Learn

Create & update revocable credentials

Overview

This tutorial explains how to create a credential that can be revoked and how to update the revocation status of the credential.

Create a revocable credential

To create a revocable credential, set the revocable attribute to true.

All Credentials issued via the OpenID Credential provisioning will not be revocable by default.

All credentials issued via OIDC Bridge will be revocable by default.

http
Copy to clipboard. 
1 POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/sign

Request

json
Copy to clipboard. 
1{
2    "payload": {
3        "@context": [
4          "https://schema.org"
5        ],       
6        "name": "Course credential",
7        "description": "Course credential description",
8        "type": [
9        "CourseCredential"
10        ],
11        "credentialSubject": {
12            "id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
13            "givenName": "Chris",
14            "familyName": "Shin",
15            "educationalCredentialAwarded": "Certificate Name"       
16        },       
17        "issuer": {
18            "id": " did:web:organization.com ",
19            "name": "tenant"   
20        },
21        "expirationDate": "2024-02-07T06:44:28.952Z"
22    },
23    
24    "revocable": true,
25    
26}
27

Response

The resulting credential will have a credentialStatus object pointing to the revocation list.

json
Copy to clipboard. 
1{
2  "id": "e6c9b6a2-d87b-4be1-8b3a-f3dc13b44b5c",
3  "credential": {
4    {
5      "@context": [
6        "https://www.w3.org/2018/credentials/v1",
7        "https://schema.org",
8        "https://w3id.org/vc-revocation-list-2020/v1"
9      ],
10      "type": [
11        "VerifiableCredential",
12        "CourseCredential"
13      ],
14      "credentialStatus": {
15        "id": "https://YOUR_TENANT_URL/core/v1/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3#4",
16        "type": "RevocationList2020Status",
17        "revocationListIndex": "4",
18        "revocationListCredential": "https://YOUR_TENANT_URL/core/v1/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3"
19      },
20      "issuer": {
21        "id": "did:web:organization.com",
22        "name": "Organisation"
23      },
24      "name": "Course credential",
25      "description": "Course credential description",
26      "credentialSubject": {
27        "id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
28        "givenName": "Chris",
29        "familyName": "Shin",
30        "educationalCredentialAwarded": "Certificate Name"
31      },
32      "issuanceDate": "2020-10-08T03:00:12.478Z",
33      "expirationDate": "2023-02-21T06:44:28.952Z",
34      "proof": {
35        "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..PFXv7Kgc8tqxBELiLvPLgeksfo0hlE4adV3_zt6MRcyYY26FGxiB4ctAVez25JW86Z1o6EAbuGKVctMYB_psCw",
36        "type": "Ed25519Signature2018",
37        "created": "2020-10-08T03:00:12Z",
38        "proofPurpose": "assertionMethod",
39        "verificationMethod": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi#z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi"
40      }
41    }
42  },
43  "issuanceDate": "2020-10-08T03:00:12.478Z"
44}

https://w3id.org/vc-revocation-list-2020/v1 was automatically added to the @context, which defines the JSON-LD definition of the credentialStatus object.

The credentialStatus contains the revocation list information.

The id of the credentialStatus uniquely defines the credential status.

The RevocationList2020Status type indicates that the credential status is defined by a revocation list.

The revocationListIndex points to the location of the bit indicating if the credential is revoked or not.

The revocationListCredential contains the URL to obtain the revocation list.

Revoke a credential

In order to revoke a credential as an Issuer, you need to provide the id of the credential to be revoked.

Credential ID's can be found using the Credential Registry, the credentialStatus property is stored as meta-data for reference.

Using the Set credential revocation status endpoint, set isRevoked to true in the request body.

http
Copy to clipboard. 
1POST https://YOUR_TENANT_URL/v2/credentials/web-semantic/e6c9b6a2-d87b-4be1-8b3a-f3dc13b44b5c/revocation-status

json
Copy to clipboard. 
1{
2  "isRevoked": true
3}

If the credential id provided is not a revocable credential a 404 is returned.

When a revoked credential is being presented as per the verify a credential tutorial, MATTR VII will prevent the credential claims from being presented to the relying party.

Setting to un-revoked

Revoked credentials can be made un-revoked by setting the isRevoked to false. This change is immediate, however there may be a slight delay of a few seconds for processing and caching to refresh.

Check the revocation status of a credential

To obtain the revocation status of a credential that you have issued, you need to provide the id of that credential.

Credential ID's can be found using the Credential Registry, revocable credentials also display their credentialStatus property information for reference.

Call the Retrieve credential revocation status endpoint with the credential id

http
Copy to clipboard. 
1GET
2https://YOUR_TENANT_URL/v2/credentials/
3web-semantics/sign/e6c9b6a2-d87b-4be1-8b3a-f3dc13b44b5c/revocation-status

Response

json
Copy to clipboard. 
1{
2  "isRevoked": true
3}