rename "docs" directory to "doc"

Reviewed-on: https://gitea.anomalistdesign.com/trent_larson/crowd-funder-for-time-pwa/pulls/118

README.md

@@ -10,7 +10,7 @@ See [project.task.yaml](project.task.yaml) for current priorities.
 
 ## Setup
 
-We have pkgx.dev set up in package.json, so you can use `dev` to set up the dev environment.
+We like pkgx: `sh <(curl https://pkgx.sh) +npm sh`
 
 ```
 npm install
@@ -47,7 +47,7 @@ npm run lint
 ```
 # (Let's replace this with a .env.development or .env.staging file.)
 # The test BVC_MEETUPS_PROJECT_CLAIM_ID does not resolve as a URL because it's only in the test DB and the prod redirect won't redirect there.
-TIME_SAFARI_APP_TITLE="TimeSafari_Test" VITE_BVC_MEETUPS_PROJECT_CLAIM_ID=https://endorser.ch/entity/01HNTZYJJXTGT0EZS3VEJGX7AK VITE_DEFAULT_ENDORSER_API_SERVER=https://test-api.endorser.ch VITE_DEFAULT_IMAGE_API_SERVER=https://test-image-api.timesafari.app npm run build
+TIME_SAFARI_APP_TITLE="TimeSafari_Test" VITE_BVC_MEETUPS_PROJECT_CLAIM_ID=https://endorser.ch/entity/01HNTZYJJXTGT0EZS3VEJGX7AK VITE_DEFAULT_ENDORSER_API_SERVER=https://test-api.endorser.ch VITE_DEFAULT_IMAGE_API_SERVER=https://test-image-api.timesafari.app PASSKEYS_ENABLED=yep npm run build
 ```
 
   * Production

doc/README.md

@@ -0,0 +1,66 @@
+# TimeSafari Docs
+
+## Generating PDF from Markdown on OSx
+
+This uses Pandoc and BasicTex (LaTeX) Installed through Homebrew.
+
+### Set Up
+
+```bash 
+# See https://daniel.feldroy.com/posts/setting-up-latex-on-mac-os-x
+brew install pandoc
+
+brew install basictex
+
+pandoc keystore-migration.md -o keystore-migration.pdf
+
+# Setting up LaTex packages
+
+# First update tlmgr
+sudo tlmgr update --self
+
+# Then install LaTex packages
+sudo tlmgr install titlesec
+sudo tlmgr install framed
+sudo tlmgr install threeparttable
+sudo tlmgr install wrapfig
+sudo tlmgr install multirow
+sudo tlmgr install enumitem
+sudo tlmgr install bbding
+sudo tlmgr install titling  # Required for the fancy headers used
+sudo tlmgr install tabu
+sudo tlmgr install mdframed
+sudo tlmgr install tcolorbox
+sudo tlmgr install textpos
+sudo tlmgr install import
+sudo tlmgr install varwidth
+sudo tlmgr install needspace
+sudo tlmgr install tocloft  # Required for \tableofcontents generation
+sudo tlmgr install ntheorem
+sudo tlmgr install environ
+sudo tlmgr install trimspaces
+sudo tlmgr install lastpage  # Enables Page X of Y
+sudo tlmgr install collection-fontsrecommended # And set up fonts
+sudo tlmgr install libertine # The main font the doc uses
+
+
+```
+
+### Usage
+
+Use the `pandoc` command to generate a PDF.
+
+```bash
+pandoc usage-guide.md -o usage-guide.pdf 
+```
+
+And you can open the PDF with the `open` command.
+
+```bash
+open usage-guide.pdf
+```
+
+Or use this one-liner
+```bash
+pandoc usage-guide.md -o usage-guide.pdf && open usage-guide.pdf
+```

doc/usage-guide.md

@@ -0,0 +1,316 @@
+---
+geometry: margin=1in
+header-includes:
+    - \usepackage{graphicx}
+    - \usepackage{titling}
+    - \usepackage{fancyhdr}
+    - \usepackage{lastpage}
+    - \pagestyle{fancy}
+    - \fancyhead[L]{Time Safari Usage Guide}
+    - \fancyhead[C]{Page \thepage\ of \pageref{LastPage}}
+    - \fancyhead[R]{}
+    - \fancyfoot[L]{}
+    - \fancyfoot[C]{}
+    - \fancyfoot[R]{\includegraphics[width=1cm]{images/timesafari-logo-binoculars.png}}
+    - \usepackage{tocloft}
+    - \usepackage{libertine}
+    - \renewcommand{\familydefault}{\sfdefault}
+    - \fancypagestyle{tocstyle}{
+      \fancyhead[L]{Time Safari Usage Guide}
+      \fancyhead[C]{Page \thepage\ of \pageref{LastPage}}
+      \fancyhead[R]{}
+      \fancyfoot[L]{}
+      \fancyfoot[C]{}
+      \fancyfoot[R]{\includegraphics[width=1cm]{images/timesafari-logo-binoculars.png}}}
+---
+
+\begin{titlepage}
+\centering
+\vspace*{\fill}
+{\huge\textbf{TimeSafari Usage guide}}
+
+\vspace{1cm}
+{\Large Signing up users, adding contacts, and adding gifts.}
+
+\vspace{1cm}
+\includegraphics[width=0.5\textwidth]{images/timesafari-logo.png}
+\vspace*{\fill}
+
+\vspace{1cm}
+{\Large Trent Larson, Kent Bull}
+
+\vspace{0.5cm}
+{\large 2024-06-25}
+
+\end{titlepage}
+
+\clearpage
+
+\begin{center}
+\includegraphics[width=2cm]{images/timesafari-logo-binoculars.png}
+\end{center}
+\tableofcontents
+
+\clearpage
+
+
+# Purpose of Document
+
+Both end-users and development team members need to know how to use TimeSafari. 
+This document serves to show how to use every feature of the TimeSafari platform.
+
+Sections of this document are geared specifically for software developers and quality assurance
+team members.
+
+Companion videos will also describe end-to-end workflows for the end-user.
+
+# TimeSafari 
+
+## Overview
+
+\pagebreak
+
+# 1 - End Users
+
+This section covers application usage for people who will use TimeSafari as intended. It is a
+simplified guide illustrating how to gain value from using TimeSafari.
+
+\pagebreak
+
+# 2 - Software Developers
+
+This section is tailored for software developers seeking to use the application during development,
+quality assurance, and testing.
+
+# Bootstrapping a local development environment
+
+The first concern a software developer has when working on TimeSafari is to set up a local
+development environment. This section will guide you through the process.
+
+## Prerequisites
+
+1. Have the following installed on your local machine:
+  - Node.js and NPM
+  - A web browser. For this guide, we will use Google Chrome.
+  - Git
+  - A code editor
+
+2. Create an API key on Infura. This is necessary for the Endorser API to connect to the Ethereum
+   blockchain. 
+  - You can create an account on Infura [here](https://infura.io/).\
+    Click "CREATE NEW API KEY" and label the key. Then click "API Keys" in the top menu bar to
+    be taken back to the list of keys.
+    
+    Click "VIEW STATS" on the key you want to use.   
+    
+    ![](images/01_infura-api-keys.png){ width=550px }
+  
+  - Go to the key detail page. Then click "MANAGE API KEY".
+  
+    ![](images/02-infura-key-detail.png){ width=550px }
+  
+  - Click the copy and paste button next to the string of alphanumeric characters.\
+    This is your API, also known as your project ID.
+  
+    ![](images/03-infura-api-key-id.png){width=550px }
+  
+  - Save this for later during the Endorser API setup. This will go in your `INFURA_PROJECT_ID` 
+    environment variable.
+    
+
+## Setup steps
+
+### 1. Clone the following repositories from their respective Git hosts:
+  - [TimeSafari Frontend](https://gitea.anomalistdesign.com/trent_larson/crowd-funder-for-time-pwa)\
+    This is a Progressive Web App (PWA) built with VueJS and TypeScript.
+    Note that the clone command here is different from the one you would use for GitHub.
+    
+```bash
+git clone git clone \
+  ssh://git@gitea.anomalistdesign.com:222/trent_larson/crowd-funder-for-time-pwa.git
+```
+  
+  - [TimeSafari Backend - Endorser API](https://github.com/trentlarson/endorser-ch)\
+    This is a NodeJS service providing the backend for TimeSafari.
+    
+    ```bash
+    git clone git@github.com:trentlarson/endorser-ch.git
+    ```
+
+\pagebreak
+
+### 2. Database creation
+
+#### Alternative 1 - use test data
+
+To generate a development database and perform user setup you can run a local test with instructions
+below to generate sample data. Then copy the test database, rename it to `-dev` as below:\
+`cp ../endorser-ch-test-local.sqlite3 ../endorser-ch-dev.sqlite3` \
+and rerun `npm run dev` to give yourself user #0 and others from the ETHR_CRED_DATA in [the endorser.ch test util file](https://github.com/trentlarson/endorser-ch/blob/master/test/util.js#L90)
+
+#### Alternative 2 - boostrap single seed user 
+
+In this method you will end up with two accounts in the database, one for the first boostrap user,
+and the second as the primary user you will use during testing. The first user will invite the
+second user to the app.
+
+1. Install dependencies and environment variables.\
+   In endorser-ch install dependencies and set up environment variables to allow starting it up in
+   development mode.
+   ```bash
+   cd endorser-ch
+   npm clean install  # or npm ci
+   cp .env.local .env
+   ```
+   Edit the .env file's INFURA_PROJECT_ID with the value you saved earlier in the
+   prerequisites.\
+   Then create the SQLite database by running `npm run flyway migrate` with environment variables
+   set correctly to select the default SQLite development user as follows.
+   ```bash
+   export NODE_ENV=dev 
+   export DBUSER=sa 
+   export DBPASS=sasa 
+   npm run flyway migrate
+   ``` 
+   The first run of flyway migrate may take some time to complete because the entire Flyway 
+   distribution must be downloaded prior to executing migrations.
+    
+   Successful output looks similar to the following:
+    
+```
+Database: jdbc:sqlite:../endorser-ch-dev.sqlite3 (SQLite 3.41)
+Schema history table "main"."flyway_schema_history" does not exist yet
+Successfully validated 10 migrations (execution time 00:00.034s)
+Creating Schema History table "main"."flyway_schema_history" ...
+Current version of schema "main": << Empty Schema >>
+Migrating schema "main" to version "1 - initial-anew"
+Migrating schema "main" to version "2 - registration"
+Migrating schema "main" to version "3 - plan project"
+Migrating schema "main" to version "4 - offer gave"
+Migrating schema "main" to version "5 - more confirmations"
+Migrating schema "main" to version "6 - providers urls"
+Migrating schema "main" to version "7 - hash nonce"
+Migrating schema "main" to version "8 - project location"
+Migrating schema "main" to version "9 - plan links"
+Migrating schema "main" to version "10 - gift or trade"
+Successfully applied 10 migrations to schema "main", now at version v10 (execution time 00:00.043s)
+A Flyway report has been generated here: /Users/kbull/code/timesafari/endorser-ch/report.html
+```
+
+\pagebreak
+
+2. Generate the first user in TimeSafari PWA and bootstrap that user in Endorser's database.\
+   As TimeSafari is an invite-only platform the first user must be manually bootstrapped since
+   no other users exist to be able to invite the first user. This first user must be added manually
+   to the SQLite database used by Endorser. In this setup you generate the first user from the PWA. 
+   
+   This user is automatically generated on first usage of the TimeSafari PWA. Bootstrapping that 
+   user is required so that this first user can register other users.
+   - Change directories into `crowd-funder-for-time-pwa`
+     
+     ```bash
+     cd ..
+     cd crowd-funder-for-time-pwa 
+     ```
+   
+   - Ensure the `.env.development` file exists and has the following values:
+   
+     ```env
+     VITE_DEFAULT_ENDORSER_API_SERVER=http://127.0.0.1:3000
+     ```
+   
+   - Install dependencies and run in dev mode. For now don't worry about configuring the app. All we
+     need is to generate the first root user and this happens automatically on app startup.
