Verification SDK (javascript)
The OpenAttestation Verification SDK (javascript) is a npm module that allows you to verify wrapped document programmatically. This is useful if you are building your own API or web components. Some common use cases where you need this module:
This module does not provide the following functionality:
- Programmatic wrapping of OA documents (refer to OpenAttestation Wrapper SDK (javascript))
- Encryption or decryption of OA documents (refer to Encryption SDK (javascript))
- Programmatic issuance/revocation of document on the Ethereum blockchain
Installation
- Install Node.js
- Install the library:
npm install @govtechsg/oa-verify
Verifying a document
A verification happens on a wrapped document, and it consists of answering to some questions:
- Has the document been tampered with ?
- Is the issuance state of the document valid ?
- Is the document issuer identity valid ? (see identity proof)
Before starting to play with the library, create a file document.json
having the following content:
This is a wrapped document created using OpenAttestation Wrapper SDK.
Let's make sure the document is valid:
Custom verification
In some cases, you will need to perform more verification on a document than the one provided by default. Fortunately the library is configurable in a way you can create your own verification methods and distribute your verifier.
Custom validation
The isValid
function will execute over fragments and determine if the fragments produced a valid result. By default the function will return true if a document fulfill the following conditions:
- The document has NOT been tampered, AND
- The document has been issued, AND
- The document as NOT been revoked, AND
- The issuer identity is valid.
However in some conditions, the result of the function might not be useful: Why is the document not valid ? Is it because it has been tampered ? Or maybe the issuer identity is invalid ?
The function allow to specify as a second parameters the list of types on which to perform the checks. Let's try to run the verifier on mainnet
network :
Let's try to understand the different results:
isValid(fragments, ["DOCUMENT_INTEGRITY"])
returns true because the integrity of the document is not dependent on the network it has been published to.isValid(fragments, ["DOCUMENT_STATUS"])
returns false because the document has not been published on Ethereum main network.isValid(fragments, ["DOCUMENT_STATUS"])
returns false because there is no DNS-TXT record associated with the Ethereum main network's document store.isValid(fragments)
returns false because at least one of the above returns false.
Listening to individual verification method
The verify
function has an option to listen to individual verification methods. It might be useful if you want for instance to provide individual loader on your UI.
Additional information
- Verification SDK implementation follow our Verifier ADR.
- Found a bug ? Having a question ? Want to share an idea ? Reach us out on the Github repository.`