This page explains states and a typical flow of client-managed secret mode with the did:jwk method. See https://identity.foundation/did-registration/#client-managed-secret-mode for more information about the protocol.
¶ States
Possible states:
¶ Requests and Responses
¶ Request 1: Missing verificationMethod "#0"
Supported options:
- keyType: The type of key used to create the DID (e.g.
Ed25519,X25519,secp256k1,Bls12381G1,Bls12381G2,P-256,P-384,P-521, etc.)
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=jwk" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true,
"keyType": "Ed25519"
},
"secret": { },
"didDocument": { }
}'
¶ Response A: action=getVerificationMethod
{
"jobId": null,
"didState": {
"state": "action",
"action": "getVerificationMethod",
"verificationMethodTemplate": [{
"id": "#0",
"type": "JsonWebKey2020",
"purpose": ["authentication"],
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519"
}
}]
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}
¶ Request 2: verificationMethod "#0"
curl -H "Authorization: Bearer b082c420-df67-4b06-899c-b7c51d75fba0" \
-X POST "https://api.godiddy.com/0.1.0/universal-registrar/create?method=jwk" \
-H "Content-Type: application/json" \
-d '{
"options": {
"clientSecretMode": true
},
"secret": { },
"didDocument": {
"@context": ["https//www.w3.org/ns/did/v1"],
"verificationMethod": [{
"id": "#0",
"type": "JsonWebKey2020",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": "a0xf_YWRIGbPri6DjBygvDKvu4ddhNlBA5wetM2CHnk"
}
}]
}
}'
¶ Response B: state=finished
{
"jobId": "00000000-0000-0000-0000-000000000000",
"didState": {
"state": "finished",
"did": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImEweGZfWVdSSUdiUHJpNkRqQnlndkRLdnU0ZGRoTmxCQTV3ZXRNMkNIbmsifQ",
"secret": {
"verificationMethod": [
[{
"id": "#0",
"purpose": ["authentication"]
}, {
"id": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImEweGZfWVdSSUdiUHJpNkRqQnlndkRLdnU0ZGRoTmxCQTV3ZXRNMkNIbmsifQ#0",
"controller": "did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6ImEweGZfWVdSSUdiUHJpNkRqQnlndkRLdnU0ZGRoTmxCQTV3ZXRNMkNIbmsifQ",
"purpose": ["authentication", "assertionMethod", "capabilityInvocation", "capabilityDelegation", "keyAgreement"]
}]
]
}
},
"didRegistrationMetadata": { ... },
"didDocumentMetadata": { ... }
}
¶ OpenSSL Commands
¶ For Request 2:
Generate a new DID controller keypair (Ed25519):
openssl genpkey -algorithm ed25519 -outform DER >privkey
openssl pkey -in privkey -pubout -out pubkey -inform DER -outform DER
Convert DID controller public key to Base64URL:
cat pubkey| tail -c +13| basenc -w0 --base64url
The result can then used as value of x in Request 2.