World ID

Intro to IDKit

This guide assumes you have already completed the steps to set up the Developer Portal.

IDKit is required in your app's frontend for Incognito Actions, both for Cloud and On-Chain use cases.

Creating actions

Create an action for your app in the Developer Portal. You must provide the following values:

  • Action Name: The stringified action to be taken by the user.
  • Description: This is shown to your user in the World app as they sign with their World ID. Make sure to fully describe the exact action the user is taking.
  • Max Verifications: For Cloud actions only. The number of times a user can take this action. A value of 0 indicates that unlimited verifications can take place.

An action scopes uniqueness for users, which means users will always generate the same ID (nullifier hash) when performing the same action. Cloud actions natively handle sybil-resistance with a limit set in the Developer Portal. For on-chain use cases, you can track this nullifier hash in your smart contract to implement sybil-resistance.

Installing IDKit

The JS package can be included in your project either as a module (which supports tree shaking to reduce bundle size) or you can add the script directly to your website.

Install IDKit

npm install @worldcoin/idkit

Usage

Import and render IDKit. You'll want to do this on the screen where the user executes the protected action (e.g. before they click "Claim airdrop" or "Vote on proposal").

import { IDKitWidget } from '@worldcoin/idkit'

<IDKitWidget
	app_id="app_GBkZ1KlVUdFTjeMXKlVUdFT" // obtained from the Developer Portal
	action="vote_1" // this is your action name from the Developer Portal
	onSuccess={onSuccess} // callback when the modal is closed
	handleVerify={handleVerify} // optional callback when the proof is received
	verification_level={VerificationLevel.Device}
>
	{({ open }) => <button onClick={open}>Verify with World ID</button>}
</IDKitWidget>

More configuration options can be found in the IDKit reference.

When a user clicks the button, the IDKit modal will open and prompt them to scan a QR code and verify with World ID. Once this proof is received, the optional handleVerify callback is called immediately and the onSuccess callback will be called when the modal is closed. One of these callbacks should begin the process of verifying the proof.

IDKit with Dynamic Actions

To accommodate dynamic content, actions can also be created at the time a user completes a World ID verification. Simply pass the desired action and action_description values in IDKit's parameters. A new action will automatically be created and tracked, and will appear the next time you log into the Developer Portal.

If using dynamic actions on-chain, you will need to re-calculate the externalNullifierHash for each action you wish to verify. Read more here.

As an example, using IDKit with Dynamic Actions may look like this:

const getUserChoice = userId => {
	const choice = userChoices['userId']
	return choice
}

return (
	<IDKitWidget
        {/* ... */}
		action={getUserChoice(userId)}
        {/* ... */}
    >
    </IDKitWidget>
)

Response

Upon successful completion of the World ID flow, you will receive a response object. This response object of type ISuccessResult has the following attributes. Normally, you will forward these parameters to your backend or smart contract for verification.

ISuccessResult

{
	"merkle_root": "0x1f38b57f3bdf96f05ea62fa68814871bf0ca8ce4dbe073d8497d5a6b0a53e5e0",
	"nullifier_hash": "0x0339861e70a9bdb6b01a88c7534a3332db915d3d06511b79a5724221a6958fbe",
	"proof": "0x063942fd7ea1616f17787d2e3374c1826ebcd2d41d2394...",
	"verification_level": "orb"
}
  • Name
    merkle_root
    Type
    string
    Description

    This is the hash pointer to the root of the Merkle tree that proves membership of the user's identity in the list of identities verified by the Orb. ABI encoded.

  • Name
    nullifier_hash
    Type
    string
    Description

    The unique identifier for this combination of user, app, and action. ABI encoded.

  • Name
    proof
    Type
    string
    Description

    The Zero-knowledge proof of the verification. ABI encoded.

  • Name
    verification_level
    Type
    "orb" | "device"
    Description

    Either orb or device. Returns the verification_level used to generate the proof.

Verify the Proof

You must verify the proof returned from IDKit with the API or smart contract before allowing a user to perform an action. The process varies depending on your use case. Proceed to the Cloud Verification or On-Chain Verification sections to learn how to verify proofs.