Uport provides a simple way for your users to login to your website and provide private information such as identity information and contact details to you.
You can also “attest” information they provide to you or that you yourself have about them. This can be shared back to your customers so you can help them build their digitial identity.
Uport.js provides a simple way for you to integrate uport.js into your server side node application. You can also interact with your uport users directly in the browser. We have a browser library uport-lib which can help you do so.
First make sure you have your uport app installed and you've setup your own uport identity.
A uport identity is a special kind of ethereum Smart Contract known as a proxy contract. It has an ethereum address, can hold value and can interact with any other Ethereum smart contracts.
The identity is controlled by a Controller Contract, which is basically an access control layer. You can develop your own custom access control layers and replace them, while keeping the primary identity intact (or permanent as we like to call it).
Our default uport controller contract is controlled by a single device, but you can add multiple recovery contacts to help retain control if you lose that device. Feel free to replace the controller contract with your own contract.
A uport identity also optionally has a public profile stored on ipfs and linked to your identity through the uport registry. This profile consists of JSON using the Schema.org conventions.
When interacting privately with a user you will be interchanging signed JWT. To verify the signature of the JWT you and your users will be fetching your public key from the public profile.
TBD
Open the file ./manager/index.html in your browser.
It will ask you to login by scanning a QR code using your uport app.
Once you've logged in. Hit the “Create new application” button, which will take you through the process of creating a new uport identity for your app.
You will see an address which is your apps identity address on the blockchain.
Now fill in a few basic details like your App's name. Company Name. URL, logo etc.
Create your server keypair. This is for signing JWT tokens from within your server.
openssl ecparam -name secp256k1 -genkey -noout -out keypair.pem
Paste in the public key generated from the step above.
Hit the button “Save Attributes” and a QR code will appear for signing by your mobile app.
In your application you must first configure your Uport object.
import { Uport, SimpleSigner } from 'uport-node'
const signer = SimpleSigner(process.env.PRIVATE_KEY)
const uport = new Uport({
appName: 'App Name',
address: 'UPORT ADDRESS FOR YOUR APP',
signer: signer
})
To request information from your user you create a Selective Disclosure Request JWT and present it to your user in the web browser.
The most basic request to get a users public uport identity details:
uport.requestCredentials().then(requestToken => {
// send requestToken to browser
})
You can ask for specific private data like this:
uport.requestCredentials({
requested: ['name','phone','identity_no']
}.then(requestToken => {
// send requestToken to browser
})
In your front end use 'uport-browser' to present it to your user either as a QR code or as a uport-button depending on whether they are on a desktop or mobile browser.
window.uport.request(requestToken).then(response => {
// send response back to server
})
Back in your server code you receive the token:
uport.receiveCredentials(responseToken).then(profile => {
// Store user profile
})
For more information about the contents of the profile object see the uport-persona documentation.
As part of the selective disclosure request you can ask for permission from your users to communicate directly with their app.
uport.requestCredentials({
requested:[...],
capabilities: ['push']
}).then(requestToken => {
// send to browser
})
Present it to the user like before. On the server you can receive the push token like this:
uport.receiveCredentials(responseToken).then(profile => {
// Store user profile
// Store push token securely
console.log(profile.pushToken)
})
Attesting information about your users helps add real value to your application. Your users will use uport to build up their own digital identity and your business is an important part of this.
If you're a financial institution you may be able to attest to KYC related information such as national identity numbers. If you're an educational application you may want to attest to your users achievements in a way that they can securely share.
Attestations are shareable private information that one party can sign about another party. They are designed to be shared privately by you to your users and by them to other users.
uport.attestCredentials({
sub: '0x...', // uport address of user
exp: <future timestamp>, // If your information is not permanent make sure to add an expires timestamp
claims: {name:'John Smith'}
}).then(attestation => {
// send attestation to user
})
As before you will want to send this to your user. You can do this in the browser
window.uport.request(attestation).then(response => {
})
If you requested a push notification token in the above selective disclosure step you can also send attestations directly to your users app in real time.
// Coming soon, not yet implemented
uport.pushTo(pushToken, attestation).then(response => {
})
import { Uport, Contract } from 'uport-node'
const tokenContract = new Contract(address, abi)
const txRequest = tokenContract.transfer(....)
In your front end use 'uport-browser' to present it to your user either as a QR code or as a uport-button depending on whether they are on a desktop or mobile browser.
window.uport.request(txRequest).then(txResponse => {
// send response back to server
})
Back in your server code you receive the txResponse. This is a standard ethereum transaction object that you can verify.
You can easily create custom signers that integrates into your existing signing infrastructure.
function sign(data, callback) {
const signature = '' // send your data to your back end signer and return DER signed data
callback(null, signature)
}
FAQs
Library for interacting with uport profiles and attestations
The npm package uport receives a total of 69 weekly downloads. As such, uport popularity was classified as not popular.
We found that uport demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.