Configure Mobile Driver’s License Verification Presentation Request
Learn how to use Auth0’s Verification Service for with Verifiable Credentials such as Mobile Driver’s Licenses.
Auth0’s Mobile Driver’s License Verification Service is in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0’s release stages, read Product Release Stages.
Auth0’s Mobile Driver’s License Verification Service allows you to initiate a verification request for a user’s Mobile Driver’s License (mDL) to validate mDL claims, such as age and country of residence. mDL verification is useful for a variety of use cases, such as allowing end users to rent cars or access age-restricted products.
To create a Verification Presentation Request, your application calls the mDL Verification API to initiate a verification flow. The Verification Presentation Request returns a URI with the presentation request information for the user’s digital wallet to consume. Your application presents the URI to the user in the form of a link and prompts them to share their credential with your application. The Verification Presentation Request also returns a verificationId. Your application uses the verificationId to poll the status of the request.
The instructions follow along with the hands-on lab using a Next.js application. You can access our GitHub repository.
If you want to embed the mDL Verification API to use inside your application, you need to update your .env file. The API calls to create and poll the verification request require repeated access to Auth0 variables. We recommend you set these variables as environment variables in your application.For a Next.js application, edit the .env.local file and set the corresponding values:
AUTH0_DOMAIN: The Domain specified under the application’s BasicInformation in . Defines the Application performing the Verification Request.
PROTOCOL: The protocol determines the method used for interacting with the wallet.
TEMPLATE_ID: The Template ID from the template you created.
VERIFICATION_BEARER_TOKEN: The Verification Bearer Token that is generated based on your , , , and Grant Type that allows your application to call the Verification Service.
The Verification Template defines the fields you want to request from a user’s digital wallet, including mDL claims. The Verification Template is part of the first call to the mDL Verification API. You can create the Verification Template using the Auth0 Dashboard or . Currently, Auth0 only supports the mDoc credential type. An mDoc is a binary data object for representing a driver’s license as defined in Annex A of the ISO/IEC TS 18013-7:2024 standard.
You should only request verification data that is essential for your business purposes.
Claims, which are different from claims, are specific to the mDL Verifiable Credential. The claims are attributes associated with the user that could be sensitive, personally identifiable information (PII).You can request the following claims:
Make a POST request to the Create a verifiable credential template endpoint with the Verification Template definition as the body and the following request headers:
A Verification Presentation Request keeps track of a verification request in Auth0. To initiate a Verification Presentation Request within your application:
Create a new folder named api in the same folder where the index.js file is located.
Create a new folder named verify in the api folder you created.
Create a new file named start.js in the api/verify folder.
Add the following code snippet to the start.js file:
Copier
import fetch from "node-fetch";
The snippet imports the node-fetch module, which you use to make HTTP calls to the Mobile Driver’s License Verification API.
Map the environment variables from the .env.local file. If you are using Next.js, it will parse this file by default and map the variables to the process.env object:
Copier
const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN;const TEMPLATE_ID = process.env.TEMPLATE_ID;const PROTOCOL = process.env.PROTOCOL;const VERIFICATION_BEARER_TOKEN = process.env.AUTH0_CLIENT_ID;if (!AUTH0_DOMAIN) throw new Error("AUTH0_DOMAIN not set");if (!TEMPLATE_ID) throw new Error("TEMPLATE_ID not set");if (!PROTOCOL) throw new Error("PROTOCOL not set");if (!VERIFICATION_BEARER_TOKEN) throw new Error("VERIFICATION_BEARER_TOKEN not set");
Add the code snippets to the start.js file.
The handler() function handles HTTP requests in an API route.
The run() function makes a POST request to the Mobile Driver’s License Verification API to start a verification request. The returned object has two variables:
engagement: The URIwith the verification request information for the end user’s wallet to consume.
verificationId: Auth0’s unique identifier of the verification request.
To prompt the user to present a credential, you must provide the returned engagement URI. The first API request to initiate the verification request returns an engagement URI and Verification ID for the user. We recommend you display the engagement link in the form of a QR code or link. If the user is on a device that their wallet is not, such as a tablet or computer, a QR code is helpful. To learn more, review the Node.js example.If the user is on their mobile device, the link prompts the end user to open their wallet and based on the requested type of credentials, the wallet may auto-select an appropriate credential. The user is usually prompted for consent.
Check the Verification Presentation Request’s status
Once you create a verification request, the application needs to know if the user consented to submit a credential to Auth0. To do that, we need to poll the status of the Verification Presentation Request. To do so:
Create a new file named check.js in the /api/verify folder you already created.
Import the node-fetch library and load the required environment variables.
Copier
const AUTH0_DOMAIN = process.env.AUTH0_DOMAIN;const VERIFICATION_BEARER_TOKEN = process.env.AUTH0_CLIENT_ID;if (!AUTH0_DOMAIN) throw new Error("AUTH0_DOMAIN not set");if (!VERIFICATION_BEARER_TOKEN) throw new Error("VERIFICATION_BEARER_TOKEN not set");
The HTTP handler is similar to the previous one, but the Verification ID must be extracted from the Verification POST request body so your application can exchange the requested claims with Auth0:
Implement the run() function. This function uses the Verification ID to exchange the requested claims with Auth0 and returns the result.
Copier
async function run(verificationId) { if (!verificationId) throw new Error("verificationId not found"); const result = await fetch( `https://${AUTH0_DOMAIN}/vdcs/verification/${verificationId}`, { method: "get", headers: { "authorization": `bearer ${VERIFICATION_BEARER_TOKEN}`, "content-type": "application/json", }, } ); const data = await result.json(); if (data.presentation) { data.presentation = JSON.parse(data.presentation); } return data;}
The endpoint that checks the status of the Verification Presentation Request can return several different status codes, which indicates the request is ongoing, unsuccessful, or successful. To learn more, read Mobile Driver’s License API.
The claims requested will be available in the result and can be used based on your business needs. If additional storage is required, read Understand How Metadata Works in User Profiles.
Auth0 metadata is not a secure data store and should not be used to store sensitive information. This includes secrets and high-risk PII like social security numbers or credit card numbers, etc. Auth0 customers are strongly encouraged to evaluate the data stored in metadata and only store that which is necessary for identity and access management purposes. To learn more, read Auth0 General Data Protection Regulation Compliance.
