IdentifyService
Portable KYC Verification
DEV MODE - do not use in production
Not connected

Verification

Pass identity verification once. Use the proof anywhere.

Verification Flow

1
Verification Link
Waiting for verification link
2
Identity Check
Pass identity verification
3
Result
Waiting for verification result

What is Identify Service?

Identify Service is a portable KYC (Know Your Customer) verification system on the TRON blockchain. It allows you to pass identity verification once and receive a cryptographic proof (JWT token) that can be used across multiple applications and services without repeating the process.

Your personal documents (passport, selfie) are processed by Didit, an independent KYC verification provider. Your documents are never stored on the blockchain. Only the fact of verification, the reference string you chose, and the signed JWT token are recorded on-chain.

How to Use (Step by Step)

1
Connect Wallet
Open the app and connect your TronLink wallet. Make sure you are on the correct TRON network and have some TRX for the registration fee.
2
Enter Reference
Enter a reference string that you want to verify, or leave the field empty to use your connected wallet address. The reference can be any string: an email, a username, etc. It will be linked to your verification result.
3
Register
Click "Get Verification Link". Your wallet will ask you to confirm a transaction that pays the registration fee in TRX. Once confirmed, your status changes to PENDING and the system prepares a verification session for you.
4
Open Verification Link
After a few seconds, a verification link appears. Click "Open Verification Page" to go to the KYC provider's website. There you will upload a photo of your ID document (passport, driver's license, or national ID) and take a selfie.
5
Pass Identity Check
The KYC provider verifies your document and matches your selfie. This usually takes a few minutes. You can close the tab and come back to the app later.
6
Receive JWT Token
Once verified, the app shows a "View JWT Token" button. This JWT is your portable proof of identity. You can copy it, download it, and present it to any service that accepts Identify JWT tokens.

What is a JWT Token?

A JWT (JSON Web Token) is a compact, digitally signed string that contains verifiable claims. Your Identify JWT contains:

  • ref - your reference string (wallet address or other identifier)
  • verified - confirmation that you passed identity verification
  • provider - the KYC provider that verified you
  • session - the verification session ID
  • exp - expiration date (based on your ID document expiry)
  • iss - the Identify contract address (issuer)

The token is signed with an ES256 (ECDSA P-256) key. Anyone can verify the signature using the public key published at the JWKS endpoint, without contacting any server. The token does not contain any personal information (no name, no document number, no photo).

Frequently Asked Questions

What do I need to get started?

A browser with the TronLink extension (or TronLink mobile app), a TRON wallet with some TRX for the registration fee, and a valid government-issued ID document (passport, driver's license, or national ID card).

What personal data is stored on the blockchain?

No personally identifiable information (PII) is stored on-chain. The blockchain only records: your reference string, the verification status (pending/verified/declined), and the signed JWT token. Your name, document number, photo, and selfie are never published on the blockchain.

Who processes my documents?

Your identity documents are processed by Didit, an independent KYC verification provider. Identify Service does not have access to your photos or document details. Only the verification result (approved or declined) is communicated back to the system.

How long does verification take?

The document check usually takes 1-5 minutes. After you submit your documents on the KYC provider's page, you can close it and return to the app. The status updates automatically.

What if my verification is declined?

If your verification is declined, you can try again by clicking "Get Verification Link" once more. A new registration fee will be charged. Common reasons for decline: blurry document photo, face not matching the document, expired ID, or unsupported document type.

How long is the verification valid?

The JWT token expiration is based on your ID document's expiry date. If your document expires in 5 years, your verification will be valid for up to 5 years. Once expired, you can re-register and verify again.

Can I verify a different reference later?

Yes. Each reference is independent. You can verify multiple references (e.g., your wallet address and your email) separately. Each verification requires a separate registration and fee.

How can a third party verify my JWT?

There are two ways:

  • On-chain: call isVerified(ref) on the Identify contract to check if a reference is currently verified.
  • Off-chain: verify the JWT signature using the public key from the JWKS endpoint. This works without any blockchain calls and is free.

