Credential Revocation
Finally, Issuer may decide to revoke or invalidate any credential. Therefore, you will have to execute the revocation process. Having a credential revoked what it means is that the Holder will not be able to generate any proof. When you revoke a credential what we are doing is generate a new Sparse Merkle Tree Proof of revocation. Therefore, we need the Issuer's state to be processed once the revocation action is executed. And obviously this state transition will be marked by the interval we have set. It is important to note that the effect of the revocation will not be visible until this Issuer state transition is executed.
Examples
- Typescript
- Python
- Java
- PHP
- Golang
import { Bloock, KeyClient, IdentityClient, DidMethod, Key } from '@bloock/sdk';
try {
// we set the API key and create a client
Bloock.setApiKey(process.env['API_KEY'] || '');
// we set de identity managed API host you have deployed
Bloock.setIdentityApiHost(process.env['IDENTITY_MANAGED_API_HOST'] || '');
// initialize the Key Client
const keyClient = new KeyClient();
// initialize the IdentityClient
const identityClient = new IdentityClient();
// we must have our Issuer Baby JubJub key identifier. Ex: 6f36448d-49f3-4b0e-aa72-6e55863302e8
const savedIssuerKey = '6f36448d-49f3-4b0e-aa72-6e55863302e8';
const loadedManagedKey = await keyClient.loadManagedKey(savedIssuerKey);
// if we don't have our Issuer entity, here you can import you Issuer from the key
const importedIssuerKey = new Key(loadedManagedKey);
const issuerMethodDID = DidMethod.PolygonID;
const importedIssuer = await identityClient.importIssuer(
importedIssuerKey,
issuerMethodDID
);
// we create the credential, passing credential information
const schemaCID = 'QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne'; // schema identifier created before. Ex: QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne. REQUIRED.
const holderDID =
'did:polygonid:polygon:main:2q544HUegzeRpwr3V2qu9eMwgrAmF5x4E1NCPzbQc4'; // the DID of the Holder to whom the credential will be associated. REQUIRED.
const expiration = 4089852142; // unix timestamp when the credential will expire. REQUIRED.
const credentialVersion = 0; // credential version. By default it's set to 0. REQUIRED.
const receipt = await identityClient
.buildCredential(
importedIssuer,
schemaCID,
holderDID,
expiration,
credentialVersion
)
.withIntegerAttribute('number', 1)
.withDecimalAttribute('salary', 3000.7)
.withStringAttribute('nif', '54688188M')
.withBooleanAttribute('previous_formation', true)
.withDateAttribute('birth_date', new Date(1999, 3, 20))
.withDateTimeAttribute('time_registered', new Date(Date.now()))
.withStringAttribute('country', 'spain')
.withIntegerAttribute('brother', 1)
.withDecimalAttribute('height', 1.7)
.build();
// once the credential created, we need to get the credential itself
const credential = receipt.credential;
// with the issuer and the credential we then could call the revocation function
const ok = await identityClient.revokeCredential(credential, importedIssuer);
if (!ok) {
throw new Error('Unexpected result');
}
// right now the credential it's revoked, but we need to wait our interval issuer state transition to be executed
} catch (e) {
console.log(e);
}
import os
import datetime
import bloock
from bloock.client.identity import IdentityClient
from bloock.client.key import KeyClient
from bloock.entity.key.key import Key
from bloock.entity.identity.did_method import DidMethod
# we set the API key and create a client
bloock.api_key = os.environ["API_KEY"]
# we set de identity managed API host you have deployed
bloock.identity_api_host = os.environ["IDENTITY_MANAGED_API_HOST"]
# initialize the Key Client
key_client = KeyClient()
# initialize the IdentityClient
identity_client = IdentityClient()
# we must have our Issuer Baby JubJub key identifier. Ex: 6f36448d-49f3-4b0e-aa72-6e55863302e8
saved_issuer_key = "6f36448d-49f3-4b0e-aa72-6e55863302e8"
loaded_managed_key = key_client.load_managed_key(saved_issuer_key)
# if we don't have our Issuer entity, here you can import you Issuer from the key
imported_issuer_key = Key(loaded_managed_key)
issuer_method_did = DidMethod.PolygonID
issuer = identity_client.import_issuer(
imported_issuer_key, issuer_method_did)
# we create the credential, passing credential information
# schema identifier created before. Ex: QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne. REQUIRED.
schema_cid = "QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne"
# the DID of the Holder to whom the credential will be associated. REQUIRED.
holder_did = "did:polygonid:polygon:main:2q544HUegzeRpwr3V2qu9eMwgrAmF5x4E1NCPzbQc4"
