Verifiable Credentials Plugin

Summary: Use Verifiable Credentials to grant access to groups and badges in Discourse.

:link: GitHub: https://github.com/coopcreds/discourse-verifiable-credentials
:arrow_right: Install: Follow the plugin installation guide.

Demo

You can try this plugin out your self by following the steps in the link below. You’ll be issued a test “Cooperative Credential” which you can then use to gain access to a group and be granted a badge on the cooperative credentials Discourse instance. Note that the credential is only for test purposes and may be revoked without notice.

Providers

The plugin currently supports the following verifiable credentials providers.

Provider Verification Type Supported
MATTR OIDC Yes
MATTR Callback Yes
Verifiable Credentials Ltd - Partially

The plugin is built to support any provider, but adding additional providers does require some implementation work. If you’d like to add another provider please reach out.

Configuration

Some understanding of verifiable credentials is needed to use this plugin. MATTR, the main provider supported by the plugin currently, have made some videos that are relevant to the current plugin options:

This plugin allows you to verify a user’s credential in order to give them access to a group(s) or badge(s) in Discourse. The sections below go through the verification, group and badge configuration. As the plugin only supports MATTR currently, the instructions assume you’re using MATTR.

Verifier

The type of verifier configuration you use will depend on the kind of system you’re integrating with. If you’re the verifier and you’re setting up a Discourse that you control, then you may want to use a callback verification. If you’re part of a network that relies on a single verifier, i.e. you’re a “Relying Party”, then you may want to use OIDC verification.

OIDC

If you’re using an OIDC Verifier (for example, you’re using the MATTR Auth0 Integration), you need to set the following site settings:

  • verifiable credentials oidc: true
  • verifiable credentials mattr verifier id: The id (not the DID) of your OIDC Verifier
  • verifiable credentials mattr client id: The client id of the OIDC Client Application for your Discourse (note this is not your MATTR tenant client id)
  • verifiable credentials mattr client secret: The client secret of the OIDC Client Application for your Discourse (note this is not your MATTR tenant client secret)

Callback

If you’re using a standard callback verification, you need to set the following site settings:

  • verifiable credentials oidc: false
  • verifiable credentials mattr client id: Client id of the MATTR tenant where the verifier is hosted
  • verifiable credentials mattr client secret: Client secret of the MATTR tenant where the verifier is hosted
  • verifiable credentials mattr messaging did: A DID using keyType of ed25519

Group

You can grant access to groups using claims in verified credentials. This means you can selectively grant access to different groups in your Discourse depending on the claims in a user’s credential. To set up a group to be accessed via verifiable credentials, go to “Manage” > “Membership” and set the following

  • Allow users to join by verifiable credentials: true

  • Show verifiable credentials button on this group to non members: (self explanatory)

  • Redirect users to url upon verification.: For example if you’re using a credential to give a user access to a category the group has access to, use this field to send the user to the category when the verification process is complete.

  • Cumulative list of claim(s) that grants access to this group. Format: key:value.: Note that this list is cumulative, meaning that a user will need all claims present in their credential to gain access. Example

    https://coopcreds.com/cooperativeMembershipType:member
    https://coopcreds.com/cooperative:pavilion
    

Callback

If you’re using the Callback verification method then you have to also set the Identifier of credential that grants access to this group to the id of the presentation template you want to use for that group. You can use different presentation templates for different groups.

Badge

You can grant badges to users using claims in verified credentials. Currently you can only do this using the header component (see below). The site setting to use is verifiable credentials header badges which requires entries in this format:

badge_id~~claim:value

For example

34~~https://coopcreds.com/cooperativeMembershipType:member

You can get the id of a badge from the URL of the badge’s page, e.g.

/badges/9/autobiographer ## the badge id is 9

Header

You can use the plugin’s header dropdown to grant users access to multiple groups at once, or both badges and groups at the same time. The relevant settings are:

  • verifiable credentials header: true
  • verifiable credentials header groups: a list of group names (each group must be already configured; see above)
  • verifiable credentials header badges: see above
  • verifiable credentials header info url: the url for a “learn more” link in the bottom right of the dropdown.

The header icon will appear if the user is not a member of group included in the header presentation, or has not been granted a badge included in the header presentation. When the user clicks it, it will display the resources they can get access to by verifying their credentials.

Support

This plugin is built as part of the Cooperative Credentials Project, which is supported by the EU-funded ESSIF Lab. It will be used in production by multiple relying parties in the Cooperative Credentials network when it goes live later this year.

image           image

To do

  • Add group-specific badge support.
  • Support user authentication via verifiable credentials.
  • Add additional providers such as Evernym and Trinsic.
12 Likes

This is a purely technical note, but if you’re interested in the standards debate around what this plugin is (partly) doing (i.e. integrating OIDC with Verifiable Credentials) then this recent thread from the W3C CCG group mailing list is a good read (in particular the discussion between Manu and Tobias (CTO of MATTR)).

https://lists.w3.org/Archives/Public/public-credentials/2022Mar/0101.html

(I wish such discussions were on a discourse instance…)

5 Likes

(post deleted by author)