Feature Friday n°7: Login with SSI in web2

Written By Tamino Baumann

Introduction

Hey friends,

Welcome to Feature Friday! Each week, this series highlights new identity features available with the walt.id tooling. Check out last week's lesson on Verification Policies For VCs! For feedback or episode suggestions, connect with us on Discord!

Today, we will explore Login with SSI in web2. A method of authentication where users become their own identity provider, giving them complete control over their data.

What is Login with SSI in web2 ?

Login with SSI in web2 involves employing Verifiable Credentials (VCs) or Decentralised Identifiers (DIDs) as a means of authentication in web2 applications. This is facilitated by the walt.id IDP-Kit, an OpenID Connect compliant identity provider that integrates effortlessly with any Identity and Access Management tool (such as Keycloak, Auth0), providing processing and verification capabilities for VCs and DIDs.

How it works

When a user decides to use their Verifiable Credentials (VC) or Decentralised Identifier (DID) to sign in to a web2 app, the regular Identity and Access Management solutions will redirect the user to the IDP Kit. The IDP Kit will then get and validate the user's VCs or DIDs, checking them against fixed or custom policies. The result of this check is then transformed into a compatible format (like a JWT token) which the traditional identity and access management systems can understand, and voila! A user session is created.

Features of the IDP-Kit

  • Works with any IAM: As long as the Identity Access Management (IAM) Tool (e.g. Keycloak, Auth0, Firebase) is compatible with OpenID Connect (OIDC) you can use the IDP-Kit as a decentralised identity provider enabling login with VCs and DIDs.

  • Configure and Customise: Configure what you want to verify about the VC or DID presented during authentication, using predefined polices for common use-cases or custom policies for more complex ones. Define how credential data is mapped to common scopes and claims (like profile or name) or define your own custom scopes and claims (like did).

  • Works across platforms: Verify Credentials based on did:key, did:ebsi, did:cheqd, did:web and many more.

  • Works across Credential Formats: Verify credentials in JWT/JSON_LD/SD-JWT formats.

  • Open-Source, Extensible: Using our tools you can leverage the wide range of already supported ecosystems and credential formats or extend our modular system bringing support for your own did:method, credential format and more.

Demo

Watch our short demo, showcasing a login with SSI in web2 using the walt.id IDP-Kit.

 
 

Get Started

  • Documentation - Learn more about the IDP-Kit and identity provision using SSI.

Join us for the upcoming Feature Friday to learn about Login with NFTs in web2

Now, here's your dose of tech humour for the day:

A SQL query walks into a bar, sees two tables and asks... "Can I join you?”


Catch you next Friday! Until then, feel free to join us on discord!


Best,

Tamino from walt.id

Tamino Baumann
Previous

Feature Friday n°8: NFT verification
Next

Feature Friday n°6: Verification Policies