+  
+     ```bash
+     npm clean install  # or npm ci
+     npm run dev
+     ```
+  
+   - Open the app in a browser and go to the developer tools. It is recommended to use a completely
+     separate browser profile so you do not clear out your existing user account. We will be
+     completely resetting the PWA app state prior to generating the first user.
+   
+     In the Developer Tools go to the Application tab.
+     
+     ![](images/04-pwa-chrome-devtools.png){width=350px} 
+   
+     Click the "Clear site data" button and then refresh the page.
+   
+   - Click the account button in the bottom right corner of the page.
+   
+     ![](images/05-pwa-account-button.png){width=150px}
+   
+   - This will take you to the account page titled "Your Identity" on which you can see your DID,
+     a `did:ethr` DID in this case.
+   
+     ![](images/06-pwa-account-page.png){width=350px}
+   
+   - Copy the DID by selecting it and copying it to the clipboard or by clicking the copy and paste
+     button as shown in the image.
+   
+     ![](images/07-pwa-did-copied.png){width=200px}
+    
+     In our case this DID is:\
+     `did:ethr:0xe4B783c74c8B0e229524e44d0cD898D272E02CD6`
+   
+  - Add that DID to the following echoed SQL statement where it says `YOUR_DID`
+  
+    ```bash
+    echo "INSERT INTO registration (did, maxClaims, maxRegs, epoch) 
+    VALUES ('YOUR_DID', 100, 10000, 1719348718092);"
+    | sqlite3 ./endorser-ch-dev.sqlite3
+    ```
+    
+    and run this command in the parent directory just above the `endorser-ch` directory.
+    
+    It needs to be the parent directory of your `endorser-ch` repository because when 
+    `endorser-ch` creates the SQLite database it depends on it creates it in the parent directory
+    of `endorser-ch`.
+    
+  - You can verify with an SQL browser tool that your record has been added to the `registration`
+    table.
+  
+    ![](images/08-endorser-sqlite-row-added.png){width=350px}
+
+3. Then start the Endorser service in development mode with the following commands.
+  
+    ```bash
+    cd ./endorser-ch
+    export NODE_ENV=dev
+    npm run dev
+    ```
+  
+    This starts the Endorser service on port 3000.
+4. Create the second user by opening up a separate browser profile or incognito session, opening the
+   TimeSafari PWA at `http://localhost:8080`. You will see the yellow banner stating "Someone must
+   register you before you can give or offer."
+   
+   ![](images/09-pwa-second-profile-first-open.png){width=350px}
+   
+   - If you want to ensure you have a fresh user account then open the developer tools, clear the
+     Application data as before, and then refresh the page. This will generate a new user in the 
+     browser's IndexedDB database.
+5. Go to the second users' account page to copy the DID.
+    
+    ![](images/10-pwa-second-user-did.png){width=350px}
+
+6. Copy the DID and put it in the text bar on the "Your Contacts" page for the first account
+
+    ![](images/11-pwa-first-user-add-contact.png){width=350px}
+
+7. Click the "+" plus icon to add the user.
+
+    ![](images/12-pwa-first-user-contact-added.png){width=350px}
+
+8. Then click the register button to register the second user.
+
+    ![](images/13-pwa-first-user-register-second-user-btn.png){width=350px}
+
+9. Click "YES" on the dialog that shows up.
+
+    ![](images/14-pwa-first-user-register-yes.png){width=350px}
+
+    After this a notification will pop up indicating whether registration was successful or not.
+
+10. You have finished the initial set up of users.

package.json

@@ -1,7 +1,6 @@
 {
   "name": "TimeSafari",
   "version": "0.3.15-beta",
-  "private": true,
   "scripts": {
     "dev": "vite",
     "serve": "vite preview",
@@ -17,20 +16,25 @@
     "@fortawesome/fontawesome-svg-core": "^6.5.1",
     "@fortawesome/free-solid-svg-icons": "^6.5.1",
     "@fortawesome/vue-fontawesome": "^3.0.6",
+    "@peculiar/asn1-ecc": "^2.3.8",
+    "@peculiar/asn1-schema": "^2.3.8",
     "@pvermeer/dexie-encrypted-addon": "^3.0.0",
+    "@simplewebauthn/browser": "^10.0.0",
+    "@simplewebauthn/server": "^10.0.0",
     "@tweenjs/tween.js": "^21.1.1",
-    "@types/js-yaml": "^4.0.9",
-    "@types/luxon": "^3.4.2",
     "@veramo/core": "^5.6.0",
     "@veramo/credential-w3c": "^5.6.0",
     "@veramo/data-store": "^5.6.0",
     "@veramo/did-manager": "^5.6.0",
     "@veramo/did-provider-ethr": "^5.6.0",
+    "@veramo/did-provider-peer": "^6.0.0",
     "@veramo/did-resolver": "^5.6.0",
     "@veramo/key-manager": "^5.6.0",
     "@vueuse/core": "^10.9.0",
     "@zxing/text-encoding": "^0.9.0",
+    "asn1-ber": "^1.2.2",
     "axios": "^1.6.8",
+    "cbor-x": "^1.5.9",
     "class-transformer": "^0.5.1",
     "dexie": "^3.2.7",
     "dexie-export-import": "^4.1.1",
@@ -67,7 +71,9 @@
     "web-did-resolver": "^2.0.27"
   },
   "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
     "@types/leaflet": "^1.9.8",
+    "@types/luxon": "^3.4.2",
     "@types/ramda": "^0.29.11",
     "@types/three": "^0.155.1",
     "@types/ua-parser-js": "^0.7.39",

src/App.vue

@@ -181,6 +181,7 @@
                   class="block w-full text-center text-md font-bold uppercase bg-blue-600 text-white px-2 py-2 rounded-md mb-2"
                 >
                   Yes
+                  {{ notification.yesText ? ", " + notification.yesText : "" }}
                 </button>
 
                 <button
@@ -192,7 +193,7 @@
                   "
                   class="block w-full text-center text-md font-bold uppercase bg-yellow-600 text-white px-2 py-2 rounded-md mb-2"
                 >
-                  No
+                  No {{ notification.noText ? ", " + notification.noText : "" }}
                 </button>
 
                 <label

src/components/GiftedDialog.vue

@@ -287,11 +287,10 @@ export default class GiftedDialog extends Vue {
     unitCode: string = "HUR",
   ) {
     try {
-      const identity = await libsUtil.getIdentity(this.activeDid);
       const result = await createAndSubmitGive(
         this.axios,
         this.apiServer,
-        identity,
+        this.activeDid,
         giverDid,
         this.receiver?.did as string,
         description,

src/components/OfferDialog.vue

@@ -223,11 +223,10 @@ export default class OfferDialog extends Vue {
     }
 
     try {
-      const identity = await libsUtil.getIdentity(this.activeDid);
       const result = await createAndSubmitOffer(
         this.axios,
         this.apiServer,
-        identity,
+        this.activeDid,
         description,
         amount,
         unitCode,

src/components/PhotoDialog.vue

@@ -126,7 +126,6 @@ import { Component, Vue } from "vue-facing-decorator";
 import VuePictureCropper, { cropper } from "vue-picture-cropper";
 
 import { DEFAULT_IMAGE_API_SERVER, NotificationIface } from "@/constants/app";
-import { getIdentity } from "@/libs/util";
 import { db } from "@/db/index";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
 import { accessToken } from "@/libs/crypto";
@@ -348,8 +347,7 @@ export default class PhotoDialog extends Vue {
       this.blob = (await cropper?.getBlob()) || undefined;
     }
 
-    const identifier = await getIdentity(this.activeDid);
+    const token = await accessToken(this.activeDid);
-    const token = await accessToken(identifier);
     const headers = {
       Authorization: "Bearer " + token,
     };

src/components/World/components/objects/landmarks.js

@@ -1,12 +1,11 @@
 import axios from "axios";
-import * as R from "ramda";
 import * as THREE from "three";
 import { GLTFLoader } from "three/addons/loaders/GLTFLoader";
 import * as SkeletonUtils from "three/addons/utils/SkeletonUtils";
 import * as TWEEN from "@tweenjs/tween.js";
-import { accountsDB, db } from "@/db";
+import { db } from "@/db";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
+import { getHeaders } from "@/libs/endorserServer";
 
 const ANIMATION_DURATION_SECS = 10;
 const ENDORSER_ENTITY_PREFIX = "https://endorser.ch/entity/";
@@ -19,17 +18,7 @@ export async function loadLandmarks(vue, world, scene, loop) {
     const settings = await db.settings.get(MASTER_SETTINGS_KEY);
     const activeDid = settings?.activeDid || "";
     const apiServer = settings?.apiServer;
-    await accountsDB.open();
+    const headers = await getHeaders(activeDid);
-    const accounts = await accountsDB.accounts.toArray();
-    const account = R.find((acc) => acc.did === activeDid, accounts);
-    const headers = {
-      "Content-Type": "application/json",
-    };
-    const identity = JSON.parse(account?.identity || "null");
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
 
     const url = apiServer + "/api/v2/report/claims?claimType=GiveAction";
     const resp = await axios.get(url, { headers: headers });

src/constants/app.ts

@@ -4,6 +4,10 @@
  * See also ../libs/veramo/setup.ts
  */
 export enum AppString {
+  // This is used in titles and verbiage inside the app.
+  // There is also an app name without spaces, for packaging in the package.json file used in the manifest.
+  APP_NAME = "Time Safari",
+
   PROD_ENDORSER_API_SERVER = "https://api.endorser.ch",
   TEST_ENDORSER_API_SERVER = "https://test-api.endorser.ch",
   LOCAL_ENDORSER_API_SERVER = "http://localhost:3000",
@@ -32,6 +36,9 @@ export const DEFAULT_PUSH_SERVER =
 
 export const IMAGE_TYPE_PROFILE = "profile";
 
+export const PASSKEYS_ENABLED =
+  !!import.meta.env.VITE_PASSKEYS_ENABLED || false;
+
 /**
  * The possible values for "group" and "type" are in App.vue.
  * From the notiwind package
@@ -41,8 +48,10 @@ export interface NotificationIface {
   type: string; // "toast" | "info" | "success" | "warning" | "danger"
   title: string;
   text?: string;
+  noText?: string;
   onCancel?: (stopAsking: boolean) => Promise<void>;
   onNo?: (stopAsking: boolean) => Promise<void>;
   onYes?: () => Promise<void>;
   promptToStopAsking?: boolean;
+  yesText?: string;
 }

src/db/tables/accounts.ts

@@ -3,41 +3,46 @@
  */
 export type Account = {
   /**
-   * Auto-generated ID by Dexie.
+   * Auto-generated ID by Dexie
    */
   id?: number;
 
   /**
-   * The date the account was created.
+   * The date the account was created
    */
   dateCreated: string;
 
   /**
-   * The derivation path for the account.
+   * The derivation path for the account, if this is from a mnemonic
    */
-  derivationPath: string;
+  derivationPath?: string;
 
   /**
-   * Decentralized Identifier (DID) for the account.
+   * Decentralized Identifier (DID) for the account
    */
   did: string;
 
   /**
-   * Stringified JSON containing underlying key material.
+   * Stringified JSON containing underlying key material, if generated from a mnemonic
-   * Based on the IIdentifier type from Veramo.
+   * Based on the IIdentifier type from Veramo
    * @see {@link https://github.com/uport-project/veramo/blob/next/packages/core-types/src/types/IIdentifier.ts}
    */
-  identity: string;
+  identity?: string;
 
   /**
-   * The public key in hexadecimal format.
+   * The mnemonic phrase for the account, if this is from a mnemonic
    */
-  publicKeyHex: string;
+  mnemonic?: string;
 
   /**
-   * The mnemonic passphrase for the account.
