Decentralized ID (DID) tokens are used as cryptographically-generated proofs that are used to manage user access to your application's resource server.
What is a DID Token?
By adapting W3C's Decentralized Identifiers (DID) protocol, the DID token created by the Magic client-side SDK (see
getIdToken) leverages the Ethereum blockchain and elliptic curve cryptography to generate verifiable proofs of identity and authorization. These proofs are encoded in a lightweight, digital signature that can be shared between client and server to manage permissions; protect routes and resources, or authenticate users.
The DID token is encoded as a Base64 JSON string tuple representing
proof: A digital signature that proves the validity of the given
claim: Unsigned data the user asserts. This should equal the
proofafter Elliptic Curve recovery.
Decentralized ID Token Specification
|Issued at timestamp (UTC in seconds).|
|Expiration timestamp (UTC in seconds).|
|Not valid before timestamp (UTC in seconds).|
|Issuer (the signer, the "user"). This field is represented as a Decentralized Identifier populated with the user's Ethereum public key.|
|The "subject" of the request. This field is currently populated with the user's Magic entity ID. Note: this is separate from the user's Ethereum public key.|
|Identifies the project space. This field is represented as a Decentralized Identifier populated with a UUID. In the future, this field will represent the application's Magic entity ID.|
|An encrypted signature of arbitrary, serialized data. The usage of this field is up to the developer and use-case dependent. It's handy for validating information passed between client and server. The raw data must be known to the developer in order to recover the token!|
|Unique token identifier.|