocurrency transactions on-chain +- Interaction method: Communicate with blockchain networks via RPCs (Remote Procedure Calls) +- Storage focus: Cryptographic keys for asset management + +**Privado ID Wallet**: +- Primary function: Create and manage unique digital identities +- Interaction method: Generate zero-knowledge proofs for credential verification +- Storage focus: Identity-linked credentials and verification capabilities + +### Technical Architecture Differences + +**Cryptographic Implementation**: +- **Traditional wallets**: Utilize the `secp256k1` elliptic curve to derive public keys from private keys, ultimately generating Ethereum addresses +- **Privado ID Wallet**: Employs the `Baby Jubjub Elliptic Curve` to generate Privado ID Identifiers, which serve as unique identity markers rather than transaction addresses -You, at some point in time, must have used crypto wallets such as Metamask, Trust Wallet, Coinbase Wallet, Ledger, and so many more. How is Privado ID Wallet different from all these hot and cold storage wallets? Let us see: +**Key Management**: +- **Traditional wallets**: Store cryptographic keys for asset control +- **Privado ID Wallet**: Manages identity-specific keys for credential encryption and zero-knowledge proof generation -- The wallets like Metamask and Trust Wallet are used for sending and receiving crypto transactions on-chain. Privado ID Wallet, on the other hand, is used for creating and storing unique identities for the wallet so that these identities can be used to authenticate with the Issuer and the Verifier. This Identity wallet helps an Integrator fetch and save credentials from Issuers and also present proof of these credentials to the Verifiers. +### Use Case Distinctions -- While the commonly-used crypto wallets let you interact with Ethereum and other blockchain networks using RPCs (Remote Procedure Calls), this is not the case with Privado ID Wallet - it functions solely to store credentials linked to an identity and lets these credentials get verified by creating zero-knowledge proofs. +The Privado ID Wallet enables integrators to: +- Fetch and securely store credentials from authorized issuers +- Generate privacy-preserving proofs for credential verification +- Maintain sovereign control over identity data +- Facilitate trustless interactions between identity holders, issuers, and verifiers -- General wallets store cryptographic keys while the Privado ID Wallet stores users' identities. While both types of wallets are based on private-public key cryptography, the two are different in the sense that in a wallet like MetaMask, the elliptic curve used is `secp256k1`, which is used to convert a private key to a public key and eventually to an Ethereum Address. On the other hand, Privado ID Wallet is based on the `Baby Jubjub Elliptic Curve Key` which generates a Privado ID Identifier, that serves as the identifier for your wallet instead of the Ethereum Wallet Address. +This contrasts with traditional crypto wallets, which focus primarily on asset custody and blockchain transaction execution. diff --git a/docs/wallet/wallet-app/identity-recovery.md b/docs/wallet/wallet-app/identity-recovery.md index 0834a457..7c9e1dba 100644 --- a/docs/wallet/wallet-app/identity-recovery.md +++ b/docs/wallet/wallet-app/identity-recovery.md @@ -41,6 +41,12 @@ The Privado ID Wallet app offers an identity backup and recovery feature using y +:::note Security Reminder +- **Never share your private key** with anyone. +- **Do not store your private key in plaintext** (e.g., notes app, email, or cloud services). +- Consider storing it in a secure, offline password manager or a hardware-based vault. +::: + ### Steps to Import Your Private Key into a Crypto Wallet: 1. Install a crypto wallet such as MetaMask. @@ -100,3 +106,7 @@ Now, if you ever lose access to your device or the Privado ID Wallet app, you ca
+ +:::caution 🧠 **Remember** +Anyone with access to your private key can fully control your identity. Handle it with the same caution as your most sensitive personal information. +::: diff --git a/docs/wallet/wallet-overview.md b/docs/wallet/wallet-overview.md index a0219554..659fb033 100644 --- a/docs/wallet/wallet-overview.md +++ b/docs/wallet/wallet-overview.md @@ -11,11 +11,13 @@ keywords: import useBaseUrl from '@docusaurus/useBaseUrl'; -A digital wallet is an application that can hold and manage users' `Credentials`. Based on the principles of Self-Sovereign Identity (SSI) and cryptography, a wallet helps its Holder share data with others without exposing any other sensitive private information. Only the wallet holder has the right to decide which information to share and what needs to remain private. +# Privado ID