+   * The Webauthn credential ID in hex, if this is from a passkey
    */
-  mnemonic: string;
+  passkeyCredIdHex?: string;
+
+  /**
+   * The public key in hexadecimal format
+   */
+  publicKeyHex: string;
 };
 
 /**

src/db/tables/settings.ts

@@ -37,6 +37,7 @@ export type Settings = {
   }>;
 
   showContactGivesInline?: boolean; // Display contact inline or not
+  showGeneralAdvanced?: boolean; // Show advanced features which don't have their own flag
   showShortcutBvc?: boolean; // Show shortcut for Bountiful Voluntaryist Community actions
   vapid?: string; // VAPID (Voluntary Application Server Identification) field for web push
   warnIfProdServer?: boolean; // Warn if using a production server

src/libs/crypto/index.ts

@@ -3,14 +3,18 @@ import { getRandomBytesSync } from "ethereum-cryptography/random";
 import { entropyToMnemonic } from "ethereum-cryptography/bip39";
 import { wordlist } from "ethereum-cryptography/bip39/wordlists/english";
 import { HDNode } from "@ethersproject/hdnode";
-import * as didJwt from "did-jwt";
-import * as u8a from "uint8arrays";
 
-import { ENDORSER_JWT_URL_LOCATION } from "@/libs/endorserServer";
+import {
+  createEndorserJwtForDid,
+  ENDORSER_JWT_URL_LOCATION,
+} from "@/libs/endorserServer";
 import { DEFAULT_DID_PROVIDER_NAME } from "../veramo/setup";
+import { decodeEndorserJwt } from "@/libs/crypto/vc";
 
 export const DEFAULT_ROOT_DERIVATION_PATH = "m/84737769'/0'/0'/0'";
 
+export const LOCAL_KMS_NAME = "local";
+
 /**
  *
  *
@@ -31,7 +35,7 @@ export const newIdentifier = (
     keys: [
       {
         kid: publicHex,
-        kms: "local",
+        kms: LOCAL_KMS_NAME,
         meta: { derivationPath: derivationPath },
         privateKeyHex: privateHex,
         publicKeyHex: publicHex,
@@ -64,6 +68,10 @@ export const deriveAddress = (
   return [address, privateHex, publicHex, derivationPath];
 };
 
+export const generateRandomBytes = (numBytes: number): Uint8Array => {
+  return getRandomBytesSync(numBytes);
+};
+
 /**
  *
  *
@@ -79,79 +87,18 @@ export const generateSeed = (): string => {
 /**
  * Retreive an access token
  *
- * @param {IIdentifier} identifier
  * @return {*}
  */
-export const accessToken = async (identifier: IIdentifier) => {
+export const accessToken = async (did?: string) => {
-  const did: string = identifier.did;
+  if (did) {
-  const privateKeyHex: string = identifier.keys[0].privateKeyHex as string;
-
-  const signer = SimpleSigner(privateKeyHex);
-
     const nowEpoch = Math.floor(Date.now() / 1000);
     const endEpoch = nowEpoch + 60; // add one minute
-
     const tokenPayload = { exp: endEpoch, iat: nowEpoch, iss: did };
-  const alg = undefined; // defaults to 'ES256K', more standardized but harder to verify vs ES256K-R
+    return createEndorserJwtForDid(did, tokenPayload);
-  const jwt: string = await didJwt.createJWT(tokenPayload, {
+  } else {
-    alg,
+    return "";
-    issuer: did,
-    signer,
-  });
-  return jwt;
-};
-
-export const sign = async (privateKeyHex: string) => {
-  const signer = SimpleSigner(privateKeyHex);
-
-  return signer;
-};
-
-/**
- *  Copied out of did-jwt since it's deprecated in that library.
- *
- *  The SimpleSigner returns a configured function for signing data.
- *
- *  @example
- *  const signer = SimpleSigner(import.meta.env.PRIVATE_KEY)
- *  signer(data, (err, signature) => {
- *    ...
- *  })
- *
- *  @param    {String}         hexPrivateKey    a hex encoded private key
- *  @return   {Function}                     a configured signer function
- */
-export function SimpleSigner(hexPrivateKey: string): didJwt.Signer {
-  const signer = didJwt.ES256KSigner(didJwt.hexToBytes(hexPrivateKey), true);
-  return async (data) => {
-    const signature = (await signer(data)) as string;
-    return fromJose(signature);
-  };
-}
-
-// from did-jwt/util; see SimpleSigner above
-export function fromJose(signature: string): {
-  r: string;
-  s: string;
-  recoveryParam?: number;
-} {
-  const signatureBytes: Uint8Array = didJwt.base64ToBytes(signature);
-  if (signatureBytes.length < 64 || signatureBytes.length > 65) {
-    throw new TypeError(
-      `Wrong size for signature. Expected 64 or 65 bytes, but got ${signatureBytes.length}`,
-    );
-  }
-  const r = bytesToHex(signatureBytes.slice(0, 32));
-  const s = bytesToHex(signatureBytes.slice(32, 64));
-  const recoveryParam =
-    signatureBytes.length === 65 ? signatureBytes[64] : undefined;
-  return { r, s, recoveryParam };
-}
-
-// from did-jwt/util; see SimpleSigner above
-export function bytesToHex(b: Uint8Array): string {
-  return u8a.toString(b, "base16");
   }
+};
 
 /**
  @return results of uportJwtPayload:
@@ -169,7 +116,7 @@ export const getContactPayloadFromJwtUrl = (jwtUrlText: string) => {
   }
 
   // JWT format: { header, payload, signature, data }
-  const jwt = didJwt.decodeJWT(jwtText);
+  const jwt = decodeEndorserJwt(jwtText);
 
   return jwt.payload;
 };

src/libs/crypto/vc/didPeer.ts

@@ -0,0 +1,96 @@
+import { Buffer } from "buffer/";
+import { decode as cborDecode } from "cbor-x";
+import { bytesToMultibase, multibaseToBytes } from "did-jwt";
+
+import { getWebCrypto } from "@/libs/crypto/vc/passkeyHelpers";
+
+export const PEER_DID_PREFIX = "did:peer:";
+const PEER_DID_MULTIBASE_PREFIX = PEER_DID_PREFIX + "0";
+
+/**
+ *
+ *
+ * similar code is in crowd-funder-for-time-pwa libs/crypto/vc/passkeyDidPeer.ts verifyJwtWebCrypto
+ *
+ * @returns {Promise<boolean>}
+ */
+export async function verifyPeerSignature(
+  payloadBytes: Buffer,
+  issuerDid: string,
+  signatureBytes: Uint8Array,
+): Promise<boolean> {
+  const publicKeyBytes = peerDidToPublicKeyBytes(issuerDid);
+
+  const WebCrypto = await getWebCrypto();
+  const verifyAlgorithm = {
+    name: "ECDSA",
+    hash: { name: "SHA-256" },
+  };
+  const publicKeyJwk = cborToKeys(publicKeyBytes).publicKeyJwk;
+  const keyAlgorithm = {
+    name: "ECDSA",
+    namedCurve: publicKeyJwk.crv,
+  };
+  const publicKeyCryptoKey = await WebCrypto.subtle.importKey(
+    "jwk",
+    publicKeyJwk,
+    keyAlgorithm,
+    false,
+    ["verify"],
+  );
+  const verified = await WebCrypto.subtle.verify(
+    verifyAlgorithm,
+    publicKeyCryptoKey,
+    signatureBytes,
+    payloadBytes,
+  );
+  return verified;
+}
+
+export function cborToKeys(publicKeyBytes: Uint8Array) {
+  const jwkObj = cborDecode(publicKeyBytes);
+  if (
+    jwkObj[1] != 2 || // kty "EC"
+    jwkObj[3] != -7 || // alg "ES256"
+    jwkObj[-1] != 1 || // crv "P-256"
+    jwkObj[-2].length != 32 || // x
+    jwkObj[-3].length != 32 // y
+  ) {
+    throw new Error("Unable to extract key.");
+  }
+  const publicKeyJwk = {
+    alg: "ES256",
+    crv: "P-256",
+    kty: "EC",
+    x: arrayToBase64Url(jwkObj[-2]),
+    y: arrayToBase64Url(jwkObj[-3]),
+  };
+  const publicKeyBuffer = Buffer.concat([
+    Buffer.from(jwkObj[-2]),
+    Buffer.from(jwkObj[-3]),
+  ]);
+  return { publicKeyJwk, publicKeyBuffer };
+}
+
+export function toBase64Url(anythingB64: string) {
+  return anythingB64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+export function arrayToBase64Url(anything: Uint8Array) {
+  return toBase64Url(Buffer.from(anything).toString("base64"));
+}
+
+export function peerDidToPublicKeyBytes(did: string) {
+  return multibaseToBytes(did.substring(PEER_DID_MULTIBASE_PREFIX.length));
+}
+
+export function createPeerDid(publicKeyBytes: Uint8Array) {
+  // https://github.com/decentralized-identity/veramo/blob/next/packages/did-provider-peer/src/peer-did-provider.ts#L67
+  //const provider = new PeerDIDProvider({ defaultKms: LOCAL_KMS_NAME });
+  const methodSpecificId = bytesToMultibase(
+    publicKeyBytes,
+    "base58btc",
+    "p256-pub",
+  );
+  return PEER_DID_MULTIBASE_PREFIX + methodSpecificId;
+}

src/libs/crypto/vc/index.ts

@@ -0,0 +1,112 @@
+/**
+ * Verifiable Credential & DID functions, specifically for EndorserSearch.org tools
+ *
+ * The goal is to make this folder similar across projects, then move it to a library.
+ * Other projects: endorser-ch, image-api
+ *
+ */
+
+import * as didJwt from "did-jwt";
+import { JWTDecoded } from "did-jwt/lib/JWT";
+import { IIdentifier } from "@veramo/core";
+import * as u8a from "uint8arrays";
+
+import { createDidPeerJwt } from "@/libs/crypto/vc/passkeyDidPeer";
+
+export const ETHR_DID_PREFIX = "did:ethr:";
+
+/**
+ * Meta info about a key
+ */
+export interface KeyMeta {
+  /**
+   * Decentralized ID for the key
+   */
+  did: string;
+  /**
+   * Stringified IIDentifier object from Veramo
+   */
+  identity?: string;
+  /**
+   * The Webauthn credential ID in hex, if this is from a passkey
+   */
+  passkeyCredIdHex?: string;
+}
+
+/**
+ * Tell whether a key is from a passkey
+ * @param keyMeta contains info about the key, whose passkeyCredIdHex determines if the key is from a passkey
+ */
+export function isFromPasskey(keyMeta?: KeyMeta): boolean {
+  return !!keyMeta?.passkeyCredIdHex;
+}
+
+export async function createEndorserJwtForKey(
+  account: KeyMeta,
+  payload: object,
+) {
+  if (account?.identity) {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    const identity: IIdentifier = JSON.parse(account.identity!);
+    const privateKeyHex = identity.keys[0].privateKeyHex;
+    const signer = await SimpleSigner(privateKeyHex as string);
+    return didJwt.createJWT(payload, {
+      issuer: account.did,
+      signer: signer,
+    });
+  } else if (account?.passkeyCredIdHex) {
+    return createDidPeerJwt(account.did, account.passkeyCredIdHex, payload);
+  } else {
+    throw new Error("No identity data found to sign for DID " + account.did);
+  }
+}
+
+/**
+ *  Copied out of did-jwt since it's deprecated in that library.
+ *
+ *  The SimpleSigner returns a configured function for signing data.
+ *
+ *  @example
+ *  const signer = SimpleSigner(import.meta.env.PRIVATE_KEY)
+ *  signer(data, (err, signature) => {
+ *    ...