# unix timestamp when the credential will expire. REQUIRED.
expiration = 4089852142
# credential version. By default, it's set to 0. REQUIRED.
version = 0
receipt = identity_client.build_credential(issuer, schema_cid, holder_did, expiration, version) \
.with_integer_attribute("number", 1) \
.with_decimal_attribute("salary", 3000.70) \
.with_string_attribute("nif", "54688188M") \
.with_boolean_attribute("previous_formation", True) \
.with_date_attribute("birth_date", datetime.date(1999, 3, 20)) \
.with_datetime_attribute("time_registered", datetime.datetime.now()) \
.with_string_attribute("country", "spain") \
.with_integer_attribute("brother", 1) \
.with_decimal_attribute("height", 1.70) \
.build()
# once the credential created, we need to get the credential itself
credential = receipt.credential
# with the issuer and the credential we then could call the revocation function
ok = identity_client.revoke_credential(credential, issuer)
if not ok:
raise Exception("Unexpected result")
# right now the credential it's revoked, but we need to wait our interval
# issuer state transition to be executed
import java.io.IOException;
import java.time.LocalDate;
import java.time.LocalDateTime;
import com.bloock.sdk.Bloock;
import com.bloock.sdk.client.IdentityClient;
import com.bloock.sdk.client.KeyClient;
import com.bloock.sdk.entity.identity.CredentialReceipt;
import com.bloock.sdk.entity.identity.DidMethod;
import com.bloock.sdk.entity.identity.Issuer;
import com.bloock.sdk.entity.key.Key;
import com.bloock.sdk.entity.key.ManagedKey;
import com.bloock.sdk.entity.identity.Credential;
public class CredentialRevocation {
public static void main(String[] args) throws Exception {
try {
// we set the API key and create a client
Bloock.apiKey = System.getenv("API_KEY");
// we set de identity managed API host you have deployed
Bloock.identityApiHost = System.getenv("IDENTITY_MANAGED_API_HOST");
// initialize the Key Client
KeyClient keyClient = new KeyClient();
// initialize the IdentityClient
IdentityClient identityClient = new IdentityClient();
// we must have our Issuer Baby JubJub key identifier. Ex: 6f36448d-49f3-4b0e-aa72-6e55863302e8
String savedIssuerKey = "6f36448d-49f3-4b0e-aa72-6e55863302e8";
ManagedKey loadedManagedKey = keyClient.loadManagedKey(savedIssuerKey);
// if we don't have our Issuer entity, here you can import you Issuer from the key
Key importedIssuerKey = new Key(loadedManagedKey);
DidMethod issuerMethodDID = DidMethod.PolygonID;
Issuer importedIssuer = identityClient.importIssuer(importedIssuerKey, issuerMethodDID);
// we create the credential, passing credential information
// schema identifier created before. Ex:
// QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne. REQUIRED.
String schemaCID = "QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne";
// the DID of the Holder to whom the credential will be associated. REQUIRED.
String holderDID = "did:polygonid:polygon:main:2q544HUegzeRpwr3V2qu9eMwgrAmF5x4E1NCPzbQc";
// unix timestamp when the credential will expire. REQUIRED.
Long expiration = 4089852142L;
// credential version. By default it's set to 0. REQUIRED.
int credentialVersion = 0;
CredentialReceipt receipt = identityClient
.buildCredential(importedIssuer, schemaCID, holderDID, expiration, credentialVersion)
.withIntegerAttribute("number", 1L)
.withDecimalAttribute("salary", 3000.70)
.withStringAttribute("nif", "54688188M")
.withBooleanAttribute("previous_formation", true)
.withDateAttribute("birth_date", LocalDate.of(1999, 3, 20))
.withDatetimeAttribute("time_registered", LocalDateTime.now())
.withStringAttribute("country", "spain")
.withIntegerAttribute("brother", 1L)
.withDecimalAttribute("height", 1.70)
.build();
// once the credential created, we need to get the credential itself
Credential credential = receipt.getCredential();
// with the issuer and the credential we then could call the revocation function
boolean ok = identityClient.revokeCredential(credential, importedIssuer);
if (!ok) {
throw new Exception("Unexpected result");
}
// right now the credential it's revoked, but we need to wait our interval issuer state transition to be executed
} catch (Exception e) {
System.out.println(e);
}
}
}
<?php
use Bloock\Bloock;
use Bloock\Client\KeyClient;
use Bloock\Client\IdentityClient;
use Bloock\Entity\Key\Key;
use Bloock\Entity\Identity\DidMethod;
require "./vendor/autoload.php";
// we set the API key and create a client
Bloock::$apiKey = getenv("API_KEY") ?: "";
// we set de identity managed API host you have deployed
Bloock::$identityApiHost = getenv("IDENTITY_MANAGED_API_HOST") ?: "";
// initialize the Key Client
$keyClient = new KeyClient();
// initialize the IdentityClient
$identityClient = new IdentityClient();
// we must have our Issuer Baby JubJub key identifier. Ex: 6f36448d-49f3-4b0e-aa72-6e55863302e8
$savedIssuerKey = "6f36448d-49f3-4b0e-aa72-6e55863302e8";
$loadedManagedKey = $keyClient->loadManagedKey($savedIssuerKey);
// if we don't have our Issuer entity, here you can import you Issuer from the key
$importedIssuerKey = new Key($loadedManagedKey);
$issuerMethodDID = DidMethod::PolygonID;
$importedIssuer = $identityClient->importIssuer($importedIssuerKey, $issuerMethodDID);
// we create the credential, passing credential information
$schemaCID = "QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne"; // schema identifier created before. Ex: QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne. REQUIRED.