You can also paste a JWT into the "Token" tab in this app to verify it.

Is the registration fee refundable?

No. The TRX fee is paid to cover the cost of the blockchain transaction and the KYC provider's verification session. It is not refunded regardless of the verification outcome.

Can the blockchain record be deleted?

No. Data published on the blockchain is permanent. GDPR Article 17 (right to erasure) does not apply to blockchain data. If your jurisdiction requires the right to data deletion, do not use this service. See the Conditions tab for full terms.

What if I lose my JWT token?

The JWT is stored in a blockchain event and can always be retrieved. Simply enter your reference on the Verify tab - if your status is VERIFIED, the JWT will be shown again.

Contract Specification

Contract
Network
Fee loading...
Paused loading...
Explorer View on Tronscan

Architecture

The system consists of three components:

  • Identify Contract (on-chain) - stores verification statuses and the JWT public key. All state transitions happen here. The contract has no access to personal data.
  • Worker (off-chain server) - an intermediary that creates KYC sessions with the provider, receives verification results via webhook, signs JWT tokens, and writes results to the contract. The worker holds the signing key but never stores personal data.
  • KYC Provider (third-party) - performs the actual identity check: document OCR, face matching, liveness detection. Personal data stays with the provider and is subject to their privacy policy.

Verification Statuses

NOT REGISTERED No record for this reference. Can register.
PENDING Registered, waiting for identity check.
VERIFIED Identity verified. JWT token available.
DECLINED Verification failed. Can try again.

Contract Functions

User functions (called by anyone):

register(ref) Pay fee and register a reference for verification
isVerified(ref) Check if a reference is currently verified (view, free)
status(ref) Get current status: 0/1/2/3 (view, free)
verifiedUntil(ref) Get expiration timestamp (view, free)

Worker functions (called only by the authorized worker):

setUrl(ref, url) Write verification link for a pending reference
verify(ref, jwt, exp) Mark reference as verified, store JWT in event
decline(ref, data) Mark reference as declined with reason

Technical Flow

1
register(ref)
User sends transaction with TRX fee. Contract sets status to PENDING and emits StatusChanged event.
2
Worker cron detects PENDING
Worker reads new StatusChanged events, creates a verification session with the KYC provider, and writes the verification URL to the contract via setUrl().
3
User passes KYC
User opens the link, uploads ID + selfie. Provider processes and sends result via webhook to the worker.
4
Worker writes result
On approval: worker signs a JWT (ES256) and calls verify(ref, jwt, expiresAt). The JWT is stored in the StatusChanged event data. On decline: worker calls decline(ref, reason).
5
JWT verification
Anyone can verify the JWT signature using the public key from the JWKS endpoint or from the contract's jwtPublicKey field. No server calls needed.

Security & Privacy

  • No PII on-chain. The blockchain stores only: reference string, status, and JWT token. No names, document numbers, photos, or biometric data.
  • JWT contains no personal data. The token only proves that the reference passed verification. It includes the provider name, session ID, and expiration - nothing else.
  • ES256 signatures. JWT tokens are signed with ECDSA P-256. The signing key is held securely by the worker. The public key is available at the JWKS endpoint and in the contract.
  • Webhook verification. Results from the KYC provider are authenticated with HMAC-SHA256 and timestamp validation (300-second window) to prevent replay attacks.
  • Write-once worker. Only the authorized worker address can call verify(), decline(), and setUrl(). The worker address is set by the contract owner.
  • Immutable results. Once a reference is verified, the on-chain status and JWT event cannot be altered or deleted. This is by design: the proof is permanent.

How to Verify the Contract

  • Open the contract address in Tronscan and read the Solidity source code.
  • Call isVerified(ref) directly on Tronscan (Contract → Read Contract) to check any reference for free.
  • Call jwtPublicKey() to read the public signing key and verify JWT tokens offline.
  • Read StatusChanged events for any reference to see the full verification history.
  • The registration fee is readable via fee(). No hidden charges.

Verify JWT Token

Paste a JWT token to verify its signature and view contents.

Loading...