UNPKG

@worldcoin/idkit-core

Version:

Core IDKit SDK for World ID - Pure TypeScript, no dependencies

github.com/worldcoin/idkit

worldcoin/idkit

130 lines (98 loc) 3.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# @worldcoin/idkit-core World ID verification SDK for JavaScript/TypeScript. Zero dependencies, WASM-powered. ## Installation ```bash npm install @worldcoin/idkit-core ``` ## Backend: Generate RP Signature The RP signature authenticates your verification requests. Generate it server-side using the `/signing` subpath (pure JS, no WASM init needed): ```typescript import { signRequest } from "@worldcoin/idkit-core/signing"; // Never expose RP_SIGNING_KEY to clients const sig = signRequest({ action: "my-action", signingKeyHex: process.env.RP_SIGNING_KEY!, }); // Return to client res.json({ sig: sig.sig, nonce: sig.nonce, created_at: sig.createdAt, expires_at: sig.expiresAt, }); ``` ## Client: Create Verification Request ### Using Presets For common verification scenarios with World ID 3.0 backward compatibility: ```typescript import { IDKit, orbLegacy } from "@worldcoin/idkit-core"; // Fetch signature from your backend const rpSig = await fetch("/api/rp-signature").then((r) => r.json()); const request = await IDKit.request({ app_id: "app_xxxxx", action: "my-action", rp_context: { rp_id: "rp_xxxxx", nonce: rpSig.nonce, created_at: rpSig.created_at, expires_at: rpSig.expires_at, signature: rpSig.sig, }, allow_legacy_proofs: false, return_to: "myapp://idkit/callback", }).preset(orbLegacy({ signal: "user-123" })); // Display QR code for World App const qrUrl = request.connectorURI; ``` **Available presets:** `orbLegacy`, `documentLegacy`, `secureDocumentLegacy`, `deviceLegacy`, `selfieCheckLegacy` Selfie check preset example: ```typescript import { IDKit, selfieCheckLegacy } from "@worldcoin/idkit-core"; const request = await IDKit.request({ app_id: "app_xxxxx", action: "my-action", rp_context: rpContext, allow_legacy_proofs: false, }).preset(selfieCheckLegacy({ signal: "user-123" })); ``` ## Handling the Result Poll for the verification proof, then verify it server-side: ```typescript // Wait for the user to scan and approve const completion = await request.pollUntilCompletion({ pollInterval: 2000, timeout: 120_000, }); if (!completion.success) { console.error("Verification failed:", completion.error); return; } // Send proof to your backend for verification const verified = await fetch("/api/verify-proof", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(completion.result), }).then((r) => r.json()); ``` On your backend, forward the result to the Developer Portal: ```typescript const response = await fetch( `https://developer.worldcoin.org/api/v4/verify/${RP_ID}`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(req.body), }, ); const { success } = await response.json(); ``` ## Subpath Exports Pure JS subpath exports are available for server-side use without WASM initialization: | Subpath | Exports | | ---------- | ----------------------------------------------------------------------------------------- | | `/signing` | `signRequest`, `computeRpSignatureMessage`, `RpSignature` and `SignRequestParams` (types) | | `/hashing` | `hashSignal` | ```typescript import { signRequest } from "@worldcoin/idkit-core/signing"; import { hashSignal } from "@worldcoin/idkit-core/hashing"; ```