Wallet Overview + +A digital wallet in the Privado ID ecosystem is a secure application that cenables users to store, manage, and share `Verifiable Credentials` while maintaining complete control over their personal data. Based on the principles of Self-Sovereign Identity (SSI) and cryptography, a wallet helps its Holder share data with others without exposing any other sensitive private information. Only the wallet holder has the right to decide which information to share and what needs to remain private. Privado ID offers some interesting ways to get started with leveraging a credential-focused wallet: [**the Wallet SDK**](#wallet-sdk), [**the Privado ID Web Wallet**](#web-wallet) and the [**the Privado ID Wallet app**](#privado-id-wallet-app). -:::info +:::info Cross-Platform Synchronization When the Web Wallet and the Privado ID Wallet app are signed in with the same crypto wallet, the credentials are synced, enabling effortless access across multiple devices. ::: diff --git a/docs/wallet/wallet-sdk/polygonid-sdk/credential/save-claims.md b/docs/wallet/wallet-sdk/polygonid-sdk/credential/save-claims.md index 8d4cbf3c..8dfaf8da 100644 --- a/docs/wallet/wallet-sdk/polygonid-sdk/credential/save-claims.md +++ b/docs/wallet/wallet-sdk/polygonid-sdk/credential/save-claims.md @@ -2,7 +2,7 @@ id: save-claims title: Save credentials sidebar_label: Save Credentials -description: Store a list of ClaimEntity associated with an identity in the the Polygon ID Sdk. +description: Store a list of ClaimEntity associated with an identity in the Polygon ID Sdk. keywords: - docs - polygon id @@ -14,7 +14,7 @@ keywords: - credential --- -Store a list of `ClaimEntity` in the the Polygon ID SDK associated to an identity. +Store a list of `ClaimEntity` in the Polygon ID SDK associated to an identity. ```dart Future> saveClaims( diff --git a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/add-did-profile-info.md b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/add-did-profile-info.md index 2306ea37..f9d0453e 100644 --- a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/add-did-profile-info.md +++ b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/add-did-profile-info.md @@ -25,7 +25,7 @@ Future addDidProfileInfo({ }); ``` -`did` is the DID we interactedd with. +`did` is the DID we interacted with. The `privateKey` is the key used to access all the sensitive information from the identity and also to realize operations like generating proofs. diff --git a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info-list.md b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info-list.md index 82d68030..a803f5a9 100644 --- a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info-list.md +++ b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info-list.md @@ -24,7 +24,7 @@ Future>> getDidProfileInfoList({ }); ``` -`did` is the DID we interactedd with. +`did` is the DID we interacted with. The `privateKey` is the key used to access all the sensitive information from the identity and also to realize operations like generating proofs. diff --git a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info.md b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info.md index 94dd9496..7f668d6a 100644 --- a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info.md +++ b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-did-profile-info.md @@ -24,7 +24,7 @@ Future> getDidProfileInfo({ }); ``` -`did` is the DID we interactedd with. +`did` is the DID we interacted with. The `privateKey` is the key used to access all the sensitive information from the identity and also to realize operations like generating proofs. diff --git a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-interactions.md b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-interactions.md index 292b8c15..1ba17db3 100644 --- a/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-interactions.md +++ b/docs/wallet/wallet-sdk/polygonid-sdk/iden3comm/api/get-interactions.md @@ -2,8 +2,7 @@ id: get-interactions title: Get Interactions sidebar_label: Get Interactions -description: "Get a list of `InteractionEntity` associated to the identity previously stored - in the the Polygon ID Sdk." +description: "Get a list of `InteractionEntity` associated to the identity previously stored in the Polygon ID Sdk." keywords: - docs - polygon id @@ -15,7 +14,7 @@ keywords: - Interaction Entity --- -Get a list of `InteractionEntity` associated to the identity previously stored in the the Polygon ID SDK. +Get a list of `InteractionEntity` associated to the identity previously stored in the Polygon ID SDK. ```dart Future> getInteractions({ diff --git a/docs/wallet/web-wallet.md b/docs/wallet/web-wallet.md