This package provides a streamlined API for the identity provider usable from non-Rust languages.
The core of the library is src/lib.rs file which defines two functions, validate_request
and create_identity_object
.
In addition to this we provide nodejs
and C#
exports (optionally) via src/nodejs_exports.rs and src/csharp_exports.rs, respectively.
These can be enabled/disabled via the features nodejs
and csharp
, respectively.
If you need to use the identity issuer functionality from a Rust project this is not the library you want. In such a case it is much better to use the ../rust-src/id crate directly since it provides support for serialization of all the relevant values.
The identity issuance consists of the following steps. The steps done by this library are marked with (*).
- The wallet makes the request to the identity provider.
- (*) The identity provider validates the request.
- The identity provider checks whether an account already exists on the chain.
- The identity provider does the identity verification process (e.g., taking photos, scans, etc). The output of this process should be whatever the identity issuer needs, and a list of attributes that go to the identity object.
- (*) Create the initial account object that is sent to the chain, the identity object that is returned to the user, and the anonymity revocation record that is kept by the identity provider.
- Try to create the initial account on the chain.
- If all the above are successful return the identity object to the user.
The exposed API consists of two functions validate_request
and create_identity_object
.
This function is designed to be used when the initial request is made by the user to the identity provider. It will check cryptographic proofs in the request. All arguments are strings that contain JSON encodings of the relevant values.
The arguments are
global_context
, the context of (public) cryptographic parameters specific to the chain the identity object is destined forip_info
, the public keys of the identity provider. This data is also available on the chain the identity object is destined for.ars_infos
, public keys of anonymity revokers the identity provider cooperates with.request
, this is the request that the wallet sends which contains cryptographic values and proofs.
In case of success, the return value is
- an account address encoded as a string. This is the address of the initial account that would be created based on the request. Otherwise, the return value is an error.
This creates the identity object, the initial account data, and the anonymity revocation record.
The arguments are
ip_info
, the public keys of the identity provider, same as forvalidate_request
request
, the same request as forvalidate_request
alist
, the attribute list obtained in step (4) of the identity issuance process (see above)expiry
, the expiry time of the account creation message sent to the chain. This is just a unix timestamp that should be set to, e.g., now + 5 min.ip_private_key
, the first part of the private key, used to sign the identity object sent back to the userip_cdi_private_key
, the second part of the private key, used to sign the initial account creation message.
The return value is either an error if some of the values are malformed, or a struct containing
- the identity object that is returned to the user
- the anonymity revocation record
- the initial account creation object that is sent to the chain
- the address of the inital account
Note that the anonymity revocation record only contains the cryptographic parts, the encryptions of data that the anonymity revoker decrypts. It does not contain contact information for the user. It is the responsibility of the identity provider to maintain that data in addition to the anonymity revocation record.
In order to build you need the following
- the rust compiler, stable toolchain, a recent version. We've tested with 1.53.
- clang development libraries. On ubuntu these can be installed with
apt install libclang-dev
To build the nodejs exports, do
cargo build --release --features=nodejs
- On linux this produces a shared library
libidiss.so
that needs to be loaded into a nodejs instance. To do this move/rename the generated shared library tolibidiss.node
(the extension is important, the name is not, it just has to match the import statement in javascript later on). On Windows it produces aidiss.dll
that (similarly) should be moved and renamed tolibidiss.node
.
To build the csharp exports, do instead
cargo build --release --features=csharp
- On Windows this will produce
idiss.dll
.
Both will build the library and produce artifacts in ./target/release/
.
The library exposes two functions
fn validate_request(global_context: string, ip_info: string, ars_infos: string, request: string): { accountAddress: string } | Error
which validates the given request and returns the account address of the initial account if the request is valid, or an Error otherwise.
fn create_identity_object(ip_info: string, alist: string, request: string, ip_private_key: string, ip_cdi_private_key: string): {idObject: string; arRecord: string, initialAccount: string} | Error
which creates the identity object to be sent back to the user, as well as the
anonymity revocation record, and information about the initial account that must
be submitted to the chain. The Error case here can happen if the attribute
list (the alist
argument) or any other arguments are malformed.
After following the build instructions you can try to run the script example.js
as, e.g.,
nodejs example.js
It should print the output of each of the exposed calls.
The script also illustrates the input formats of the values and whether exceptions can or cannot be raised.
The library exposes two functions validate_request_cs
and create_identity_object_cs
that can be imported in C# by
[DllImport("idiss.dll")]
private static extern IntPtr validate_request_cs(
[MarshalAs(UnmanagedType.LPArray)] byte[] ctx, int ctx_len,
[MarshalAs(UnmanagedType.LPArray)] byte[] ip_info, int ip_info_len,
[MarshalAs(UnmanagedType.LPArray)] byte[] ars_infos, int ars_infos_len,
[MarshalAs(UnmanagedType.LPArray)] byte[] request, int request_len, out int out_length, out int out_success);
which validates the given request and returns a pointer the account address of the initial account if the request is valid,
or a pointer to a bytearray describing an error. It writes to a variable out_length
the length of the output. If the request is valid,
1
is written to out_success, otherwise -1
is written to out_success.
[DllImport("idiss.dll")]
private static extern IntPtr create_identity_object_cs(
[MarshalAs(UnmanagedType.LPArray)] byte[] ip_info, int ip_info_len,
[MarshalAs(UnmanagedType.LPArray)] byte[] request, int request_len,
[MarshalAs(UnmanagedType.LPArray)] byte[] alist, int alist_len,
UInt64 expiry,
[MarshalAs(UnmanagedType.LPArray)] byte[] ip_private_key, int ip_private_key_ptr_len,
[MarshalAs(UnmanagedType.LPArray)] byte[] ip_cdi_private_key, int ip_cdi_private_key_ptr_len,
out int out_length, out int out_success);
which returns a pointer to either the identity object to be sent back to the user, as well as the
anonymity revocation record, and information about the initial account that must
be submitted to the chain, or a pointer to a bytearray describing an error.
It writes to a variable out_length
the length of the output. If identity creation went well,
1
is written to out_success, otherwise -1
is written to out_success.