Verifying Credentials

The Verifier is a key entity within the AIR Credential ecosystem, responsible for verifying the authenticity of a user’s credential and determining whether it meets predefined conditions. Leveraging zero-knowledge proofs, the Verifier can validate credentials without accessing or exposing sensitive user data.

As a Verifier, your role is to verify the authenticity of user credentials and ensure they meet the required conditions. Follow these steps to integrate and operate the verification process.

Verification Flow

The AIR Credential verification process follows these simplified steps:

1. Verification Request - Verifier presents a verification requirement to the user (e.g., "Prove you're over 18")
2. Credential Issuance (if needed) - If the user lacks the required credential, a trusted Issuer validates their information and issues an encrypted verifiable credential stored in decentralized storage
3. Zero-Knowledge Proof Generation - User generates a cryptographic proof from their credential that answers the verifier's query without revealing personal data
4. On-Chain Verification - The proof is submitted to Moca Chain's smart contract, which validates it and records the verification result
5. Access Granted - Upon successful verification, the user gains access to the requested service or resource

Implementation

Step 1: Set Up a Verification Program

1. Use the Developer Dashboard to create a verification program (Verifier -> Program).
2. While creating the program, search for the schema for the credentials you intend to verify, and check the attributes to be included (e.g., name, age, nationality, etc.).
3. Use the Define Query module to set up specific verification conditions, such as:
   • Attributes to verify (e.g., age, nationality).
   • Operators (e.g., Equals, Not Equals, Includes, Excludes).
   • Attribute values to match.
4. Specify the Issuer’s DID to ensure the credentials being verified originate from a trusted issuer. (optional)
5. Provide a program name and review all configured details before saving.
6. Publish the program on-chain and take note of the program ID. You will need $MOCA in your Fee Wallet (Verifier -> Fee Wallet).

Step 2: Generate Auth Token

Generate a Partner JWT securely with your backend server, and include scope=verify to limit its scope.

Step 3: Initiate Verification Request

To verify a user's Verified Credentials, simply call the verifyCredentials() function in AIR Kit to verify a VC on-chain.

public async verifyCredential({
    authToken,
    programId,
    redirectUrl,
  }: {
    authToken: string;
    programId: string;
    redirectUrl?: string;
  }): Promise<CredentialVerificationResult>

Input Parameters

Name	Type	Required	Description
authToken	string	Yes	Your signed Partner JWT, with scope=verify.
programId	string	Yes	Identifier for the verification program.
redirectUrl	string	No	Optional URL to redirect the user if the user has not issued the relevant credential.

Response

The function returns a Promise<CredentialVerificationResult>. The CredentialVerificationResult includes a status field, which can have one of the following values:

Field	Type	Description
status	string	The result of the credential verification. Possible values:
		- "Compliant": Credential is valid and meets all verification requirements.
		- "Non-Compliant": Credential is valid but does not meet requirements.
		- "Pending": Verification is in progress or awaiting user action.
		- "Revoking": Credential is in the process of being revoked.
		- "Revoked": Credential has been revoked and is no longer valid.
		- "Expired": Credential is no longer valid due to expiration.
		- "NotFound": Credential could not be found or do not exist.

Under the hood, AIR Kit retrieves the encrypted credentials from Decentralized Storage based on the user’s wallet address and program configuration. After the user approves the verification process, a Zero-knowledge Proof (ZKP) is generated on the client side without exposing the raw data to the verifier or Moca's servers. At the same time, the credentials are checked against any revocation statuses or expiration. Once the ZKP is generated, it is submitted on-chain for verification.

Tips

• Use the Chain Explorer to find the record of the on-chain transaction related to verification (Credentials -> Verification)