Add support for W3C Verifiable Credentials issuance

[wyc]

Overview

TL;DR: Verify Twitter once on Uniswap Sybil, use anywhere.

Thank you to @krhoda for the implementation and instructions.

• This update enables the Sybil Cloudflare Worker to also issue Verifiable Credentials using DIDs representing Twitter verifications.
• The main workflow is left unchanged.
• With this change, people who verify themselves on Twitter through the Sybil workflow can now download a proof to their local machine or a credential wallet for off-chain or cross-chain presentation.
• For example, you could present this verification along with an Address Control Credential and proof of liquidity provision tx history to other projects and establish your identity there.
• This happens with the user in full control.

High Level Changes:

• Adds a /api/verifiable-credential route causing the worker to generate and cryptographically sign a verifiable credential attesting to the link in identities, only if the provided address exists in the sybil-list repository’s verified.json.
• Changes from a webpack based cloudflare worker to a WASM based cloudflare worker (all previous javascript is still in use, moved to the js directory, along with a new file js/handlers/verifiableCredential.js, webpack configuration now exposed -- rather than handled by wrangler)
• New local dependency on didkit and ssi to enable the verifiable credential generation.
• Dependency on the usage of the kv storage to cache the verifiable credentials (to minimize the number of times the worker has to cryptographically sign).

Updating Instructions

Complete, from-scratch instructions have been added to the README.md, but assuming an existing worker, the following actions will need to be taken:

The Rust codebase depends on two libraries, didkit and ssi. Currently, the only way to require them is through the path key in the Cargo.toml. Cloning these two projects to the same directory as the Sybil Verifier is required.

From the directory containing the Sybil Verifier repo:

$ git clone https://github.com/spruceid/ssi.git
$ git clone https://github.com/spruceid/didkit.git
$ ls
didkit ssi sybil-verifier-worker

Though it should be compatible with the main branches going forward, the following revisions have been tested and verified to work with this repository: ssi: 140639eb185b5e978c116cd0de5f808663ac2b14 didkit: 0742c085a132f452bd17750dd9f849c2832b7122

Back to the sybil-verifier-worker repo, the type key of wrangler.toml needs to change from ”webpack” to ”rust”.

A kv storage set up using wrangler to create KV namespace called VERIFIABLE_CREDENTIAL_STORE:

$ wrangler kv:namespace create "VERIFIABLE_CREDENTIAL_STORE"

If desired, create a preview KV space

$ wrangler kv:namespace create "VERIFIABLE_CREDENTIAL_STORE"  --preview

Then add the output of the above commands to the wrangler.toml:

kv_namespaces = [
	{ binding = "VERIFIABLE_CREDENTIAL_STORE", id = "<ID>", preview_id = "<PREVIEW_ID>" }
]

The wrangler-example.toml shows a good example of the final results of these two steps. NOTE: the output of those two commands will need to be combined. Repeated bindings will give trouble.

Finally, three new secrets have been added,

ISSUER_ADDRESS The public key of an Ethereum address used to sign verifiable credentials (in hex, ex. 0xDA320a...38A9a9d) SIGNING_KEY The corresponding private key of the ISSUER_ADDRESS (in hex, ex. 0xa85b047...c202ef)

REPO_OWNER The github username which hosts the corresponding sybil-list repo, so in this case “Uniswap”. All secrets are now laid out in the README.md

Build, Preview, Test and Publish

Once wrangler is properly set up, before previewing or publishing run the following from the root of the repo

$ npm run build

This is now required because wrangler handles the compilation of the WASM. The only difference is now the webpack configuration is explicit. Then run

$ wrangler publish

Or

$ wrangler preview

Verify Request:

Verifiable Credential: (e.g., https://sybil-verifier.rebase-verifier.workers.dev/api/verifiable-credential?account=0x66Aa8Bee5366b6b48811AE0Dac9Fe5e1EEfE1621)