+ *  })
+ *
+ *  @param    {String}         hexPrivateKey    a hex encoded private key
+ *  @return   {Function}                     a configured signer function
+ */
+function SimpleSigner(hexPrivateKey: string): didJwt.Signer {
+  const signer = didJwt.ES256KSigner(didJwt.hexToBytes(hexPrivateKey), true);
+  return async (data) => {
+    const signature = (await signer(data)) as string;
+    return fromJose(signature);
+  };
+}
+
+// from did-jwt/util; see SimpleSigner above
+function fromJose(signature: string): {
+  r: string;
+  s: string;
+  recoveryParam?: number;
+} {
+  const signatureBytes: Uint8Array = didJwt.base64ToBytes(signature);
+  if (signatureBytes.length < 64 || signatureBytes.length > 65) {
+    throw new TypeError(
+      `Wrong size for signature. Expected 64 or 65 bytes, but got ${signatureBytes.length}`,
+    );
+  }
+  const r = bytesToHex(signatureBytes.slice(0, 32));
+  const s = bytesToHex(signatureBytes.slice(32, 64));
+  const recoveryParam =
+    signatureBytes.length === 65 ? signatureBytes[64] : undefined;
+  return { r, s, recoveryParam };
+}
+
+// from did-jwt/util; see SimpleSigner above
+function bytesToHex(b: Uint8Array): string {
+  return u8a.toString(b, "base16");
+}
+
+export function decodeEndorserJwt(jwt: string): JWTDecoded {
+  return didJwt.decodeJWT(jwt);
+}

src/libs/crypto/vc/passkeyDidPeer.ts

@@ -0,0 +1,531 @@
+import { Buffer } from "buffer/";
+import { JWTPayload } from "did-jwt";
+import { DIDResolutionResult } from "did-resolver";
+import { sha256 } from "ethereum-cryptography/sha256.js";
+import {
+  startAuthentication,
+  startRegistration,
+} from "@simplewebauthn/browser";
+import {
+  generateAuthenticationOptions,
+  generateRegistrationOptions,
+  verifyAuthenticationResponse,
+  verifyRegistrationResponse,
+} from "@simplewebauthn/server";
+import { VerifyAuthenticationResponseOpts } from "@simplewebauthn/server/esm/authentication/verifyAuthenticationResponse";
+import {
+  Base64URLString,
+  PublicKeyCredentialCreationOptionsJSON,
+  PublicKeyCredentialRequestOptionsJSON,
+} from "@simplewebauthn/types";
+
+import { AppString } from "@/constants/app";
+import { unwrapEC2Signature } from "@/libs/crypto/vc/passkeyHelpers";
+import {
+  arrayToBase64Url,
+  cborToKeys,
+  peerDidToPublicKeyBytes,
+  verifyPeerSignature,
+} from "@/libs/crypto/vc/didPeer";
+
+export interface JWK {
+  kty: string;
+  crv: string;
+  x: string;
+  y: string;
+}
+
+export async function registerCredential(passkeyName?: string) {
+  const options: PublicKeyCredentialCreationOptionsJSON =
+    await generateRegistrationOptions({
+      rpName: AppString.APP_NAME,
+      rpID: window.location.hostname,
+      userName: passkeyName || AppString.APP_NAME + " User",
+      // Don't prompt users for additional information about the authenticator
+      // (Recommended for smoother UX)
+      attestationType: "none",
+      authenticatorSelection: {
+        // Defaults
+        residentKey: "preferred",
+        userVerification: "preferred",
+        // Optional
+        authenticatorAttachment: "platform",
+      },
+    });
+  // someday, instead of simplwebauthn, we'll go direct: navigator.credentials.create with PublicKeyCredentialCreationOptions
+  // with pubKeyCredParams: { type: "public-key", alg: -7 }
+  const attResp = await startRegistration(options);
+  const verification = await verifyRegistrationResponse({
+    response: attResp,
+    expectedChallenge: options.challenge,
+    expectedOrigin: window.location.origin,
+    expectedRPID: window.location.hostname,
+  });
+
+  // references for parsing auth data and getting the public key
+  // https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/parseAuthenticatorData.ts#L11
+  // https://chatgpt.com/share/78a5c91d-099d-46dc-aa6d-fc0c916509fa
+  // https://chatgpt.com/share/3c13f061-6031-45bc-a2d7-3347c1e7a2d7
+
+  const credIdBase64Url = verification.registrationInfo?.credentialID as string;
+  if (attResp.rawId !== credIdBase64Url) {
+    console.log("Warning! The raw ID does not match the credential ID.");
+  }
+  const credIdHex = Buffer.from(
+    base64URLStringToArrayBuffer(credIdBase64Url),
+  ).toString("hex");
+  const { publicKeyJwk } = cborToKeys(
+    verification.registrationInfo?.credentialPublicKey as Uint8Array,
+  );
+
+  return {
+    authData: verification.registrationInfo?.attestationObject,
+    credIdHex: credIdHex,
+    publicKeyJwk: publicKeyJwk,
+    publicKeyBytes: verification.registrationInfo
+      ?.credentialPublicKey as Uint8Array,
+  };
+}
+
+export class PeerSetup {
+  public authenticatorData?: ArrayBuffer;
+  public challenge?: Uint8Array;
+  public clientDataJsonBase64Url?: Base64URLString;
+  public signature?: Base64URLString;
+
+  public async createJwtSimplewebauthn(
+    issuerDid: string,
+    payload: object,
+    credIdHex: string,
+    expMinutes: number = 1,
+  ) {
+    const credentialId = arrayBufferToBase64URLString(
+      Buffer.from(credIdHex, "hex").buffer,
+    );
+    const issuedAt = Math.floor(Date.now() / 1000);
+    const expiryTime = Math.floor(Date.now() / 1000) + expMinutes * 60; // some minutes from now
+    const fullPayload = {
+      ...payload,
+      exp: expiryTime,
+      iat: issuedAt,
+      iss: issuerDid,
+    };
+    this.challenge = new Uint8Array(Buffer.from(JSON.stringify(fullPayload)));
+    // const payloadHash: Uint8Array = sha256(this.challenge);
+    const options: PublicKeyCredentialRequestOptionsJSON =
+      await generateAuthenticationOptions({
+        challenge: this.challenge,
+        rpID: window.location.hostname,
+        allowCredentials: [{ id: credentialId }],
+      });
+    // console.log("simple authentication options", options);
+
+    const clientAuth = await startAuthentication(options);
+    // console.log("simple credential get", clientAuth);
+
+    const authenticatorDataBase64Url = clientAuth.response.authenticatorData;
+    this.authenticatorData = Buffer.from(
+      clientAuth.response.authenticatorData,
+      "base64",
+    ).buffer;
+    this.clientDataJsonBase64Url = clientAuth.response.clientDataJSON;
+    // console.log("simple authenticatorData for signing", this.authenticatorData);
+    this.signature = clientAuth.response.signature;
+
+    // Our custom type of JWANT means the signature is based on a concatenation of the two Webauthn properties
+    const header: JWTPayload = { typ: "JWANT", alg: "ES256" };
+    const headerBase64 = Buffer.from(JSON.stringify(header))
+      .toString("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+
+    const dataInJwt = {
+      AuthenticationDataB64URL: authenticatorDataBase64Url,
+      ClientDataJSONB64URL: this.clientDataJsonBase64Url,
+      exp: expiryTime,
+      iat: issuedAt,
+      iss: issuerDid,
+    };
+    const dataInJwtString = JSON.stringify(dataInJwt);
+    const payloadBase64 = Buffer.from(dataInJwtString)
+      .toString("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+
+    const signature = clientAuth.response.signature;
+
+    return headerBase64 + "." + payloadBase64 + "." + signature;
+  }
+
+  public async createJwtNavigator(
+    issuerDid: string,
+    payload: object,
+    credIdHex: string,
+    expMinutes: number = 1,
+  ) {
+    const issuedAt = Math.floor(Date.now() / 1000);
+    const expiryTime = Math.floor(Date.now() / 1000) + expMinutes * 60; // some minutes from now
+    const fullPayload = {
+      ...payload,
+      exp: expiryTime,
+      iat: issuedAt,
+      iss: issuerDid,
+    };
+    const dataToSignString = JSON.stringify(fullPayload);
+    const dataToSignBuffer = Buffer.from(dataToSignString);
+    const credentialId = Buffer.from(credIdHex, "hex");
+
+    // console.log("lower credentialId", credentialId);
+    this.challenge = new Uint8Array(dataToSignBuffer);
+    const options = {
+      publicKey: {
+        allowCredentials: [
+          {
+            id: credentialId,
+            type: "public-key" as const,
+          },
+        ],
+        challenge: this.challenge.buffer,
+        rpID: window.location.hostname,
+        userVerification: "preferred" as const,
+      },
+    };
+
+    const credential = await navigator.credentials.get(options);
+    // console.log("nav credential get", credential);
+
+    this.authenticatorData = credential?.response.authenticatorData;
+    const authenticatorDataBase64Url = arrayBufferToBase64URLString(
+      this.authenticatorData as ArrayBuffer,
+    );
+
+    this.clientDataJsonBase64Url = arrayBufferToBase64URLString(
+      credential?.response.clientDataJSON,
+    );
+
+    // Our custom type of JWANT means the signature is based on a concatenation of the two Webauthn properties
+    const header: JWTPayload = { typ: "JWANT", alg: "ES256" };
+    const headerBase64 = Buffer.from(JSON.stringify(header))
+      .toString("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+
+    const dataInJwt = {
+      AuthenticationDataB64URL: authenticatorDataBase64Url,
+      ClientDataJSONB64URL: this.clientDataJsonBase64Url,
+      exp: expiryTime,
+      iat: issuedAt,
+      iss: issuerDid,
+    };
+    const dataInJwtString = JSON.stringify(dataInJwt);
+    const payloadBase64 = Buffer.from(dataInJwtString)
+      .toString("base64")
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+
+    const origSignature = Buffer.from(credential?.response.signature).toString(
+      "base64",
+    );
+    this.signature = origSignature
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=+$/, "");
+
+    const jwt = headerBase64 + "." + payloadBase64 + "." + this.signature;
+    return jwt;
+  }
+
+  // To use this, add the asn1-ber library and add this import:
+  // import asn1 from "asn1-ber";
+  //
+  // return a low-level signing function, similar to createJWS approach
+  // async webAuthnES256KSigner(credentialID: string) {
+  //   return async (data: string | Uint8Array) => {
+  //     // get signature from WebAuthn
+  //     const signature = await this.generateWebAuthnSignature(data);
+  //
+  //     // This converts from the browser ArrayBuffer to a Node.js Buffer, which is a requirement for the asn1 library.
+  //     const signatureBuffer = Buffer.from(signature);
+  //     console.log("lower signature inside signer", signature);
+  //     console.log("lower buffer signature inside signer", signatureBuffer);
+  //     console.log("lower base64 buffer signature inside signer", signatureBuffer.toString("base64"));
+  //     // Decode the DER-encoded signature to extract R and S values
+  //     const reader = new asn1.BerReader(signatureBuffer);
+  //     console.log("lower after reader");
+  //     reader.readSequence();
+  //     console.log("lower after read sequence");
+  //     const r = reader.readString(asn1.Ber.Integer, true);
+  //     console.log("lower after r");
+  //     const s = reader.readString(asn1.Ber.Integer, true);
+  //     console.log("lower after r & s");
+  //
+  //     // Ensure R and S are 32 bytes each
+  //     const rBuffer = Buffer.from(r);
+  //     const sBuffer = Buffer.from(s);
+  //     console.log("lower after rBuffer & sBuffer", rBuffer, sBuffer);
+  //     const rWithoutPrefix = rBuffer.length > 32 ? rBuffer.slice(1) : rBuffer;
+  //     const sWithoutPrefix = sBuffer.length > 32 ? sBuffer.slice(1) : sBuffer;
+  //     const rPadded =
+  //       rWithoutPrefix.length < 32
+  //         ? Buffer.concat([Buffer.alloc(32 - rWithoutPrefix.length), rBuffer])
+  //         : rWithoutPrefix;
+  //     const sPadded =
+  //       rWithoutPrefix.length < 32
+  //         ? Buffer.concat([Buffer.alloc(32 - sWithoutPrefix.length), sBuffer])
+  //         : sWithoutPrefix;
+  //
+  //     // Concatenate R and S to form the 64-byte array (ECDSA signature format expected by JWT)
+  //     const combinedSignature = Buffer.concat([rPadded, sPadded]);
+  //     console.log(
+  //       "lower combinedSignature",
+  //       combinedSignature.length,
+  //       combinedSignature,
+  //     );
+  //
+  //     const combSig64 = combinedSignature.toString("base64");
+  //     console.log("lower combSig64", combSig64);
+  //     const combSig64Url = combSig64
+  //       .replace(/\+/g, "-")
+  //       .replace(/\//g, "_")
+  //       .replace(/=+$/, "");
+  //     console.log("lower combSig64Url", combSig64Url);
+  //     return combSig64Url;
+  //   };
+  // }
+}
+
+export async function createDidPeerJwt(
+  did: string,
+  credIdHex: string,
+  payload: object,
+): Promise<string> {
+  const peerSetup = new PeerSetup();
+  const jwt = await peerSetup.createJwtNavigator(did, payload, credIdHex);
+  return jwt;
+}
+
+// I'd love to use this but it doesn't verify.
