trustdidweb-ts provides developers with a comprehensive library and resolver for working with Decentralized Identifiers (DIDs) following the did:tdw method specification. This Typescript-based toolkit is designed to facilitate the integration and management of DIDs within web applications, enabling secure identity verification and authentication processes. It includes functions for creating, resolving, updating and deactivating DIDs by managing DID documents. The package is built to ensure compatibility with the latest web development standards, offering a straightforward API that makes it easy to implement DID-based features in a variety of projects.
The trustdidweb-ts implementation of the did:tdw specification currently implements
the following features from the specification with the goal to be feature complete soon.
| Completed | Feature | Details |
|---|---|---|
| DONE | Ongoing publishing of all DID Document (DIDDoc) versions for a DID | Includes publishing alongside a did:web DID/DIDDoc. |
| DONE | The same DID-to-HTTPS transformation as did:web | - |
| DONE | Ability to resolve the full history of the DID | Uses a verifiable chain of updates from genesis to deactivation. |
| DONE | A self-certifying identifier (SCID) for the DID | Ensures global uniqueness, derived from the initial DIDDoc for portability. |
| DONE | DIDDoc updates include a proof signed by the DID Controller(s) | Proof required for updates, authorized by the DID Controller(s). |
| DONE | Optional mechanism for publishing "pre-rotation" keys | Helps prevent loss of control if an active private key is compromised. |
| TODO | DID URL path handling | Defaults to resolve /path/to/file by DID-to-HTTPS translation, can be overridden. |
| TODO | A DID URL path /whois | Automatically returns a Verifiable Presentation, if published by the DID controller. |
Install bun.sh
curl -fsSL https://bun.sh/install | bashbun installThe following commands are defined in the package.json file:
-
dev: Run the resolver in development mode with debugging enabled.bun run dev
This command runs:
bun --watch --inspect-wait ./src/resolver.ts -
server: Run the resolver in watch mode for development.bun run server
This command runs:
bun --watch ./src/resolver.ts -
test: Run all tests.bun run testThis command runs:
bun test -
test:watch: Run tests in watch mode, focusing on witness tests.bun run test:watch
This command runs:
bun test --watch witness -
test:bail: Run tests in watch mode, stopping on the first failure with verbose output.bun run test:bail
This command runs:
bun test --watch --bail --verbose -
test:log: Run tests and save the output to a log file.bun run test:log
This command runs:
mkdir -p ./test/logs && LOG_RESOLVES=true bun test &> ./test/logs/test-run.txt -
cli: Run the CLI tool.bun run cli [command] [options]
This command runs:
bun run src/cli.ts --
The CLI is Experimental, buggy and beta software -- use at your own risk!
The trustdidweb-ts package provides a Command Line Interface (CLI) for managing Decentralized Identifiers (DIDs) using the did:tdw method.
The general syntax for using the CLI is:
bun run cli [command] [options]To output the help using the CLI:
bun run cli help-
Create a DID
bun run cli create [options]
Options:
--domain [domain]: (Required) Domain for the DID--output [file]: (Optional) Path to save the DID log--portable: (Optional) Make the DID portable--prerotation: (Optional) Enable pre-rotation--witness [witness]: (Optional) Add a witness (can be used multiple times)--witness-threshold [n]: (Optional) Set witness threshold
Example:
bun run cli create --domain example.com --portable --witness did:tdw:QmWitness1:example.com --witness did:tdw:QmWitness2...:example.com
-
Resolve a DID
bun run cli resolve --did [did]
Example:
bun run cli resolve --did did:tdw:Qm...:example.com
-
Update a DID
bun run cli update [options]
Options:
--log [file]: (Required) Path to the DID log file--output [file]: (Optional) Path to save the updated DID log--prerotation: (Optional) Enable pre-rotation--witness [witness]: (Optional) Add a witness (can be used multiple times)--witness-threshold [n]: (Optional) Set witness threshold--service [service]: (Optional) Add a service (format: type,endpoint)--add-vm [type]: (Optional) Add a verification method--also-known-as [alias]: (Optional) Add an alsoKnownAs alias
Example:
bun run cli update --log ./did.jsonl --output ./updated-did.jsonl --add-vm keyAgreement --service LinkedDomains,https://example.com
-
Deactivate a DID
bun run cli deactivate [options]
Options:
--log [file]: (Required) Path to the DID log file--output [file]: (Optional) Path to save the deactivated DID log
Example:
bun run cli deactivate --log ./did.jsonl --output ./deactivated-did.jsonl
- The CLI automatically generates new authentication keys when creating or updating a DID.
- The
--portableoption in the create command allows the DID to be moved to a different domain later. - The
--prerotationoption enables key pre-rotation, which helps prevent loss of control if an active private key is compromised. - Witness functionality allows for third-party attestation of DID operations.
- The CLI saves the DID log to a file when the
--outputoption is provided. - For the update and deactivate commands, the existing DID log must be provided using the
--logoption.