Releasing uPort Libraries 1.0
Thousands of developers have already developed with uPort over the last 2 years. We listened to their experiences and created a completely new User Centric platform for Ethereum and Identity developers
We’ve been hard at work for the last several months upgrading aspects of our platform across the stack, including our recent announcement of our new standards-based identity architecture and mobile app.
This has all been part of our mission to make uPort a trustworthy, flexible, and inclusive identity solution that empowers people to take control of their relationships.
With the latest iteration of the uPort mobile app, creating an identity is easier than ever: free, instantaneous, and requiring no interaction with Ethereum.
What about the devs?
While we’re certainly proud of these accomplishments for end users, to fully empower people to take control of their relationships, we need to empower developers to seamlessly integrate uPort into a variety of applications.
For developers, uPort is a way of securely interacting with users and their data, while simultaneously respecting privacy.
By giving users greater control of their data, you can reduce the overhead required to maintain an application, eliminating the need for massive databases of user information, and building GDPR compliance into your architecture from the start. As a bonus, your users will have an easy on-ramp to the Ethereum ecosystem, abstracting away key and account management behind a simple user interface.
We’ve listened to you
After collecting extensive feedback from developers integrating uPort in both Web 2.0 and Web 3.0 applications, we have addressed a number of the major pain points and shortcomings of our libraries, and are excited to enter a new phase of development focusing on adding features that solve problems for our users: developers and non-developers alike.
Let’s get down to libs
First and foremost, we’ve clarified the purpose of each of our libraries to reduce redundancy and confusion, removing duplicated functionality between them, and settling on a (more) mature API which reflects this.
First among these is uPort Connect, our opinionated and fully featured library for interacting with a uPort identity from a web browser. This is the plug-n-play Self-Sovereign Identity solution you’ve always wanted: a decentralized equivalent of Facebook Connect, providing preconfigured flows to authenticate users, request data from their uPort mobile app, issue verified data back to them, and make transactions on the Ethereum network.
It can sign pieces of data as JSON Web Tokens (JWTs), verify data signed by other identities, and make selective disclosure requests for data held by other identities (such as a uPort mobile app).
This is the library you should use if your app has a specific identity that needs to issue credentials that can be tied back to it, or if your application needs to spin up new identities on the fly.
Finally, we’ve untangled the communication logic used by uPort Connect and are releasing it as a separate library, uPort Transports. This is the missing piece that helps transport messages created with uPort Credentials to users’ mobile apps, via QR codes, bridge servers, push notifications, or plain old links.
Based on feedback from developers, we’ve built out our variety of transports in response to issues that arise in trying to support communication with the uPort app from a variety of browsers and operating systems. You can use this library to craft your own channel of communication between an instance of uPort Credentials and the mobile app, whether it be in a browser, on a server, or on the moon.
So what’s inside?
Though separating concerns and cleaning up APIs is exciting on its own, the best parts of our 1.0 libraries are the features, which we describe in the context of uPort Connect:
- Browser-app identities. Gone are the days where you need to wonder how to keep a signing key safe in the browser, or accept unverified communication between your client-side app and users’ mobile devices. Now each instance of uPort Connect generates its own identity, which is used to sign requests and verifications for a mobile app. This identity is unique to the particular (d)app and browser, so users will always know that they’re interacting with the same one when they return.
- Privacy-preserving user sessions. In the old days, apps stored users’ information in databases, and gave their browsers access tokens to keep them logged in between sessions. We’ve adapted that concept for Web 3.0, by storing the app identity and logged in user’s did in localStorage, as well as an optional cache of any verified data they have shared with the app. When a user revisits the app, it can easily send them push notification without requiring a QR code scan, and populate the UI with their cached data (with its integrity guaranteed), all in a client-side app!
- Stateless request/response. The new uPort Connect separates the methods for requesting user data, and handling the responses when they arrive. This allows us to better support passing messages between the mobile app and certain mobile browsers, and also gives developers more flexibility to implement complex request flows that may handle a response on a different page from the one that made the original request.
Plus, since the libraries don’t exist in a vacuum, we’ve put together some new resources to help you get started with uPort.
- Revamped Developer Site. Greatly expanded with more content, examples, and code snippets, to help turn our libraries into your solutions. This will continue to evolve as we add more content over the coming weeks!
- New React Boilerplate. As a successor to the popular react-uport truffle box, we’ve updated it for this major release, and added inline documentation throughout to help ease the journey.
And that’s only the tip of the iceberg — we’ll cover our improvements to developer experience in more detail in a future post!
What else have we been working on?
At uPort we remain committed to open source and standards development, and have come up with the very first implementations of some of the standardized identity building blocks that make the uPort platform tick, some of which are useable far beyond uPort. All of these libraries are public for you to audit, follow, and/or contribute to! In particular, these are:
- did-jwt, for signing and verifying signatures for any DID-compliant identity;
- did-resolver, the universal resolver for Decentralized IDs;
- ethr-did-resolver, for resolving identities from Ethereum addresses via the ERC1056 specification; and of course
- The ethr-did-registry Smart Contract, which anchors it all to the blockchain.
Whether you’re interested in contributing or just want to ride the Self-Sovereign wave, as a member of the uPort Community you can look forward to focused, feature-oriented development as we move past 1.0. We’ve got plenty more features in the pipeline, and more updates coming as soon as next month! In the meantime, feel free to chat with us on riot, open an issue in any of our github repos, or shoot us a tweet, @uport_me.
See you at Devcon!