+// Requires:
+// npm install @noble/curves
+// ... and this import:
+// import { p256 } from "@noble/curves/p256";
+export async function verifyJwtP256(
+  credIdHex: string,
+  issuerDid: string,
+  authenticatorData: ArrayBuffer,
+  challenge: Uint8Array,
+  clientDataJsonBase64Url: Base64URLString,
+  signature: Base64URLString,
+) {
+  const authDataFromBase = Buffer.from(authenticatorData);
+  const clientDataFromBase = Buffer.from(clientDataJsonBase64Url, "base64");
+  const sigBuffer = Buffer.from(signature, "base64");
+  const finalSigBuffer = unwrapEC2Signature(sigBuffer);
+  const publicKeyBytes = peerDidToPublicKeyBytes(issuerDid);
+
+  // Hash the client data
+  const hash = sha256(clientDataFromBase);
+
+  // Construct the preimage
+  const preimage = Buffer.concat([authDataFromBase, hash]);
+
+  const isValid = p256.verify(
+    finalSigBuffer,
+    new Uint8Array(preimage),
+    publicKeyBytes,
+  );
+  return isValid;
+}
+
+export async function verifyJwtSimplewebauthn(
+  credIdHex: string,
+  issuerDid: string,
+  authenticatorData: ArrayBuffer,
+  challenge: Uint8Array,
+  clientDataJsonBase64Url: Base64URLString,
+  signature: Base64URLString,
+) {
+  const authData = arrayToBase64Url(Buffer.from(authenticatorData));
+  const publicKeyBytes = peerDidToPublicKeyBytes(issuerDid);
+  const credId = arrayBufferToBase64URLString(
+    Buffer.from(credIdHex, "hex").buffer,
+  );
+  const authOpts: VerifyAuthenticationResponseOpts = {
+    authenticator: {
+      credentialID: credId,
+      credentialPublicKey: publicKeyBytes,
+      counter: 0,
+    },
+    expectedChallenge: arrayToBase64Url(challenge),
+    expectedOrigin: window.location.origin,
+    expectedRPID: window.location.hostname,
+    response: {
+      authenticatorAttachment: "platform",
+      clientExtensionResults: {},
+      id: credId,
+      rawId: credId,
+      response: {
+        authenticatorData: authData,
+        clientDataJSON: clientDataJsonBase64Url,
+        signature: signature,
+      },
+      type: "public-key",
+    },
+  };
+  const verification = await verifyAuthenticationResponse(authOpts);
+  return verification.verified;
+}
+
+// similar code is in endorser-ch util-crypto.ts verifyPeerSignature
+export async function verifyJwtWebCrypto(
+  credId: Base64URLString,
+  issuerDid: string,
+  authenticatorData: ArrayBuffer,
+  challenge: Uint8Array,
+  clientDataJsonBase64Url: Base64URLString,
+  signature: Base64URLString,
+) {
+  const authDataFromBase = Buffer.from(authenticatorData);
+  const clientDataFromBase = Buffer.from(clientDataJsonBase64Url, "base64");
+  const sigBuffer = Buffer.from(signature, "base64");
+  const finalSigBuffer = unwrapEC2Signature(sigBuffer);
+
+  // Hash the client data
+  const hash = sha256(clientDataFromBase);
+
+  // Construct the preimage
+  const preimage = Buffer.concat([authDataFromBase, hash]);
+  return verifyPeerSignature(preimage, issuerDid, finalSigBuffer);
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+async function peerDidToDidDocument(did: string): Promise<DIDResolutionResult> {
+  if (!did.startsWith("did:peer:0z")) {
+    throw new Error(
+      "This only verifies a peer DID, method 0, encoded base58btc.",
+    );
+  }
+  // this is basically hard-coded from https://www.w3.org/TR/did-core/#example-various-verification-method-types
+  // (another reference is the @aviarytech/did-peer resolver)
+  const id = did.split(":")[2];
+  const multibase = id.slice(1);
+  const encnumbasis = multibase.slice(1);
+  const didDocument = {
+    "@context": [
+      "https://www.w3.org/ns/did/v1",
+      "https://w3id.org/security/suites/jws-2020/v1",
+    ],
+    assertionMethod: [did + "#" + encnumbasis],
+    authentication: [did + "#" + encnumbasis],
+    capabilityDelegation: [did + "#" + encnumbasis],
+    capabilityInvocation: [did + "#" + encnumbasis],
+    id: did,
+    keyAgreement: undefined,
+    service: undefined,
+    verificationMethod: [
+      {
+        controller: did,
+        id: did + "#" + encnumbasis,
+        publicKeyMultibase: multibase,
+        type: "EcdsaSecp256k1VerificationKey2019",
+      },
+    ],
+  };
+  return {
+    didDocument,
+    didDocumentMetadata: {},
+    didResolutionMetadata: { contentType: "application/did+ld+json" },
+  };
+}
+
+// convert COSE public key to PEM format
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+function COSEtoPEM(cose: Buffer) {
+  // const alg = cose.get(3); // Algorithm
+  const x = cose[-2]; // x-coordinate
+  const y = cose[-3]; // y-coordinate
+
+  // Ensure the coordinates are in the correct format
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-expect-error because it complains about the type of x and y
+  const pubKeyBuffer = Buffer.concat([Buffer.from([0x04]), x, y]);
+
+  // Convert to PEM format
+  const pem = `-----BEGIN PUBLIC KEY-----
+${pubKeyBuffer.toString("base64")}
+-----END PUBLIC KEY-----`;
+
+  return pem;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+function base64urlDecode(input: string) {
+  input = input.replace(/-/g, "+").replace(/_/g, "/");
+  const pad = input.length % 4 === 0 ? "" : "====".slice(input.length % 4);
+  const str = atob(input + pad);
+  const bytes = new Uint8Array(str.length);
+  for (let i = 0; i < str.length; i++) {
+    bytes[i] = str.charCodeAt(i);
+  }
+  return bytes.buffer;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+function base64urlEncode(buffer: ArrayBuffer) {
+  const str = String.fromCharCode(...new Uint8Array(buffer));
+  return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+// from @simplewebauthn/browser
+function arrayBufferToBase64URLString(buffer: ArrayBuffer) {
+  const bytes = new Uint8Array(buffer);
+  let str = "";
+  for (const charCode of bytes) {
+    str += String.fromCharCode(charCode);
+  }
+  const base64String = btoa(str);
+  return base64String.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+
+// from @simplewebauthn/browser
+function base64URLStringToArrayBuffer(base64URLString: string) {
+  const base64 = base64URLString.replace(/-/g, "+").replace(/_/g, "/");
+  const padLength = (4 - (base64.length % 4)) % 4;
+  const padded = base64.padEnd(base64.length + padLength, "=");
+  const binary = atob(padded);
+  const buffer = new ArrayBuffer(binary.length);
+  const bytes = new Uint8Array(buffer);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return buffer;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+async function pemToCryptoKey(pem: string) {
+  const binaryDerString = atob(
+    pem
+      .split("\n")
+      .filter((x) => !x.includes("-----"))
+      .join(""),
+  );
+  const binaryDer = new Uint8Array(binaryDerString.length);
+  for (let i = 0; i < binaryDerString.length; i++) {
+    binaryDer[i] = binaryDerString.charCodeAt(i);
+  }
+  // console.log("binaryDer", binaryDer.buffer);
+  return await window.crypto.subtle.importKey(
+    "spki",
+    binaryDer.buffer,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256",
+    },
+    true,
+    ["verify"],
+  );
+}

src/libs/crypto/vc/passkeyHelpers.ts

@@ -0,0 +1,105 @@
+// from https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts
+import { AsnParser } from "@peculiar/asn1-schema";
+import { ECDSASigValue } from "@peculiar/asn1-ecc";
+
+/**
+ * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
+ *
+ * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
+ */
+export function unwrapEC2Signature(signature: Uint8Array): Uint8Array {
+  const parsedSignature = AsnParser.parse(signature, ECDSASigValue);
+  let rBytes = new Uint8Array(parsedSignature.r);
+  let sBytes = new Uint8Array(parsedSignature.s);
+
+  if (shouldRemoveLeadingZero(rBytes)) {
+    rBytes = rBytes.slice(1);
+  }
+
+  if (shouldRemoveLeadingZero(sBytes)) {
+    sBytes = sBytes.slice(1);
+  }
+
+  const finalSignature = isoUint8ArrayConcat([rBytes, sBytes]);
+
+  return finalSignature;
+}
+
+/**
+ * Determine if the DER-specific `00` byte at the start of an ECDSA signature byte sequence
+ * should be removed based on the following logic:
+ *
+ * "If the leading byte is 0x0, and the the high order bit on the second byte is not set to 0,
+ * then remove the leading 0x0 byte"
+ */
+function shouldRemoveLeadingZero(bytes: Uint8Array): boolean {
+  return bytes[0] === 0x0 && (bytes[1] & (1 << 7)) !== 0;
+}
+
+// from https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/iso/isoUint8Array.ts#L49
+/**
+ * Combine multiple Uint8Arrays into a single Uint8Array
+ */
+export function isoUint8ArrayConcat(arrays: Uint8Array[]): Uint8Array {
+  let pointer = 0;
+  const totalLength = arrays.reduce((prev, curr) => prev + curr.length, 0);
+
+  const toReturn = new Uint8Array(totalLength);
+
+  arrays.forEach((arr) => {
+    toReturn.set(arr, pointer);
+    pointer += arr.length;
+  });
+
+  return toReturn;
+}
+
+// from https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/iso/isoCrypto/getWebCrypto.ts
+let webCrypto: { subtle: SubtleCrypto } | undefined = undefined;
+export function getWebCrypto(): Promise<{ subtle: SubtleCrypto }> {
+  /**
+   * Hello there! If you came here wondering why this method is asynchronous when use of
+   * `globalThis.crypto` is not, it's to minimize a bunch of refactor related to making this
+   * synchronous. For example, `generateRegistrationOptions()` and `generateAuthenticationOptions()`
+   * become synchronous if we make this synchronous (since nothing else in that method is async)
+   * which represents a breaking API change in this library's core API.
+   *
+   * TODO: If it's after February 2025 when you read this then consider whether it still makes sense
+   * to keep this method asynchronous.
