identity-wallet v2.0.0

Identity Wallet

🆔-wallet

3Box identity-wallet-js is a JavaScript SDK that allows Ethereum JavaScript wallet developers to natively support 3Box identity and authentication functionalities, including: creating 3Box accounts, adding authentication methods (Ethereum keys), and responding to authentication requests for 3Box accounts as well as spaces.

Getting Started

Installation

Install 3box in your npm project:

$ npm install identity-wallet

Usage

Import Identity Wallet into your project

Import the identity-wallet module

const IdentityWallet = require('identity-wallet')

Import using the dist build in your html code

<script type="text/javascript" src="../dist/identity-wallet.js"></script>

Understanding the getConsent function

The first parameter of the IdentityWallet constructor is the getConsent function. This function determines whether or not any given origin (app) is allowed access to the users data. What this function should do is to present a dialog to the user in the wallet UI, asking for permission to access the given spaces.

The function is called with one parameter which is the request object. It looks like this:

{
  type: 'authenticate',
  origin: 'https://my.app.origin',
  spaces: ['space1', 'space2']
}

In the above example the app with origin https://my.app.origin is requesting access to space1 and space2. If the user consents to this the function should return true, otherwise it should return false. Note that if the spaces array is empty the app is requesting access to the general 3Box storage.

Creating a wallet with a seed

To create a wallet with a seed you can simply pass it as an option to the constructor. This will create an instance of the IdentityWallet that derives all it's keys from this seed. Be careful, if this seed is lost the identity and all of it's data will be lost as well.

const seed = '0xabc123...' // a hex encoded seed

const idWallet = new IdentityWallet(getConsent, { seed })

Creating an identity for a contract wallet

For wallets which doesn't have one keypair, e.g. smart contract wallets, we provide a way of creating an identity with multiple authentication secrets. In this model each authentication secret grants full access to the identity.

const authSecret = '0xabc123...' // a hex encoded secret

const idWallet = new IdentityWallet(getConsent, { authSecret })

New authentication secrets can later be added by calling the addAuthMethod instance method of the identityWallet. Note that this method can only be called after an authentication first has happened (Box.openBox has been called from 3box-js).

const authSecret2 = '0xabc123...' // a hex encoded secret

idWallet.addAuthMethod(authSecret2)

Using the IdentityWallet with 3box-js

An instance of IdentityWallet can be passed directly to 3box-js and will be used to authenticate the user.

const provider = idWallet.get3idProvider()
const box = await Box.openBox(null, provider)

Using the ThreeIdProvider to consume RPC calls

As described above the 3idProvider can be accessed by calling idWallet.get3idProvider(). The provider object that is returned can be used to consume 3ID JSON-RPC requests.

const provider = idWallet.get3idProvider()
// using the provider
const response = await provider.send(rpcRequest, origin)

// alternatively using a callback function
provider.send(rpcRequest, origin, (error, response) => {
  // use response or handle error
})

In the above example rpcRequest is a request formated according to the 3ID JSON-RPC specification, and origin is a string, e.g. https://my.app.origin.

Link an address to the identity

Multiple blockchain addresses can be linked to an identity controlled by an IdentityWallet instance. Right now two types of ethereum addresses are supported: EOAs (externally owned accounts) and EIP1271 contracts. Support for other types and blockchains can be easily added by contributing to the 3id-blockchain-utils module. To link an address simply use the linkAddress method as shown in the example below. The ethProvider needs to be able to sign a message using personal_sign for the given address.

const ethAddress = '0xabc...'
const ethProvider = // an ethereum json-rpc provider

await idWallet.linkAddress(ethAddress, ethProvider)

Maintainers

@oed

API Documentation

IdentityWallet

Kind: global class

• IdentityWallet
  • new IdentityWallet(getConsent, config)
  • .get3idProvider() ⇒ ThreeIdProvider
  • .getDidProvider() ⇒ DidProvider
  • .hasConsent(spaces, origin) ⇒ Boolean
  • .getConsent(spaces, origin) ⇒ Boolean
  • .linkAddress(address, provider) ⇒ Object
  • .authenticate(spaces, opts) ⇒ Object
  • .isAuthenticated(spaces, origin) ⇒ Boolean
  • .addAuthMethod(authSecret)
  • .signClaim(payload, opts) ⇒ String
  • .encrypt(message, space, opts) ⇒ Object
  • .decrypt(encryptedObject, space) ⇒ String

new IdentityWallet(getConsent, config)

Creates an instance of IdentityWallet

Returns: this - An IdentityWallet instance

identityWallet.get3idProvider() ⇒ ThreeIdProvider

Get the 3IDProvider

Kind: instance method of IdentityWallet
Returns: ThreeIdProvider - The 3IDProvider for this IdentityWallet instance

identityWallet.getDidProvider() ⇒ DidProvider

Get the DIDProvider

Kind: instance method of IdentityWallet
Returns: DidProvider - The DIDProvider for this IdentityWallet instance

identityWallet.hasConsent(spaces, origin) ⇒ Boolean

Determine if consent has been given for spaces for a given origin

Kind: instance method of IdentityWallet
Returns: Boolean - True if consent has already been given

identityWallet.getConsent(spaces, origin) ⇒ Boolean

Get consent for given spaces for a given origin

Kind: instance method of IdentityWallet
Returns: Boolean - True consent was given

identityWallet.linkAddress(address, provider) ⇒ Object

Link a blockchain address to the identity. Usually the address would be an ethereum address (EOA or EIP1271 compatible contract) and the provider is an JSON-RPC provider that can sign a message with this address using personal_sign.

Kind: instance method of IdentityWallet
Returns: Object - The link proof object

identityWallet.authenticate(spaces, opts) ⇒ Object

Authenticate to given spaces

Kind: instance method of IdentityWallet
Returns: Object - The public keys for the requested spaces of this identity

identityWallet.isAuthenticated(spaces, origin) ⇒ Boolean

Check if authenticated to given spaces

Kind: instance method of IdentityWallet
Returns: Boolean - True if authenticated

identityWallet.addAuthMethod(authSecret)

Add a new authentication method for this identity

Kind: instance method of IdentityWallet

identityWallet.signClaim(payload, opts) ⇒ String

Sign a verifiable credential. The format of the credential is did-jwt.

Kind: instance method of IdentityWallet
Returns: String - The signed claim encoded as a JWT

identityWallet.encrypt(message, space, opts) ⇒ Object

Encrypt a message

Kind: instance method of IdentityWallet
Returns: Object - The encrypted object (ciphertext and nonce)

identityWallet.decrypt(encryptedObject, space) ⇒ String

Decrypt a message

Kind: instance method of IdentityWallet
Returns: String - The decrypted message