Skip to main content

Credential Revocation

danger

TODO: Not tested; assume nothing works

Introduction

In this tutorial, we will explore advanced credential issuance scenarios and learn how to revoke credentials using Veramo. This will help you handle more complex identity scenarios and ensure that invalid or outdated credentials can be appropriately managed.

Steps

Prerequisites

Before you begin, follow the prerequisites for installation and configuration instructions.

1. Issue a Credential with Multiple Claims

First, let's issue a credential with multiple claims.

veramo credential create

Select the following options:

? Credential proofFormat jwt
? Issuer DID did:web:identity.foundation:demos:sample_dids:company
? Subject DID did:ethr:0x0232c23a85049404480dac15519bfc74d36b2f6afad1dff7400fb2d09b6423c7fc
? Credential Type VerifiableCredential,EmployeeCredential
? Claim Type employeeOf,role
? Claim Value Sample Company,Manager

Expected output:

{
  "credentialSubject": {
    "employeeOf": "Sample Company",
    "role": "Manager",
    "id": "did:ethr:0x0232c23a85049404480dac15519bfc74d36b2f6afad1dff7400fb2d09b6423c7fc"
  },
  "issuer": { "id": "did:web:identity.foundation:demos:sample_dids:company" },
  "type": ["VerifiableCredential", "EmployeeCredential"],
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://veramo.io/contexts/profile/v1"
  ],
  "issuanceDate": "2024-06-21T22:32:02.000Z",
  "proof": {
    "type": "JwtProof2020",
    "jwt": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QifQ.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdmVyYW1vLmlvL2NvbnRleHRzL3Byb2ZpbGUvdjEiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkVtcGxveWVlQ3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJlbXBsb3llZU9mIjoiU2FtcGxlIENvbXBhbnkiLCJyb2xlIjoiTWFuYWdlciJ9fSwic3ViIjoiZGlkOmV0aHI6MHgwMjMyYzIzYTg1MDQ5NDA0NDgwZGFjMTU1MTliZmM3NGQzNmIyZjZhZmFkMWRmZjc0MDBmYjJkMDliNjQyM2M3ZmMiLCJuYmYiOjE3MTkwMDkxMjIsImlzcyI6ImRpZDp3ZWI6aWRlbnRpdHkuZm91bmRhdGlvbjpkZW1vczpzYW1wbGVfZGlkczpzYW1wbGVfb3JnIn0.lhDIDDbe-Uf3UcyStnxYgoZjKybWI4OswjeIGuXeBNs6HG8RU4ysGXPU_IoJYr_StpRciCF0VjywHxTVxbnZBw"
  }
}

2. Revoke a Credential

To revoke a credential, you need to update your credential registry with a revocation list. Below is an example of how to revoke a credential using Veramo:

const { createAgent } = require("@veramo/core");
const {
  CredentialIssuer,
  CredentialVerifier,
} = require("@veramo/credential-w3c");
const { DataStore, DataStoreORM } = require("@veramo/data-store");

const agent = createAgent({
  plugins: [
    new CredentialIssuer(),
    new CredentialVerifier(),
    new DataStore(),
    new DataStoreORM(),
  ],
});

async function revokeCredential(credentialHash) {
  // Assuming you have a revocation list stored in your data store
  const revocationList = await agent.dataStoreGetRevocationList();

  // Add the credential hash to the revocation list
  revocationList.push(credentialHash);

  // Save the updated revocation list
  await agent.dataStoreSaveRevocationList({ list: revocationList });

  console.log("Credential revoked successfully");
}

// Example usage
const credentialHash = "some-credential-hash"; // Replace with actual credential hash
revokeCredential(credentialHash);