+   */
+  const toResolve: Promise<{ subtle: SubtleCrypto }> = new Promise(
+    (resolve, reject) => {
+      if (webCrypto) {
+        return resolve(webCrypto);
+      }
+      /**
+       * Naively attempt to access Crypto as a global object, which popular ESM-centric run-times
+       * support (and Node v20+)
+       */
+      const _globalThisCrypto =
+        _getWebCryptoInternals.stubThisGlobalThisCrypto();
+      if (_globalThisCrypto) {
+        webCrypto = _globalThisCrypto;
+        return resolve(webCrypto);
+      }
+      // We tried to access it both in Node and globally, so bail out
+      return reject(new MissingWebCrypto());
+    },
+  );
+  return toResolve;
+}
+class MissingWebCrypto extends Error {
+  constructor() {
+    const message = "An instance of the Crypto API could not be located";
+    super(message);
+    this.name = "MissingWebCrypto";
+  }
+}
+// Make it possible to stub return values during testing
+const _getWebCryptoInternals = {
+  stubThisGlobalThisCrypto: () => globalThis.crypto,
+  // Make it possible to reset the `webCrypto` at the top of the file
+  setCachedCrypto: (newCrypto: { subtle: SubtleCrypto }) => {
+    webCrypto = newCrypto;
+  },
+};

src/libs/endorserServer.ts

@@ -1,19 +1,13 @@
-import {
+import { Axios, AxiosRequestConfig, AxiosResponse } from "axios";
-  Axios,
-  AxiosRequestConfig,
-  AxiosResponse,
-  RawAxiosRequestHeaders,
-} from "axios";
-import * as didJwt from "did-jwt";
 import { LRUCache } from "lru-cache";
 import * as R from "ramda";
-import { IIdentifier } from "@veramo/core";
 
 import { DEFAULT_IMAGE_API_SERVER } from "@/constants/app";
 import { Contact } from "@/db/tables/contacts";
-import { accessToken, SimpleSigner } from "@/libs/crypto";
+import { accessToken } from "@/libs/crypto";
 import { NonsensitiveDexie } from "@/db/index";
-import { getIdentity } from "@/libs/util";
+import { getAccount } from "@/libs/util";
+import { createEndorserJwtForKey, KeyMeta } from "@/libs/crypto/vc";
 
 export const SCHEMA_ORG_CONTEXT = "https://schema.org";
 // the object in RegisterAction claims
@@ -407,7 +401,7 @@ export function contactForDid(
  * @param contact
  * @param allMyDids
  * @return { known: boolean, displayName: string, profileImageUrl?: string }
- *  where 'known' is true if the display name is some easily-recogizable name, false if it's a generic name like "Someone Unnamed"
+ *  where 'known' is true if they are in the contacts
  */
 export function didInfoForContact(
   did: string | undefined,
@@ -422,7 +416,7 @@ export function didInfoForContact(
   } else if (contact) {
     return {
       displayName: contact.name || "Contact With No Name",
-      known: !!contact.name,
+      known: !!contact,
       profileImageUrl: contact.profileImageUrl,
     };
   } else {
@@ -453,28 +447,30 @@ export function didInfo(
   return didInfoForContact(did, activeDid, contact, allMyDids).displayName;
 }
 
-async function getHeaders(identity: IIdentifier | null) {
+export async function getHeaders(did?: string) {
-  const headers: RawAxiosRequestHeaders = {
+  const headers: { "Content-Type": string; Authorization?: string } = {
     "Content-Type": "application/json",
   };
-  if (identity) {
+  if (did) {
-    const token = await accessToken(identity);
+    const token = await accessToken(did);
     headers["Authorization"] = "Bearer " + token;
+  } else {
+    // it's often OK to request without auth; we assume necessary checks are done earlier
   }
   return headers;
 }
 
 /**
  * @param handleId nullable, in which case "undefined" will be returned
- * @param identity nullable, in which case no private info will be returned
+ * @param requesterDid optional, in which case no private info will be returned
  * @param axios
  * @param apiServer
  */
 export async function getPlanFromCache(
   handleId: string | null,
-  identity: IIdentifier | null,
   axios: Axios,
   apiServer: string,
+  requesterDid?: string,
 ): Promise<PlanSummaryRecord | undefined> {
   if (!handleId) {
     return undefined;
@@ -485,7 +481,7 @@ export async function getPlanFromCache(
       apiServer +
       "/api/v2/report/plans?handleId=" +
       encodeURIComponent(handleId);
-    const headers = await getHeaders(identity);
+    const headers = await getHeaders(requesterDid);
     try {
       const resp = await axios.get(url, { headers });
       if (resp.status === 200 && resp.data?.data?.length > 0) {
@@ -519,18 +515,9 @@ export async function setPlanInCache(
 }
 
 /**
- * For result, see https://api.endorser.ch/api-docs/#/claims/post_api_v2_claim
+ * Construct GiveAction VC for submission to server
- *
- * @param identity
- * @param fromDid may be null
- * @param toDid
- * @param description may be null; should have this or amount
- * @param amount may be null; should have this or description
  */
-export async function createAndSubmitGive(
+export function constructGive(
-  axios: Axios,
-  apiServer: string,
-  identity: IIdentifier,
   fromDid?: string | null,
   toDid?: string,
   description?: string,
@@ -540,9 +527,9 @@ export async function createAndSubmitGive(
   fulfillsOfferHandleId?: string,
   isTrade: boolean = false,
   imageUrl?: string,
-): Promise<CreateAndSubmitClaimResult> {
+): GiveVerifiableCredential {
   const vcClaim: GiveVerifiableCredential = {
-    "@context": "https://schema.org",
+    "@context": SCHEMA_ORG_CONTEXT,
     "@type": "GiveAction",
     recipient: toDid ? { identifier: toDid } : undefined,
     agent: fromDid ? { identifier: fromDid } : undefined,
@@ -569,9 +556,46 @@ export async function createAndSubmitGive(
   if (imageUrl) {
     vcClaim.image = imageUrl;
   }
+  return vcClaim;
+}
+
+/**
+ * For result, see https://api.endorser.ch/api-docs/#/claims/post_api_v2_claim
+ *
+ * @param identity
+ * @param fromDid may be null
+ * @param toDid
+ * @param description may be null; should have this or amount
+ * @param amount may be null; should have this or description
+ */
+export async function createAndSubmitGive(
+  axios: Axios,
+  apiServer: string,
+  issuerDid: string,
+  fromDid?: string | null,
+  toDid?: string,
+  description?: string,
+  amount?: number,
+  unitCode?: string,
+  fulfillsProjectHandleId?: string,
+  fulfillsOfferHandleId?: string,
+  isTrade: boolean = false,
+  imageUrl?: string,
+): Promise<CreateAndSubmitClaimResult> {
+  const vcClaim = constructGive(
+    fromDid,
+    toDid,
+    description,
+    amount,
+    unitCode,
+    fulfillsProjectHandleId,
+    fulfillsOfferHandleId,
+    isTrade,
+    imageUrl,
+  );
   return createAndSubmitClaim(
     vcClaim as GenericCredWrapper,
-    identity,
+    issuerDid,
     apiServer,
     axios,
   );
@@ -589,7 +613,7 @@ export async function createAndSubmitGive(
 export async function createAndSubmitOffer(
   axios: Axios,
   apiServer: string,
-  identity: IIdentifier,
+  issuerDid: string,
   description?: string,
   amount?: number,
   unitCode?: string,
@@ -598,9 +622,9 @@ export async function createAndSubmitOffer(
   fulfillsProjectHandleId?: string,
 ): Promise<CreateAndSubmitClaimResult> {
   const vcClaim: OfferVerifiableCredential = {
-    "@context": "https://schema.org",
+    "@context": SCHEMA_ORG_CONTEXT,
     "@type": "Offer",
-    offeredBy: { identifier: identity.did },
+    offeredBy: { identifier: issuerDid },
     validThrough: expirationDate || undefined,
   };
   if (amount) {
@@ -624,7 +648,7 @@ export async function createAndSubmitOffer(
   }
   return createAndSubmitClaim(
     vcClaim as GenericCredWrapper,
-    identity,
+    issuerDid,
     apiServer,
     axios,
   );
@@ -632,7 +656,7 @@ export async function createAndSubmitOffer(
 
 // similar logic is found in endorser-mobile
 export const createAndSubmitConfirmation = async (
-  identifier: IIdentifier,
+  issuerDid: string,
   claim: GenericVerifiableCredential,
   lastClaimId: string, // used to set the lastClaimId
   handleId: string | undefined,
@@ -645,16 +669,16 @@ export const createAndSubmitConfirmation = async (
     ),
   );
   const confirmationClaim: GenericVerifiableCredential = {
-    "@context": "https://schema.org",
+    "@context": SCHEMA_ORG_CONTEXT,
     "@type": "AgreeAction",
     object: goodClaim,
   };
-  return createAndSubmitClaim(confirmationClaim, identifier, apiServer, axios);
+  return createAndSubmitClaim(confirmationClaim, issuerDid, apiServer, axios);
 };
 
 export async function createAndSubmitClaim(
   vcClaim: GenericVerifiableCredential,
-  identity: IIdentifier,
+  issuerDid: string,
   apiServer: string,
   axios: Axios,
 ): Promise<CreateAndSubmitClaimResult> {
@@ -667,34 +691,15 @@ export async function createAndSubmitClaim(
       },
     };
 
-    // Create a signature using private key of identity
+    const vcJwt: string = await createEndorserJwtForDid(issuerDid, vcPayload);
-    const firstKey = identity.keys[0];
-    const privateKeyHex = firstKey?.privateKeyHex;
-
-    if (!privateKeyHex) {
-      throw {
-        error: "No private key",
-        message: `Your identifier ${identity.did} is not configured correctly. Use a different identifier.`,
-      };
-    }
-
-    const signer = await SimpleSigner(privateKeyHex);
-
-    // Create a JWT for the request
-    const vcJwt: string = await didJwt.createJWT(vcPayload, {
-      issuer: identity.did,
-      signer,
-    });
 
     // Make the xhr request payload
     const payload = JSON.stringify({ jwtEncoded: vcJwt });
     const url = `${apiServer}/api/v2/claim`;
-    const token = await accessToken(identity);
 
     const response = await axios.post(url, payload, {
       headers: {
         "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
       },
     });
 
@@ -716,6 +721,14 @@ export async function createAndSubmitClaim(
   }
 }
 
+export async function createEndorserJwtForDid(
+  issuerDid: string,
+  payload: object,
+) {
+  const account = await getAccount(issuerDid);
+  return createEndorserJwtForKey(account as KeyMeta, payload);
+}
+
 /**
  * An AcceptAction is when someone accepts some contract or pledge.
  *
@@ -919,18 +932,31 @@ export const bvcMeetingJoinClaim = (did: string, startTime: string) => {
   };
 };
 
+export async function createEndorserJwtVcFromClaim(
+  issuerDid: string,
+  claim: object,
+) {
+  // Make a payload for the claim
+  const vcPayload = {
+    vc: {
+      "@context": ["https://www.w3.org/2018/credentials/v1"],
+      type: ["VerifiableCredential"],
+      credentialSubject: claim,
+    },
+  };
+  return createEndorserJwtForDid(issuerDid, vcPayload);
+}
+
 export async function register(
   activeDid: string,
   apiServer: string,
   axios: Axios,
   contact: Contact,
 ) {
-  const identity = await getIdentity(activeDid);
-
   const vcClaim: RegisterVerifiableCredential = {
-    "@context": "https://schema.org",
+    "@context": SCHEMA_ORG_CONTEXT,
     "@type": "RegisterAction",
-    agent: { identifier: identity.did },
+    agent: { identifier: activeDid },
     object: SERVICE_ID,
     participant: { identifier: contact.did },
   };
@@ -943,26 +969,10 @@ export async function register(
     },
   };
   // Create a signature using private key of identity
-  if (identity.keys[0].privateKeyHex == null) {
+  const vcJwt = await createEndorserJwtForDid(activeDid, vcPayload);
-    return { error: "Private key not found." };
-  }
-  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-  const privateKeyHex: string = identity.keys[0].privateKeyHex!;
-  const signer = await SimpleSigner(privateKeyHex);
-  const alg = undefined;
-  // Create a JWT for the request
-  const vcJwt: string = await didJwt.createJWT(vcPayload, {
-    alg: alg,
-    issuer: identity.did,
-    signer: signer,
-  });
 
-  // Make the xhr request payload
-  const payload = JSON.stringify({ jwtEncoded: vcJwt });
   const url = apiServer + "/api/v2/claim";
-  const headers = await getHeaders(identity);
+  const resp = await axios.post(url, { jwtEncoded: vcJwt });
-
-  const resp = await axios.post(url, payload, { headers });
   if (resp.data?.success?.handleId) {
     return { success: true };
   } else if (resp.data?.success?.embeddedRecordError) {
@@ -991,8 +1001,7 @@ export async function setVisibilityUtil(
   }
   const url =
     apiServer + "/api/report/" + (visibility ? "canSeeMe" : "cannotSeeMe");
-  const identity = await getIdentity(activeDid);
+  const headers = await getHeaders(activeDid);
-  const headers = await getHeaders(identity);
   const payload = JSON.stringify({ did: contact.did });
 
   try {
@@ -1021,16 +1030,16 @@ export async function setVisibilityUtil(
  *
  * @param apiServer endorser server URL string
  * @param axios Axios instance
- * @param {IIdentifier} identity - The identity object to check rate limits for.
