bedrock-issuer
This is a bedrock-based library that provides a simple JavaScript and HTTP API for issuing and claiming JSON-LD credentials and storing them in a database. It is not a comprehensive credential issuer application, rather it can be integrated into such an application to provide some portion of its required features.
Requirements
- npm v3+
Quick Examples
npm install bedrock-issuer
Issuing a credential
The issue( actor, credential, [options], callback ) call
will issue a credential by digitally signing it and storing it in an
unclaimed
state in the database.
The call takes the following arguments:
- actor (required object) - The identity that is performing the
action. This identity must have the
CREDENTIAL_ISSUE
permission for the resource specified as theissuer
property in thecredential
. See bedrock-permission and bedrock-identity for more information. - credential (required object) - The credential to issue. The
credential is assumed to use the JSON-LD identity-context and
credentials-context and must include an
issuer
identifier, anissued
date, and aclaim
section with at least one claim. - options (object)
- meta (object) - Custom meta data to store in the database along with the credential in the database. This data will not be signed.
- callback (required function) - The node-continuation-style callback function to call once the operation completes. On success, the signed credential will be passed as the second parameter.
Note: At present, the key used to sign the credential must have been previously
registered with the issuer
of the credential
as their preferred credential
signing key (identity.sysPreferences.credentialSigningKey
). A future option
will be added to allow an identifier for the signing key to be specified via
options
.
var issuer = ; // digitally-sign and issue a credential for later claimingissuer;
Credentials may also be issued via the HTTP API. By posting an unsigned
JSON-LD credential to the endpoint configured via
bedrock.config.issuer.endpoints.unsignedCredential
, along with the
appropriate authentication, the above issue
call can be called internally
using the authenticated identity and the parsed credential.
Claiming a credential (marking it as claimed)
The claim( actor, id, callback ) call will mark a previously
issued credential as claimed
in the database.
The call takes the following arguments:
- actor (required object) - The identity that is performing the
action. This identity must have the
CREDENTIAL_CLAIM
permission for the resource specified incredential.claim.id
. See bedrock-permission and bedrock-identity for more information. - id (required string) - The ID of the credential to claim. The
credential must be
unclaimed
. - callback (required function) - The node-continuation-style callback function to call once the operation completes.
var issuer = ; // mark a credential as claimedissuer;