index b60c32a9..315eed5e 100644 --- a/docs/wallet/web-wallet.md +++ b/docs/wallet/web-wallet.md @@ -4,51 +4,100 @@ title: Privado ID Web Wallet sidebar_label: Privado ID Web Wallet description: The Privado ID Web Wallet is a secure, web-based identity wallet designed for streamlined credential issuance and verification. keywords: + - privado id - web wallet - identity - embedded issuance + - zero-knowledge proofs --- import useBaseUrl from '@docusaurus/useBaseUrl'; import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; -The Web Wallet is a secure, web-based identity wallet designed for streamlined credential issuance and verification. It enables users to manage their identity credentials with ease, offering seamless integration with Ethereum wallets for authentication and encryption. The wallet provides features such as multi-device access, embedded credential issuance, and both on-chain and off-chain verification, making it a powerful tool for managing and verifying digital credentials across platforms. +The Privado ID Web Wallet is a secure, browser-based identity management solution designed to streamline credential issuance and verification processes. It empowers users to manage their digital identity credentials efficiently while providing seamless integration with Ethereum wallets for authentication and encryption. The wallet offers comprehensive features including multi-device synchronization, embedded credential issuance, and support for both on-chain and off-chain verification workflows, making it an essential tool for managing and verifying digital credentials across platforms. + ## Quick Start -The Web Wallet is available in the browser at [https://wallet.privado.id](https://wallet.privado.id). To get started, sign in with your crypto wallet and create an identity. -A great starting point to experience the Web Wallet is by using our demo application available at [https://web-wallet-demo.privado.id](https://web-wallet-demo.privado.id), where you can receive Proof of Liveness and Proof of Uniqueness credentials through the Web Wallet’s embedded issuance and then complete a verification request. +The Web Wallet is accessible through any modern browser at [https://wallet.privado.id](https://wallet.privado.id). To begin using the wallet: + +1. Navigate to the Web Wallet URL +2. Connect your Ethereum-compatible crypto wallet +3. Create your derived identity wallet + +**Try the Demo**: Experience the Web Wallet's capabilities using our interactive demo at [https://web-wallet-demo.privado.id](https://web-wallet-demo.privado.id). The demo allows you to: +- Receive Proof of Liveness and Proof of Uniqueness credentials +- Experience embedded issuance workflows +- Complete verification requests end-to-end ## Features -- **Seamless Authentication and Credential Management**: This tool enables users to authenticate via their Ethereum wallets, and automatically creates a derived identity wallet. Credentials undergo encryption using keys and are securely stored in end-to-end encrypted cloud storage\*, facilitating effortless access across multiple devices while streamlining processes. +### Seamless Authentication and Credential Management -:::info -\*The cloud storage serves as a secure repository for encrypted credentials, offering users the convenience of multi-device access to credentials and serving as a reliable backup solution. When a user signs a message using their Ethereum private key, an identity is derived and storage keys are generated. The digital signature scheme employed is ed25519. All documents stored in the storage are end-to-end encrypted using AES256-GCM, ensuring that only the user with the storage keys can access their credentials, reinforcing the security of the stored information. +The Web Wallet leverages Ethereum wallet integration to provide secure authentication and automated identity wallet derivation. Key security features include: + +- **Derived Identity Creation**: Automatically generates a derived identity wallet upon Ethereum wallet authentication +- **End-to-End Encryption**: Credentials are encrypted using AES256-GCM encryption with user-controlled storage keys +- **Secure Cloud Storage**: Encrypted credentials are stored in cloud infrastructure, enabling cross-device access and serving as a reliable backup solution +- **Ed25519 Digital Signatures**: Employs industry-standard ed25519 cryptographic signatures for enhanced security + +:::info Security Architecture +The cloud storage infrastructure serves as a secure repository for encrypted credentials. When users sign a message using their Ethereum private key, the system derives an identity and generates storage keys. All stored documents undergo end-to-end