Skip to content

Commit 21eda8e

Browse files
theosiriantheosirian
committed
Add docs about new env vars
Signed-off-by: Tiago Nascimento <[email protected]>
1 parent b1830f1 commit 21eda8e

File tree

1 file changed

+67
-0
lines changed

1 file changed

+67
-0
lines changed

docs/THIRD_PARTY_SETUP.md

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,3 +160,70 @@ Once you have access to your project secrets, you can enable Sentry error tracki
160160
```shell
161161
SENTRY_DSN=xxx
162162
```
163+
164+
## [Verifiable Credentials](https://www.w3.org/TR/vc-data-model/) with DIDKit
165+
166+
You can use [DIDKit](https://github.com/spruceid/didkit) to generate a private
167+
key to sign the verifiable credentials.
168+
169+
It can be installed with `cargo`, the package manager for [Rust](https://www.rust-lang.org/),
170+
easily obtained with the [`rustup`](https://rustup.rs/) installer.
171+
172+
```shell
173+
$ cargo install didkit-cli
174+
```
175+
176+
The subcommand `generate-ed25519-key` will output a Ed25519 key in JWK format
177+
that you can then add to your `.env`.
178+
179+
```shell
180+
$ didkit generate-ed25519-key
181+
{"kty":"OKP","crv":"Ed25519","x":"xyzw","d":"abcd"}
182+
183+
DIDKIT_JWK_KEY={"kty":"OKP","crv":"Ed25519","x":"xyzw","d":"abcd"}
184+
```
185+
186+
As the issuer, you will have to decide on a [DID](https://www.w3.org/TR/did-core/)
187+
method to use to create your DID and identify the signer.
188+
189+
One of them is [`did-web`](https://w3c-ccg.github.io/did-method-web/) which works
190+
by hosting your DID document, a file called `did.json`, under the specified domain
191+
and path. For example, the DID `did:web:domain.tld:subpath` would look for the
192+
file under `domain.tld/subpath/.well-known/did.json`, and `did:web:domain.tld`
193+
would look at `domain.tld/.well-known/did.json`.
194+
195+
```shell
196+
POPP_VC_ISSUER=did:web:domain.tld
197+
```
198+
199+
If you opt to use a `did-web` DID, the `did.json` file should include the public
200+
information of the key used to sign the credentials like in the example that
201+
follows.
202+
203+
```json
204+
{
205+
"@context": "https://www.w3.org/ns/did/v1",
206+
"id": "did:web:domain.tld",
207+
"verificationMethod": [{
208+
"id": "did:web:domain.tld#default",
209+
"type": "Ed25519VerificationKey2018",
210+
"controller": "did:web:domain.tld",
211+
"publicKeyJwk": {
212+
"kty": "OKP",
213+
"crv": "Ed25519",
214+
"x": "xyzw"
215+
}
216+
}],
217+
"authentication": ["did:web:domain.tld#default"],
218+
"assertionMethod": ["did:web:domain.tld#default"]
219+
}
220+
```
221+
222+
The last environment variable to be used with the VC integrations is `POPP_VC_VERIFIER`
223+
which is simply what the `Verify` button will link to when the user clicks on it.
224+
It should point to a tool that helps the user verify and/or understand the VC
225+
that was issued to them. One example of such a tool is included in `ops/popp-tools`.
226+
227+
```shell
228+
POPP_VC_VERIFIER=https://example.tld/popp-tools
229+
```

0 commit comments

Comments
 (0)