Skip to main content

🖖 3. Verify users

Now we use the ID Token from the previous step to check that the user is unique and trusted.

Within the ID Token there is a sub property which holds the Trusted ID. Each Trusted Account has a Trusted ID as a unique identifier per platform. Add the Trusted ID to a user profile to verify the profile.

Unique users

Before adding the Trusted ID to a user's profile, make sure that the Trusted ID is unique (has not been used before). This will ensure that your users are unique and real.

ID Token (decrypted)
validated ID Token claims {
"acr":"0",
"at_hash":string,
"aud":[
"your_client"
],
"auth_time":1676621900,
"exp":1676625503,
"iat":1676621903,
"iss":"https://auth.trustedaccounts.org/",
"jti":string,
"rat":1676621894,
"sid":string,
"sub":"kjlgku3847uosjjfkl2389742iohlfskdjf98793od" //This is the Trusted ID
}
Verify user (example code)
User.find({ta_verification_id}: ta_verification_id)
.exec(function (err: any, user: any) {
if(!user) {
//no account with this Trusted ID exists yet
//verify currently logged in account
} else {
//this Trusted ID has already been used
//don't allow user to verify more than one account using the same Trusted ID
}
}

You are done. The user is now officially verified, unique and trusted. Give them a verification badge, give them access to protected areas, extra features, etc. Treat them like a real person.