uPort AppManager: Create an identity for your app and begin building trust with users
Today we are opening initial testing for uPort AppManager. We will continue improving performance, documentation, and features over the coming weeks. Register your app today, and let us know what you think.
uPort AppManager is how developers create and manage identities for their applications. Application identities on Ethereum allow for more rich, secure, and meaningful relationships between your app and your users.
While uPort identities commonly represent people, we designed the technology to be extensible to also support identification of organizations, businesses, applications, and devices. Learn more about uPort Identities.
If you have ever developed applications on a centralized platform like Facebook, Apple AppStore, or Google PlayStore, you are familiar with registering your application. Platform operators make app registration a requirement so they can protect their users from malicious applications.
The uPort Application ID is a similar concept, except you are registering a decentralized application on a decentralized network. Since there is no platform operator (middleman) on Ethereum like there is on Facebook, it is your job to build a trusted relationship with your users. uPort AppManager helps you take the first step to building trust with your users.
What can you do with an application identity?
Identify your app to your users
The most important thing you can do with an application identity is identify your app to your users during interactions on the uPort mobile app.
The first time a user interacts with your app on the uPort platform, the identity of your app will be added as a Connection within their mobile app. This creates a place for the user to find information that your app has shared with them, and view a history of interactions between you and them.
Issue Verifiable Credentials
Registering your application identity with AppManager allows you to issue Verifiable Credentials to your users. Credentials are how you attest to facts about a user, such as a verified email address, a GitHub username, or other aspects of their interaction with your app such as average account balance, number of transactions, etc.
User credentials are located in the About Me section of the uPort mobile app. Users can share their credentials with other identities, apps, and businesses. The uPort credential system allows apps and businesses to help bootstrap a person’s identity and reputation in a decentralized way, while allowing the user to maintain control.
Sending Push Notifications to the uPort Mobile App
I will go into this with more detail in another article in a couple of days, but you will also be able to send transactions and verifiable credentials directly to your users’ uPort mobile app using your Application Identity.
Step by Step Guide
1. Go to App Manager
Go to https://appmanager.uport.me.
2. Login with your uport App
Press the Login button and scan the QR code.
3. Create app
Scan the QR code with the uPort app and authorize the transaction. This Transaction creates a completely new uPort Identity for your app.
4. Enter your application Details
Add your name, description, url, and upload a logo and banner image.
5. Publish app details
This brings up yet another QR code that you should scan on your uPort app. This creates the transaction registering your application details in the uPort registry on the blockchain.
6. Make a note of your application Credentials
You need the application address and the signing key in the app.
Using your Application credentials in your app
For a simple browser dapp, you can simply include the applications address as the clientId when creating your application using uport-connect.
import { Connect } from 'uport-connect'
const uport = new Connect('YOUR APP NAME', {
clientId: 'YOUR APPLICATION ID FROM APP MANAGER'
})This will identify your app and create unsigned requests to the user’s mobile app.
In-browser signed requests for Prototyping and Proof of Concepts
The real power of Apps registered with the AppManager is that you can create requests to the user for private information and create signed Verified Credentials to send back to your users.
Signing implies having a signing key which we create for you as part of creating your app. If that signing key is available to your user in their browser it would be very easy for them to create fake requests on your behalf.
That said, many developers are experimenting with use cases and creating proof of concepts of blockchain apps right now. In these cases early prototypes can still be created 100% in the browser.
import { Connect, SimpleSigner } from 'uport-connect'
const uport = new Connect('YOUR APP NAME', {
clientId: 'YOUR APPLICATION ID FROM APP MANAGER',
signer: SimpleSigner('YOUR SIGNING KEY FROM APP MANAGER')
})This allows you to experiment with the full set of uPort features such as requesting private credentials, attesting credentials, etc.
Configuring your Server side Application for Production Use
For server side apps you should use the uport library directly. This is also used behind the scenes in uport-connect. The uport library creates and builds JWT objects that are used to communicate securely between your app and your user’s uPort mobile app.
import { Credentials, SimpleSigner } from 'uport'
const credentials = new Credentials({
appName: 'App Name',
address: 'Application ID'
signer: SimpleSigner(process.env.PRIVATE_KEY)
})The SimpleSigner creates a very simple implementation of a signing function. It would be fairly easy to create a similar function delegating signing to a HSM or other more secure implementation.
See the tutorial for the uPort library for how to use this in more details.
