IdentifyService
Portable KYC Verification
DEV MODE - do not use in production

Verification

Pass identity verification for your connected wallet. Use the proof anywhere.

Verification Flow

What is Identify Service?

Identify Service is a portable KYC (Know Your Customer) verification system on the TRON blockchain. It allows you to pass identity verification once and receive a cryptographic proof (JWT token) that can be used across multiple applications and services without repeating the process.

Your personal documents (passport, selfie) are processed by Didit, an independent KYC verification provider. Your documents are never stored on the blockchain. Only the fact of verification, a `bytes32` reference derived from your wallet address, and the signed JWT token published in the on-chain event log are recorded on-chain.

How to Use (Step by Step)

1
Connect Wallet
Open the app and connect your TronLink wallet. Make sure you are on the correct TRON network and have some TRX for the registration fee.
2
Register
Click "Start Verification". Your wallet will ask you to confirm a transaction that pays the registration fee in TRX. Once confirmed, your status changes to WAIT and a verification session is created automatically.
3
Pass Identity Check
You are redirected to the KYC provider's website. Upload a photo of your ID document (passport, driver's license, or national ID) and take a selfie. If you closed the page, click "Continue Verification" to return.
4
Wait for Result
The KYC provider verifies your document and matches your selfie. This usually takes a few minutes. Return to the app and wait for the status to update automatically.
5
Receive JWT Token
Once verified, the app shows a "View JWT Token" button. This JWT is your portable proof of identity. You can copy it, download it, and present it to any service that accepts Identify JWT tokens.

What is a JWT Token?

A JWT (JSON Web Token) is a compact, digitally signed string that contains verifiable claims. Your Identify JWT contains:

  • ref - your wallet address (bytes32 representation)
  • verified - confirmation that you passed identity verification
  • provider - the KYC provider that verified you
  • session - the verification session ID
  • exp - expiration date (based on your ID document expiry)
  • iss - the Identify service domain (issuer)

The token is signed with an ES256 (ECDSA P-256) key. Anyone can verify the signature using the public key published at the JWKS endpoint, without contacting any server. The token does not contain any personal information (no name, no document number, no photo).

Frequently Asked Questions

What do I need to get started?

A browser with the TronLink extension (or TronLink mobile app), a TRON wallet with some TRX for the registration fee, and a valid government-issued ID document (passport, driver's license, or national ID card).

What personal data is stored on the blockchain?

No personally identifiable information (PII) is stored on-chain. The blockchain only records: a `bytes32` reference derived from your wallet address, the verification status (WAIT/VERIFIED/DECLINED/EXPIRED), and the signed JWT token published in the on-chain event log. Your name, document number, photo, and selfie are never published on the blockchain.

Who processes my documents?

Your identity documents are processed by Didit, an independent KYC verification provider. Identify Service does not have access to your photos or document details. Only the verification result (approved or declined) is communicated back to the system.

How long does verification take?

The document check usually takes 1-5 minutes. After you submit your documents on the KYC provider's page, you can close it and return to the app. The status updates automatically.

What if my verification is declined?

If your verification is declined, you can try again by clicking "Try Again". A new registration fee will be charged. Common reasons for decline: blurry document photo, face not matching the document, expired ID, or unsupported document type.

How long is the verification valid?

The JWT token expiration is based on your ID document's expiry date. If your document expires in 5 years, your verification will be valid for up to 5 years. Once expired, you can re-register and verify again.

Can I verify a different wallet?

Yes. Connect a different wallet and register it separately. Each wallet requires its own registration and fee.

How can a third party verify my JWT?

There are two ways:

  • On-chain: call isVerified(ref) on the Identify contract to check if a reference is currently verified.
  • Off-chain: verify the JWT signature using the public key from the JWKS endpoint. This works without any blockchain calls and is free.

You can also paste a JWT into the "Check" tab in this app to verify it.

Is the registration fee refundable?

No. The TRX fee is paid to cover the cost of the blockchain transaction and the KYC provider's verification session. It is not refunded regardless of the verification outcome.

Can the blockchain record be deleted?