$holderDID = "did:polygonid:polygon:main:2q544HUegzeRpwr3V2qu9eMwgrAmF5x4E1NCPzbQc4"; // the DID of the Holder to whom the credential will be associated. REQUIRED.
$expiration = 4089852142; // unix timestamp when the credential will expire. REQUIRED.
$credentialVersion = 0; // credential version. By default it's set to 0. REQUIRED.
$receipt = $identityClient->buildCredential($importedIssuer, $schemaCID, $holderDID, $expiration, $credentialVersion)
->withIntegerAttribute("number", 1)
->withDecimalAttribute("salary", 3000.70)
->withStringAttribute("nif", "54688188M")
->withBooleanAttribute("previous_formation", true)
->withDateAttribute("birth_date", new DateTime("1999-03-20"))
->withDatetimeAttribute("time_registered", new DateTime)
->withStringAttribute("country", "spain")
->withIntegerAttribute("brother", 1)
->withDecimalAttribute("height", 1.70)
->build();
// once the credential created, we need to get the credential itself
$credential = $receipt->getCredential();
// with the issuer and the credential we then could call the revocation function
$ok = $identityClient->revokeCredential($credential, $importedIssuer);
if (!$ok) {
throw new Exception("Unexpected result", 1);
}
// right now the credential it's revoked, but we need to wait our interval issuer state transition to be executed
package main
import (
"log"
"os"
"time"
"github.com/bloock/bloock-sdk-go/v2"
"github.com/bloock/bloock-sdk-go/v2/client"
"github.com/bloock/bloock-sdk-go/v2/entity/identity"
"github.com/bloock/bloock-sdk-go/v2/entity/key"
)
func main() {
// we set the API key and create a client
bloock.ApiKey = os.Getenv("API_KEY")
// we set de identity managed API host you have deployed
bloock.IdentityApiHost = os.Getenv("IDENTITY_MANAGED_API_HOST")
// initialize the Key Client
keyClient := client.NewKeyClient()
// initialize the IdentityClient
identityClient := client.NewIdentityClient()
// we must have our Issuer Baby JubJub key identifier. Ex: 6f36448d-49f3-4b0e-aa72-6e55863302e8
savedIssuerKey := "6f36448d-49f3-4b0e-aa72-6e55863302e8"
loadedManagedKey, err := keyClient.LoadManagedKey(savedIssuerKey)
if err != nil {
log.Fatalln(err)
}
// if we don't have our Issuer entity, here you can import you Issuer from the key
importedIssuerKey := key.Key{ManagedKey: &loadedManagedKey}
issuerMethodDID := identity.PolygonID
importedIssuer, err := identityClient.ImportIssuer(importedIssuerKey, issuerMethodDID)
if err != nil {
log.Fatalln(err)
}
// we create the credential, passing credential information
schemaCID := "QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne" // schema identifier created before. Ex: QmadTvnNKvj2fBDgen35uAp1TfP9pSPVCNeDWw4fitqqne. REQUIRED.
holderDID := "did:polygonid:polygon:main:2q544HUegzeRpwr3V2qu9eMwgrAmF5x4E1NCPzbQc4" // the DID of the Holder to whom the credential will be associated. REQUIRED.
expiration := int64(4089852142) // unix timestamp when the credential will expire. REQUIRED.
credentialVersion := int32(0) // credential version. By default it's set to 0. REQUIRED.
receipt, err := identityClient.BuildCredential(importedIssuer, schemaCID, holderDID, expiration, credentialVersion).
WithIntegerAttribute("number", 1).
WithDecimalAttribute("salary", 3000.70).
WithStringAttribute("nif", "54688188M").
WithBooleanAttribute("previous_formation", true).
WithDateAttribute("birth_date", time.Date(1999, time.March, 20, 0, 0, 0, 0, time.UTC)).
WithDatetimeAttribute("time_registered", time.Now()).
WithStringAttribute("country", "spain").
WithIntegerAttribute("brother", 1).
WithDecimalAttribute("height", 1.70).
Build()
if err != nil {
log.Fatalln(err)
}
// once the credential created, we need to get the credential itself
credential := receipt.Credential
// with the issuer and the credential we then could call the revocation function
ok, err := identityClient.RevokeCredential(credential, importedIssuer)
if err != nil {
log.Fatalln(err)
}
if !ok {
log.Fatalln("unexpected result")
}
// right now the credential it's revoked, but we need to wait our interval issuer state transition to be executed
}