Recover an identity#
The following sections demonstrate the process of creating a request to recover an identity from an identity provider. While accounts are stored on the Concordium blockchain, identities are stored by the selected identity provider during the creation process, and recovery is initiated by sending a request to that specific identity provider.
Generate an identity recovery request#
The following example demonstrates the process of generating an identity recovery request. Part of the input to the request is a secret value derived from the seed phrase, and this value should be kept secret in a similar manner as the seed phrase and account signing keys.
In the example below, functionality for retrieving the list of identity providers is present. To see an example of how to implement this function, see Get list of identity providers and their metadata.
import {
ConcordiumGRPCWebClient,
ConcordiumHdWallet,
createIdentityRecoveryRequestWithKeys,
IdentityProvider,
IdentityRecoveryRequestWithKeysInput,
} from '@concordium/web-sdk';
// The identity provider to attempt to recover an identity from. Here we simply select the first available, but
// in a recovery process a wallet would usually loop through all possible options.
const identityProvider: IdentityProvider = getIdentityProviders(walletProxyTestnetBaseUrl)[0];
const seedPhrase = 'fence tongue sell large master side flock bronze ice accident what humble bring heart swear record valley party jar caution horn cushion endorse position';
const network = 'Testnet'; // Or Mainnet, if working on mainnet.
const wallet = ConcordiumHdWallet.fromSeedPhrase(seedPhrase, network);
const idCredSec = wallet.getIdCredSec(identityProvider.ipInfo.ipIdentity, identityIndex).toString('hex');
const client = new ConcordiumGRPCWebClient(nodeAddress, nodePort);
const cryptographicParameters = await client.getCryptographicParameters();
const recoveryRequestInput: IdentityRecoveryRequestWithKeysInput = {
idCredSec,
ipInfo: identityProvider.ipInfo,
globalContext: cryptographicParameters,
timestamp: Math.floor(Date.now() / 1000),
};
const recoveryRequest: IdRecoveryRequest = createIdentityRecoveryRequestWithKeys(recoveryRequestInput);
import cash.z.ecc.android.bip39.Mnemonics
import com.concordium.sdk.ClientV2
import com.concordium.sdk.Connection
import com.concordium.sdk.TLSConfig
import com.concordium.sdk.crypto.wallet.ConcordiumHdWallet
import com.concordium.sdk.crypto.wallet.Identity
import com.concordium.sdk.crypto.wallet.IdentityRecoveryRequestInput
import com.concordium.sdk.crypto.wallet.Network
import com.concordium.sdk.requests.BlockQuery
fun createRecoveryRequest(): String {
// The identity provider to attempt to recover an identity from. Here we simply select the first available, but
// in a recovery process a wallet would usually loop through all possible options.
val identityProvider = getIdentityProviders(walletProxyTestnetBaseUrl)[0]
val seedPhrase = "fence tongue sell large master side flock bronze ice accident what humble bring heart swear record valley party jar caution horn cushion endorse position"
@OptIn(ExperimentalStdlibApi::class)
val seedAsHex = Mnemonics.MnemonicCode(seedPhrase!!.toCharArray()).toSeed().toHexString()
val wallet = ConcordiumHdWallet.fromHex(seedAsHex, Network.TESTNET)
val idCredSec = wallet.getIdCredSec(identityProvider.ipInfo.ipIdentity.value, identityIndex)
val connection = Connection.newBuilder()
.host(nodeAddress)
.port(nodePort)
.useTLS(TLSConfig.auto())
.build()
val client = ClientV2.from(connection)
val cryptographicParameters = client.getCryptographicParameters(BlockQuery.BEST)
val input = IdentityRecoveryRequestInput.builder()
.globalContext(cryptographicParameters)
.ipInfo(identityProvider.ipInfo)
.idCredSec(idCredSec)
.timestamp(java.time.Instant.now().epochSecond)
.build()
return Identity.createIdentityRecoveryRequest(input)
}
The Swift SDK for iOS is still in development.