No. Data published on the blockchain is permanent. GDPR Article 17 (right to erasure) does not apply to blockchain data. If your jurisdiction requires the right to data deletion, do not use this service. See the Conditions tab for full terms.

What if I lose my JWT token?

If your wallet status is VERIFIED, simply connect your wallet on the Verify tab and the JWT will be fetched automatically from the Worker service.

Contract Specification

Contract
Network
Fee loading...
Paused loading...
Explorer View on Tronscan

Architecture

The system consists of three components:

  • Identify Contract (on-chain) - stores verification statuses and the JWT public key. All state transitions happen here. The contract has no access to personal data.
  • Worker (off-chain server) - an intermediary that creates KYC sessions with the provider, receives verification results via webhook, signs JWT tokens, and writes results to the contract. The worker holds the signing key but never stores personal data.
  • KYC Provider (third-party) - performs the actual identity check: document OCR, face matching, liveness detection. Personal data stays with the provider and is subject to their privacy policy.

Verification Statuses

NOT REGISTERED No record for this wallet. Can register.
WAIT Registered, waiting for identity check result.
VERIFIED Identity verified. JWT token available.
DECLINED Verification failed. Can try again.
EXPIRED Verification expired. Can renew.

Contract Functions

User functions:

register() Pay fee and register your wallet for verification
cancel() Cancel pending verification (WAIT -> EXPIRED)
isVerified(ref) Check if a reference is currently verified (view, free)
status(ref) Get current status: 0=none, 1=WAIT, 3=VERIFIED, 4=DECLINED, 5=EXPIRED (view, free)
verification(ref) Get expiration timestamp and session ID (view, free)

Worker functions (called only by the authorized worker):

verify(ref, jwt, expiresAt, sessionId) Mark as verified, store JWT in event
decline(ref, data) Mark as declined with reason
expire(ref) Mark as expired
revoke(ref, data) Revoke verified status (owner or worker)

Technical Flow

1
register()
User sends transaction with TRX fee. Contract sets status to WAIT and emits StatusChanged event.
2
App requests verification session
App calls Worker /start endpoint, which creates a verification session with the KYC provider and returns the verification URL.
3
User passes KYC
User opens the link, uploads ID + selfie. Provider processes and sends result via webhook to the worker.
4
Worker writes result
On approval: worker signs a JWT (ES256) and calls verify(ref, jwt, expiresAt, sessionId). The JWT is stored in the StatusChanged event data. On decline: worker calls decline(ref, reason). On expiry: worker calls expire(ref).
5
JWT verification
Anyone can verify the JWT signature using the public key from the JWKS endpoint or from the contract's jwtPublicKey field. No server calls needed.

Security & Privacy

  • No PII on-chain. The blockchain stores only: reference string, status, and JWT token. No names, document numbers, photos, or biometric data.
  • JWT contains no personal data. The token only proves that the reference passed verification. It includes the provider name, session ID, and expiration - nothing else.
  • ES256 signatures. JWT tokens are signed with ECDSA P-256. The signing key is held securely by the worker. The public key is available at the JWKS endpoint and in the contract.
  • Webhook verification. Results from the KYC provider are authenticated with HMAC-SHA256 and timestamp validation (300-second window) to prevent replay attacks.
  • Write-once worker. Only the authorized worker address can call verify(), decline(), and expire(). The worker address is set by the contract owner.
  • Immutable results. Once a reference is verified, the on-chain status and JWT event cannot be altered or deleted. This is by design: the proof is permanent.

How to Verify the Contract

  • Open the contract address in Tronscan and read the Solidity source code.
  • Call isVerified(ref) directly on Tronscan (Contract → Read Contract) to check any reference for free.
  • Call jwtPublicKey() to read the public signing key and verify JWT tokens offline.
  • Read StatusChanged events for any reference to see the full verification history.
  • The registration fee is readable via fee(). No hidden charges.

Check Wallet

Enter any TRON wallet address to check its verification status.

Verify JWT Token

Paste a JWT token to verify its signature and view contents.

Loading...
Awaiting transaction confirmation in TronLink