encryption using AES256-GCM, ensuring that only users with valid storage keys can access their credentials. ::: -:::note -To sync the identity and its associated credentials between the Privado ID Web Wallet and the Privado ID Wallet App, the user must log in with the same crypto wallet account on both platforms. +:::note Wallet Synchronization +To synchronize identity and credentials between the Privado ID Web Wallet and the Privado ID mobile application, users must authenticate using the same crypto wallet account on both platforms. ::: -- **Enhanced User Experience**: Prioritizing simplicity, the Web Wallet presents a user-friendly interface. From identity creation to credential claiming and verification, all steps seamlessly integrate, minimizing complexity. -- **Dashboard**: Users can conveniently view and manage their credentials stored in their Identity Wallet from the Dashboard. +### Enhanced User Experience + +The Web Wallet prioritizes usability through: + +- **Intuitive Interface**: Streamlined user interface that simplifies complex identity operations +- **Seamless Integration**: All processes—from identity creation to credential verification—are integrated into unified workflows +- **Minimal Complexity**: Reduces technical barriers for end users while maintaining security standards + +### Comprehensive Dashboard + +The dashboard provides centralized credential management capabilities: + +- **Credential Overview**: View all stored credentials in a unified interface +- **Credential Status**: Monitor the validity and expiration of stored credentials +- **Access Control**: Manage credential sharing permissions and access controls
- + Web Wallet Dashboard Interface
-- **Query Verification**: Users can quickly approve verification requests by validating them against the credentials stored in their wallet. -- **Credential Issuance**: Users can easily claim the credentials and store them in their wallet issued by an Issuer. +### Query Verification System -- **Embedded Issuance**: The Web Wallet provides embedded issuance, allowing users to claim their credentials within the verification flow if they haven't done so before. +The verification system enables rapid credential validation: + +- **Real-time Verification**: Instantly validate verification requests against stored credentials +- **Zero-Knowledge Proofs**: Generate privacy-preserving proofs without revealing underlying credential data + +### Credential Issuance + +Streamlined credential acquisition process: + +- **Direct Issuance**: Claim credentials directly from authorized issuers +- **Secure Storage**: Automatically store issued credentials in encrypted wallet storage +- **Batch Processing**: Support for multiple credential issuance in single transactions + +### Embedded Issuance + +The Web Wallet's embedded issuance feature enables in-flow credential acquisition: + +- **Contextual Issuance**: Claim required credentials within verification workflows +- **Seamless Experience**: Eliminates the need for separate credential acquisition processes +- **Real-time Processing**: Immediate credential availability upon successful issuance
-:::note +:::note Supported Embedded Credentials Currently, the tool supports embedded issuance for a limited number of credentials only: @@ -57,8 +106,14 @@ Currently, the tool supports embedded issuance for a limited number of credentia - Proof of Uniqueness refer to the schema [here](https://github.com/anima-protocol/claims-polygonid/blob/main/schemas/json-ld/pou-v1.json-ld)) ::: -- **Simplified Integration**: Integration into your application is effortless, reducing the development workload and ensuring swift implementation. -- **On-Chain and Off-Chain Query Verification**: Supporting both on-chain and off-chain query verification, the Web Wallet offers flexibility to meet diverse verification needs. +### Developer-Friendly Integration + +Technical integration features: + +- **Simplified APIs**: Reduced development overhead through streamlined integration APIs +- **Universal Links**: Support for universal link-based integration patterns +- **Flexible Verification**: Compatible with both on-chain and off-chain verification architectures +- **Cross-Platform Support**: Works across different web browsers and devices ## User Interface and Experience @@ -84,6 +139,6 @@ The Web Wallet can be seamlessly integrated into the credential issuance flow by You can experience a demo of the Web Wallet integration [here](https://web-wallet-demo.privado.id/). -:::caution +:::caution Deprecation Notice The prior method of integrating the Web Wallet using `https://wallet.privado.id/#base64EncodedData` is now deprecated and will no longer be supported after Release 9. :::