🖖 User verification

Now let's verify the Trusted Account that has just authenticated on your platform. We will later use the same steps to sign-in and sign-up users (User sign-in/up). Click the button to check out the verification flow in a Figma click-prototype.

Verify user

We use the ID Token of the user that we got from the User authorization to make the user unique on your platform. Find the sub property within the ID Token. The sub property holds the Trusted ID of the user. This is a unique identifier of this specific Trusted Account on your platform.

ID Token (decrypted)

validated ID Token claims {
    "acr":"0", 
    "at_hash":string,
    "aud":[
        "your_client"
    ],
    "auth_time":1676621900,
    "exp":1676625503,
    "iat":1676621903,
    "iss":"https://auth.trustedaccounts.org/",
    "jti":string,
    "rat":1676621894,
    "sid":string,
    "sub":"kjlgku3847uosjjfkl2389742iohlfskdjf98793od" //This is the Trusted ID
}

Store this Trusted ID with the user's profile on your platform. Make sure that a Trusted ID only exists once. This makes sure that a user can only verify one account on your platform per Trusted Account.

Verify user (example code)

User.find({ta_verification_id}: ta_verification_id)
    .exec(function (err: any, user: any) {
        if(!user) {
            //no account with this Trusted ID exists yet
            //verify currently logged in account
        } else {
            //this Trusted ID has already been used
            //don't allow user to verify more than one account with the same Trusted ID
        }
}

info

The Trusted ID of the user is fully anonymized by Trusted Accounts. The ID can not be connected with accounts the user might have on other platforms.

danger

Be careful with deleting Trusted IDs on your platform. The user could just create a new account on your platform with the same Trusted Account.