affinidi-did-authentication

Authentication using proof of DID ownership. A client proves it controls a DID by encrypting a server-issued challenge with the DID's private keys, enabling service-level authentication and authorisation without passwords.

How It Works

sequenceDiagram
    participant Client
    participant Service

    Client->>Service: Request challenge (with DID)
    Service->>Client: Encrypted challenge
    Client->>Client: Decrypt with DID private key
    Client->>Service: Return decrypted challenge
    Service->>Client: Authenticated session

Installation

[dependencies]
affinidi-did-authentication = "0.3"

Usage

As a library

Integrate DID authentication into your Rust services by using the library API.

As a binary

A test binary is available in the affinidi-tdk crate:

# Using an environment profile
cargo run -- -a did:web:meetingplace.world environment -n Alice

# Manually providing a DID (pass secrets via STDIN)
cargo run -- -a did:web:example.com manual -d did:peer:2...

Related Crates

• affinidi-secrets-resolver — Secret management (dependency)
• affinidi-did-resolver-cache-sdk — DID resolution (dependency)
• affinidi-tdk-common — Shared TDK utilities

License

Apache-2.0