Send an identity recovery request#
The next step is to send the generated identity recovery request to the associated identity provider. If successful, the identity provider will return a redirect to the location from which the identity can be fetched.
import {
IdentityObjectV1,
IdRecoveryRequest,
Versioned
} from '@concordium/web-sdk';
// This identity provider must be identical to the one used to generate the identity
// recovery request, otherwise the request will fail.
const identityProvider: IdentityProviderWithMetadata = ...;
// See how to generate in the previous section.
const recoveryRequest: IdRecoveryRequest = ...;
const searchParams = new URLSearchParams({
state: JSON.stringify({ idRecoveryRequest: recoveryRequest }),
});
const url = `${identityProvider.metadata.recoveryStart}?${searchParams.toString()}`;
const response = await fetch(url);
if (!response.ok) {
throw new Error((await response.json()).message);
}
const identityResponse = await fetch(url);
if (identityResponse.ok) {
const versionedIdentity: Versioned<IdentityObjectV1> = await response.json();
// The identity object has been successfully recovered.
const identity: IdentityObjectV1 = versionedIdentity.value;
}
import com.concordium.sdk.crypto.wallet.identityobject.IdentityObject
import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
import okhttp3.OkHttpClient
import okhttp3.Request
@JsonAutoDetect
private data class VersionedIdentity(
val v: Number,
val value: IdentityObject
)
fun recoverIdentity(): IdentityObject {
// This identity provider must be identical to the one used to generate the identity
// recovery request, otherwise the request will fail.
const identityProvider: IdentityProvider = ...
// See how to generate in the previous section.
val recoveryRequest: String = ...
val baseUrl = identityProvider.metadata.recoveryStart
val recoveryUrl = Uri.parse(baseUrl!!).buildUpon().appendQueryParameter("state", recoveryRequest).build().toString()
val request = Request.Builder().url(recoveryUrl).build()
val httpClient = OkHttpClient().newBuilder().build()
httpClient.newCall(request).execute().use { response ->
response.body()?.use { body ->
// The identity object has been successfully recovered.
return jacksonObjectMapper().readValue(
body.string(),
VersionedIdentity::class.java
).value
}
}
throw Exception("Failed to recover identity");
}
import Concordium
import Foundation
// Inputs.
let seedPhrase = "fence tongue sell large master side flock bronze ice accident what humble bring heart swear record valley party jar caution horn cushion endorse position"
let network = Network.testnet
let identityProviderID = IdentityProviderID(3)
let identityIndex = IdentityIndex(7)
let walletProxyBaseURL = URL(string: "https://wallet-proxy.testnet.concordium.com")!
let anonymityRevocationThreshold = RevocationThreshold(2)
/// Perform identity recovery based on the inputs above.
func recoverIdentity(client: NodeClient) async throws {
let seed = try decodeSeed(seedPhrase, network)
let walletProxy = WalletProxy(baseURL: walletProxyBaseURL)
let identityProvider = try await findIdentityProvider(walletProxy, identityProviderID)!
// Construct recovery request.
let cryptoParams = try await client.cryptographicParameters(block: .lastFinal)
let identityReq = try makeIdentityRecoveryRequest(seed, cryptoParams, identityProvider, identityIndex)
// Execute request.
let identity = try await identityReq.send(session: URLSession.shared)
print("Successfully recovered identity: \(identity)")
}
// Duplicated in 'CreateAccount/main.swift'.
func makeIdentityRecoveryRequest(
_ seed: WalletSeed,
_ cryptoParams: CryptographicParameters,
_ identityProvider: IdentityProvider,
_ identityIndex: IdentityIndex
) throws -> IdentityRecoverRequest {
let identityRequestBuilder = SeedBasedIdentityRequestBuilder(
seed: seed,
cryptoParams: cryptoParams
)
let reqJSON = try identityRequestBuilder.recoveryRequestJSON(
provider: identityProvider.info,
index: identityIndex,
time: Date.now
)
let urlBuilder = IdentityRequestURLBuilder(callbackURL: nil)
return try urlBuilder.recoveryRequest(
baseURL: identityProvider.metadata.recoveryStart,
requestJSON: reqJSON
)
}