+ * @param {string} issuerDid - The DID for which to check rate limits.
  * @returns {Promise<AxiosResponse>} The Axios response object.
  */
 export async function fetchEndorserRateLimits(
   apiServer: string,
   axios: Axios,
-  identity: IIdentifier,
+  issuerDid: string,
 ) {
   const url = `${apiServer}/api/report/rateLimits`;
-  const headers = await getHeaders(identity);
+  const headers = await getHeaders(issuerDid);
   return await axios.get(url, { headers } as AxiosRequestConfig);
 }
 
@@ -1039,15 +1048,11 @@ export async function fetchEndorserRateLimits(
  *
  * @param apiServer image server URL string
  * @param axios Axios instance
- * @param {IIdentifier} identity - The identity object to check rate limits for.
+ * @param {string} issuerDid - The DID for which to check rate limits.
  * @returns {Promise<AxiosResponse>} The Axios response object.
  */
-export async function fetchImageRateLimits(
+export async function fetchImageRateLimits(axios: Axios, issuerDid: string) {
-  apiServer: string,
-  axios: Axios,
-  identity: IIdentifier,
-) {
   const url = DEFAULT_IMAGE_API_SERVER + "/image-limits";
-  const headers = await getHeaders(identity);
+  const headers = await getHeaders(issuerDid);
   return await axios.get(url, { headers } as AxiosRequestConfig);
 }

src/libs/util.ts

@@ -11,9 +11,14 @@ import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
 import { deriveAddress, generateSeed, newIdentifier } from "@/libs/crypto";
 import { GenericCredWrapper, containsHiddenDid } from "@/libs/endorserServer";
 import * as serverUtil from "@/libs/endorserServer";
+import { registerCredential } from "@/libs/crypto/vc/passkeyDidPeer";
+
+import { Buffer } from "buffer";
+import {KeyMeta} from "@/libs/crypto/vc";
+import {createPeerDid} from "@/libs/crypto/vc/didPeer";
 
 export const PRIVACY_MESSAGE =
-  "The data you send be visible to the world -- except: your IDs and the IDs of anyone you tag will stay private, only visible to those you allow.";
+  "The data you send will be visible to the world -- except: your IDs and the IDs of anyone you tag will stay private, only visible to them and others you explicitly allow.";
 
 /* eslint-disable prettier/prettier */
 export const UNIT_SHORT: Record<string, string> = {
@@ -193,20 +198,17 @@ export function findAllVisibleToDids(
  *
  **/
 
-export const getIdentity = async (activeDid: string): Promise<IIdentifier> => {
+export interface AccountKeyInfo extends Account, KeyMeta {}
+
+export const getAccount = async (
+  activeDid: string,
+): Promise<AccountKeyInfo | undefined> => {
   await accountsDB.open();
   const account = (await accountsDB.accounts
     .where("did")
     .equals(activeDid)
     .first()) as Account;
-  const identity = JSON.parse(account?.identity || "null");
+  return account;
-
-  if (!identity) {
-    throw new Error(
-      `Attempted to load identity ${activeDid} but no identifier was found`,
-    );
-  }
-  return identity;
 };
 
 /**
@@ -239,6 +241,38 @@ export const generateSaveAndActivateIdentity = async (): Promise<string> => {
   return newId.did;
 };
 
+export const registerAndSavePasskey = async (
+  keyName: string,
+): Promise<Account> => {
+  const cred = await registerCredential(keyName);
+  const publicKeyBytes = cred.publicKeyBytes;
+  const did = createPeerDid(publicKeyBytes as Uint8Array);
+  const passkeyCredIdHex = cred.credIdHex as string;
+
+  const account = {
+    dateCreated: new Date().toISOString(),
+    did,
+    passkeyCredIdHex,
+    publicKeyHex: Buffer.from(publicKeyBytes).toString("hex"),
+  };
+  await accountsDB.open();
+  await accountsDB.accounts.add(account);
+  return account;
+};
+
+export const registerSaveAndActivatePasskey = async (
+  keyName: string,
+): Promise<Account> => {
+  const account = await registerAndSavePasskey(keyName);
+
+  await db.open();
+  await db.settings.update(MASTER_SETTINGS_KEY, {
+    activeDid: account.did,
+  });
+
+  return account;
+};
+
 export const sendTestThroughPushServer = async (
   subscriptionJSON: PushSubscriptionJSON,
   skipFilter: boolean,

src/main.ts

@@ -162,7 +162,7 @@ function setupGlobalErrorHandler(app: VueApp) {
     info: string,
   ) => {
     console.error(
-      "Global Error Handler. Info:",
+      "Ouch! Global Error Handler. Info:",
       info,
       "Error:",
       err,

src/router/index.ts

@@ -38,6 +38,11 @@ const routes: Array<RouteRecordRaw> = [
     name: "claim",
     component: () => import("../views/ClaimView.vue"),
   },
+  {
+    path: "/claim-add-raw/:id?",
+    name: "claim-add-raw",
+    component: () => import("../views/ClaimAddRawView.vue"),
+  },
   {
     path: "/confirm-contact",
     name: "confirm-contact",

src/test/index.ts

@@ -6,6 +6,9 @@ import { SERVICE_ID } from "../libs/endorserServer";
 import { deriveAddress, newIdentifier } from "../libs/crypto";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
 
+/**
+ * Get User #0 to sign & submit a RegisterAction for the user's activeDid.
+ */
 export async function testServerRegisterUser() {
   const testUser0Mnem =
     "seminar accuse mystery assist delay law thing deal image undo guard initial shallow wrestle list fragile borrow velvet tomorrow awake explain test offer control";

src/views/AccountViewView.vue

@@ -314,7 +314,7 @@
     >
       Advanced
     </h3>
-    <div v-if="showAdvanced">
+    <div v-if="showAdvanced || showGeneralAdvanced">
       <p class="text-rose-600 mb-8">
         Beware: the features here can be confusing and even change data in ways
         you do not expect. But we support your freedom!
@@ -359,6 +359,7 @@
 
         <div class="text-slate-500 text-sm font-bold">Derivation Path</div>
         <div
+          v-if="derivationPath"
           class="text-sm text-slate-500 flex justify-start items-center mb-1"
         >
           <code class="truncate">{{ derivationPath }}</code>
@@ -375,6 +376,12 @@
           </button>
           <span v-show="showDerCopy">Copied</span>
         </div>
+        <div
+          v-else
+          class="text-sm text-slate-500 flex justify-start items-center mb-1"
+        >
+          (none)
+        </div>
       </div>
 
       <!-- id used by puppeteer test script -->
@@ -386,6 +393,27 @@
         Switch Identifier
       </router-link>
 
+      <div class="mt-4">
+        <h2 class="text-slate-500 text-sm font-bold">
+          Contacts & Settings Database
+        </h2>
+
+        <div class="ml-4 mt-2">
+          Import
+          <input type="file" @change="uploadImportFile" class="ml-2" />
+          <div v-if="showContactImport()">
+            <button
+              class="block text-center text-md bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-2 rounded-md mb-6"
+              @click="confirmSubmitImportFile()"
+            >
+              Import Settings & Contacts
+              <br />
+              (excluding Identifier Data)
+            </button>
+          </div>
+        </div>
+      </div>
+
       <label
         for="toggleShowAmounts"
         class="flex items-center justify-between cursor-pointer my-4"
@@ -583,27 +611,6 @@
         </div>
       </label>
 
-      <div class="mt-4">
-        <h2 class="text-slate-500 text-sm font-bold">
-          Contacts & Settings Database
-        </h2>
-
-        <div class="ml-4 mt-2">
-          Import
-          <input type="file" @change="uploadImportFile" class="ml-2" />
-          <div v-if="showContactImport()">
-            <button
-              class="block text-center text-md bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-2 rounded-md mb-6"
-              @click="confirmSubmitImportFile()"
-            >
-              Import Settings & Contacts
-              <br />
-              (excluding Identifier Data)
-            </button>
-          </div>
-        </div>
-      </div>
-
       <div class="flex mt-4">
         <button>
           <router-link
@@ -614,19 +621,48 @@
           </router-link>
         </button>
       </div>
+
+      <label
+        for="toggleShowGeneralAdvanced"
+        class="flex items-center justify-between cursor-pointer mt-4"
+        @click="toggleShowGeneralAdvanced"
+      >
+        <!-- label -->
+        <span class="text-slate-500 text-sm font-bold">
+          Show All General Advanced Functions
+        </span>
+        <!-- toggle -->
+        <div class="relative ml-2">
+          <!-- input -->
+          <input
+            type="checkbox"
+            v-model="showGeneralAdvanced"
+            class="sr-only"
+          />
+          <!-- line -->
+          <div class="block bg-slate-500 w-14 h-8 rounded-full" />
+          <!-- dot -->
+          <div
+            class="dot absolute left-1 top-1 bg-slate-400 w-6 h-6 rounded-full transition"
+          />
+        </div>
+      </label>
     </div>
   </section>
 </template>
 
 <script lang="ts">
 import { AxiosError } from "axios";
+import { Buffer } from "buffer/";
 import Dexie from "dexie";
 import "dexie-export-import";
 import { ImportProgress } from "dexie-export-import/dist/import";
+import { IIdentifier } from "@veramo/core";
 import { ref } from "vue";
 import { Component, Vue } from "vue-facing-decorator";
 import { useClipboard } from "@vueuse/core";
 
+import EntityIcon from "@/components/EntityIcon.vue";
 import ImageMethodDialog from "@/components/ImageMethodDialog.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import TopMessage from "@/components/TopMessage.vue";
@@ -638,9 +674,9 @@ import {
   NotificationIface,
 } from "@/constants/app";
 import { db, accountsDB } from "@/db/index";
+import { Account } from "@/db/tables/accounts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
 import { accessToken } from "@/libs/crypto";
-import { IIdentifier } from "@veramo/core";
 import {
   ErrorResponse,
   EndorserRateLimits,
@@ -648,15 +684,7 @@ import {
   fetchEndorserRateLimits,
   fetchImageRateLimits,
 } from "@/libs/endorserServer";
-import { Buffer } from "buffer/";
+import { getAccount } from "@/libs/util";
-import EntityIcon from "@/components/EntityIcon.vue";
-
-interface IAccount {
-  did: string;
-  publicKeyHex: string;
-  privateHex?: string;
-  derivationPath: string;
-}
 
 const inputImportFileNameRef = ref<Blob>();
 
@@ -677,31 +705,32 @@ export default class AccountViewView extends Vue {
   downloadUrl = ""; // because DuckDuckGo doesn't download on automated call to "click" on the anchor
   endorserLimits: EndorserRateLimits | null = null;
   givenName = "";
+  hideRegisterPromptOnNewContact = false;
   imageLimits: ImageRateLimits | null = null;
+  imageServer = "";
   isRegistered = false;
   isSubscribed = false;
+  limitsMessage = "";
+  loadingLimits = false;
   notificationMaybeChanged = false;
   profileImageUrl?: string;
   publicHex = "";
   publicBase64 = "";
-  showLargeIdenticonId?: string;
+  showAdvanced = false;
-  showLargeIdenticonUrl?: string;
+  showB64Copy = false;
-  webPushServer = "";
-  webPushServerInput = "";
-
-  limitsMessage = "";
-  loadingLimits = false;
   showContactGives = false;
   showDidCopy = false;
   showDerCopy = false;
-  showB64Copy = false;
+  showGeneralAdvanced = false;
+  showLargeIdenticonId?: string;
+  showLargeIdenticonUrl?: string;
   showPubCopy = false;
-  showAdvanced = false;
-  hideRegisterPromptOnNewContact = false;
   showShortcutBvc = false;
   subscription: PushSubscription | null = null;
   warnIfProdServer = false;
   warnIfTestServer = false;
+  webPushServer = "";
+  webPushServerInput = "";
 
   /**
    * Async function executed when the component is mounted.
