Summary: Use Verifiable Credentials to grant access to groups and badges in Discourse.
GitHub: https://github.com/coopcreds/discourse-verifiable-credentials
Install: Follow the plugin installation guide.
Demo
You can try this plugin out your self by following the steps in the link below. You’ll be issued a test “Cooperative Credential” which you can then use to gain access to a group and be granted a badge on the cooperative credentials Discourse instance. Note that the credential is only for test purposes and may be revoked without notice.
Providers
The plugin currently supports the following verifiable credentials providers.
| Provider | Verification Type | Supported |
|---|---|---|
| MATTR | OIDC | Yes |
| MATTR | Callback | Yes |
| Verifiable Credentials Ltd | - | Partially |
The plugin is built to support any provider, but adding additional providers does require some implementation work. If you’d like to add another provider please reach out.
Configuration
Some understanding of verifiable credentials is needed to use this plugin. MATTR, the main provider supported by the plugin currently, have made some videos that are relevant to the current plugin options:
This plugin allows you to verify a user’s credential in order to give them access to a group(s) or badge(s) in Discourse. The sections below go through the verification, group and badge configuration. As the plugin only supports MATTR currently, the instructions assume you’re using MATTR.
Verifier
The type of verifier configuration you use will depend on the kind of system you’re integrating with. If you’re the verifier and you’re setting up a Discourse that you control, then you may want to use a callback verification. If you’re part of a network that relies on a single verifier, i.e. you’re a “Relying Party”, then you may want to use OIDC verification.
OIDC
If you’re using an OIDC Verifier (for example, you’re using the MATTR Auth0 Integration), you need to set the following site settings:
-
verifiable credentials oidc: true -
verifiable credentials mattr verifier id: The id (not the DID) of your OIDC Verifier -
verifiable credentials mattr client id: The client id of the OIDC Client Application for your Discourse (note this is not your MATTR tenant client id) -
verifiable credentials mattr client secret: The client secret of the OIDC Client Application for your Discourse (note this is not your MATTR tenant client secret)
Callback
If you’re using a standard callback verification, you need to set the following site settings:
-
verifiable credentials oidc: false -
verifiable credentials mattr client id: Client id of the MATTR tenant where the verifier is hosted -
verifiable credentials mattr client secret: Client secret of the MATTR tenant where the verifier is hosted -
verifiable credentials mattr messaging did: A DID usingkeyTypeofed25519
Group
You can grant access to groups using claims in verified credentials. This means you can selectively grant access to different groups in your Discourse depending on the claims in a user’s credential. To set up a group to be accessed via verifiable credentials, go to “Manage” > “Membership” and set the following
-
Allow users to join by verifiable credentials: true -
Show verifiable credentials button on this group to non members: (self explanatory) -
Redirect users to url upon verification.: For example if you’re using a credential to give a user access to a category the group has access to, use this field to send the user to the category when the verification process is complete. -
Cumulative list of claim(s) that grants access to this group. Format: key:value.: Note that this list is cumulative, meaning that a user will need all claims present in their credential to gain access. Examplehttps://coopcreds.com/cooperativeMembershipType:member https://coopcreds.com/cooperative:pavilion
Callback
If you’re using the Callback verification method then you have to also set the Identifier of credential that grants access to this group to the id of the presentation template you want to use for that group. You can use different presentation templates for different groups.
Badge
You can grant badges to users using claims in verified credentials. Currently you can only do this using the header component (see below). The site setting to use is verifiable credentials header badges which requires entries in this format:
badge_id~~claim:value
For example
34~~https://coopcreds.com/cooperativeMembershipType:member
You can get the id of a badge from the URL of the badge’s page, e.g.
/badges/9/autobiographer ## the badge id is 9
Header
You can use the plugin’s header dropdown to grant users access to multiple groups at once, or both badges and groups at the same time. The relevant settings are:
-
verifiable credentials header: true -
verifiable credentials header groups: a list of group names (each group must be already configured; see above) -
verifiable credentials header badges: see above -
verifiable credentials header info url: the url for a “learn more” link in the bottom right of the dropdown.
The header icon will appear if the user is not a member of group included in the header presentation, or has not been granted a badge included in the header presentation. When the user clicks it, it will display the resources they can get access to by verifying their credentials.
Support
This plugin is built as part of the Cooperative Credentials Project, which is supported by the EU-funded ESSIF Lab. It will be used in production by multiple relying parties in the Cooperative Credentials network when it goes live later this year.
           