@@ -712,18 +741,9 @@ export default class AccountViewView extends Vue {
    */
   async mounted() {
     try {
-      await db.open();
-
-      const settings = await db.settings.get(MASTER_SETTINGS_KEY);
-
       // Initialize component state with values from the database or defaults
-      this.initializeState(settings);
+      await this.initializeState();
-
+      await this.processIdentity();
-      // Get and process the identity
-      const identity = await this.getIdentity(this.activeDid);
-      if (identity) {
-        this.processIdentity(identity);
-      }
 
       const registration = await navigator.serviceWorker.ready;
       this.subscription = await registration.pushManager.getSubscription();
@@ -742,9 +762,12 @@ export default class AccountViewView extends Vue {
 
   /**
    * Initializes component state with values from the database or defaults.
-   * @param {SettingsType} settings - Object containing settings from the database.
    */
-  initializeState(settings: Settings | undefined) {
+  async initializeState() {
+    await db.open();
+    const settings: Settings | undefined =
+      await db.settings.get(MASTER_SETTINGS_KEY);
+
     this.activeDid = (settings?.activeDid as string) || "";
     this.apiServer = (settings?.apiServer as string) || "";
     this.apiServerInput = (settings?.apiServer as string) || "";
@@ -752,10 +775,12 @@ export default class AccountViewView extends Vue {
       (settings?.firstName || "") +
       (settings?.lastName ? ` ${settings.lastName}` : ""); // pre v 0.1.3
     this.isRegistered = !!settings?.isRegistered;
+    this.imageServer = (settings?.imageServer as string) || "";
     this.profileImageUrl = settings?.profileImageUrl as string;
     this.showContactGives = !!settings?.showContactGivesInline;
     this.hideRegisterPromptOnNewContact =
       !!settings?.hideRegisterPromptOnNewContact;
+    this.showGeneralAdvanced = !!settings?.showGeneralAdvanced;
     this.showShortcutBvc = !!settings?.showShortcutBvc;
     this.warnIfProdServer = !!settings?.warnIfProdServer;
     this.warnIfTestServer = !!settings?.warnIfTestServer;
@@ -763,49 +788,6 @@ export default class AccountViewView extends Vue {
     this.webPushServerInput = (settings?.webPushServer as string) || "";
   }
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier | null> {
-    try {
-      // Open the accounts database
-      await accountsDB.open();
-
-      // Search for the account with the matching DID (decentralized identifier)
-      const account: { identity?: string } | undefined =
-        await accountsDB.accounts.where("did").equals(activeDid).first();
-
-      // Return parsed identity or null if not found
-      return JSON.parse((account?.identity as string) || "null");
-    } catch (error) {
-      console.error("Failed to find account:", error);
-      return null;
-    }
-  }
-
-  /**
-   * Asynchronously retrieves headers for HTTP requests.
-   *
-   * @param {IIdentifier} identity - The identity object for which to generate the headers.
-   * @returns {Promise<Record<string,string>>} A Promise that resolves to an object containing the headers.
-   *
-   * @throws Will throw an error if unable to generate an access token.
-   */
-  public async getHeaders(
-    identity: IIdentifier,
-  ): Promise<Record<string, string>> {
-    try {
-      const token = await accessToken(identity);
-
-      const headers: Record<string, string> = {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
-      };
-
-      return headers;
-    } catch (error) {
-      console.error("Failed to get headers:", error);
-      return Promise.reject(error);
-    }
-  }
-
   // call fn, copy text to the clipboard, then redo fn after 2 seconds
   doCopyTwoSecRedo(text: string, fn: () => void) {
     fn();
@@ -819,6 +801,11 @@ export default class AccountViewView extends Vue {
     this.updateShowContactAmounts();
   }
 
+  toggleShowGeneralAdvanced() {
+    this.showGeneralAdvanced = !this.showGeneralAdvanced;
+    this.updateShowGeneralAdvanced();
+  }
+
   toggleProdWarning() {
     this.warnIfProdServer = !this.warnIfProdServer;
     this.updateWarnIfProdServer(this.warnIfProdServer);
@@ -840,25 +827,19 @@ export default class AccountViewView extends Vue {
 
   /**
    * Processes the identity and updates the component's state.
-   * @param {IdentityType} identity - Object containing identity information.
    */
-  processIdentity(identity: IIdentifier) {
+  async processIdentity() {
-    if (
+    const account: Account | undefined = await getAccount(this.activeDid);
-      identity &&
+    if (account?.identity) {
-      identity.keys &&
+      const identity = JSON.parse(account.identity as string) as IIdentifier;
-      identity.keys.length > 0 &&
-      identity.keys[0].meta
-    ) {
       this.publicHex = identity.keys[0].publicKeyHex;
       this.publicBase64 = Buffer.from(this.publicHex, "hex").toString("base64");
       this.derivationPath = identity.keys[0].meta?.derivationPath as string;
-
+      this.checkLimitsFor(this.activeDid);
-      db.settings.update(MASTER_SETTINGS_KEY, {
+    } else if (account?.publicKeyHex) {
-        activeDid: identity.did,
+      this.publicHex = account.publicKeyHex as string;
-      });
+      this.publicBase64 = Buffer.from(this.publicHex, "hex").toString("base64");
-      this.checkLimitsFor(identity);
+      this.checkLimitsFor(this.activeDid);
-    } else {
-      // Handle the case where any of these are null or undefined
     }
   }
 
@@ -915,7 +896,7 @@ export default class AccountViewView extends Vue {
   public async updateShowContactAmounts() {
     try {
       await db.open();
-      db.settings.update(MASTER_SETTINGS_KEY, {
+      await db.settings.update(MASTER_SETTINGS_KEY, {
         showContactGivesInline: this.showContactGives,
       });
     } catch (err) {
@@ -935,10 +916,33 @@ export default class AccountViewView extends Vue {
     }
   }
 
+  public async updateShowGeneralAdvanced() {
+    try {
+      await db.open();
+      await db.settings.update(MASTER_SETTINGS_KEY, {
+        showGeneralAdvanced: this.showGeneralAdvanced,
+      });
+    } catch (err) {
+      this.$notify(
+        {
+          group: "alert",
+          type: "danger",
+          title: "Error Updating Advanced Setting",
+          text: "The setting may not have saved. Try again, maybe after restarting the app.",
+        },
+        -1,
+      );
+      console.error(
+        "Telling user to try again after general-advanced setting update because:",
+        err,
+      );
+    }
+  }
+
   public async updateWarnIfProdServer(newSetting: boolean) {
     try {
       await db.open();
-      db.settings.update(MASTER_SETTINGS_KEY, {
+      await db.settings.update(MASTER_SETTINGS_KEY, {
         warnIfProdServer: newSetting,
       });
     } catch (err) {
@@ -961,7 +965,7 @@ export default class AccountViewView extends Vue {
   public async updateWarnIfTestServer(newSetting: boolean) {
     try {
       await db.open();
-      db.settings.update(MASTER_SETTINGS_KEY, {
+      await db.settings.update(MASTER_SETTINGS_KEY, {
         warnIfTestServer: newSetting,
       });
     } catch (err) {
@@ -985,7 +989,7 @@ export default class AccountViewView extends Vue {
     const newSetting = !this.hideRegisterPromptOnNewContact;
     try {
       await db.open();
-      db.settings.update(MASTER_SETTINGS_KEY, {
+      await db.settings.update(MASTER_SETTINGS_KEY, {
         hideRegisterPromptOnNewContact: newSetting,
       });
       this.hideRegisterPromptOnNewContact = newSetting;
@@ -1006,7 +1010,7 @@ export default class AccountViewView extends Vue {
   public async updateShowShortcutBvc(newSetting: boolean) {
     try {
       await db.open();
-      db.settings.update(MASTER_SETTINGS_KEY, {
+      await db.settings.update(MASTER_SETTINGS_KEY, {
         showShortcutBvc: newSetting,
       });
     } catch (err) {
@@ -1187,9 +1191,8 @@ export default class AccountViewView extends Vue {
   }
 
   async checkLimits() {
-    const identity = await this.getIdentity(this.activeDid);
+    if (this.activeDid) {
-    if (identity) {
+      this.checkLimitsFor(this.activeDid);
-      this.checkLimitsFor(identity);
     } else {
       this.limitsMessage =
         "You have no identifier, or your data has been corrupted.";
@@ -1201,7 +1204,7 @@ export default class AccountViewView extends Vue {
    *
    * Updates component state variables `limits`, `limitsMessage`, and `loadingLimits`.
    */
-  public async checkLimitsFor(identity: IIdentifier) {
+  public async checkLimitsFor(did: string) {
     this.loadingLimits = true;
     this.limitsMessage = "";
 
@@ -1209,7 +1212,7 @@ export default class AccountViewView extends Vue {
       const resp = await fetchEndorserRateLimits(
         this.apiServer,
         this.axios,
-        identity,
+        did,
       );
       if (resp.status === 200) {
         this.endorserLimits = resp.data;
@@ -1234,11 +1237,7 @@ export default class AccountViewView extends Vue {
             );
           }
         }
-        const imageResp = await fetchImageRateLimits(
+        const imageResp = await fetchImageRateLimits(this.axios, did);
-          this.apiServer,
-          this.axios,
-          identity,
-        );
         if (imageResp.status === 200) {
           this.imageLimits = imageResp.data;
         }
@@ -1335,9 +1334,9 @@ export default class AccountViewView extends Vue {
    *
    * @param {AccountType} account - The account object.
    */
-  private updateActiveAccountProperties(account: IAccount) {
+  private updateActiveAccountProperties(account: Account) {
     this.activeDid = account.did;
-    this.derivationPath = account.derivationPath;
+    this.derivationPath = account.derivationPath || "";
     this.publicHex = account.publicKeyHex;
     this.publicBase64 = Buffer.from(this.publicHex, "hex").toString("base64");
   }
@@ -1408,11 +1407,7 @@ export default class AccountViewView extends Vue {
       return;
     }
     try {
-      const identity = await this.getIdentity(this.activeDid);
+      const token = await accessToken(this.activeDid);
-      if (!identity) {
-        throw Error("No identity found.");
-      }
-      const token = await accessToken(identity);
       const response = await this.axios.delete(
         DEFAULT_IMAGE_API_SERVER +
           "/image/" +

src/views/ClaimAddRawView.vue

@@ -0,0 +1,101 @@
+<template>
+  <QuickNav />
+  <!-- CONTENT -->
+  <section id="Content" class="p-6 pb-24 max-w-3xl mx-auto">
+    <!-- Breadcrumb -->
+    <div id="ViewBreadcrumb" class="mb-8">
+      <h1 class="text-lg text-center font-light relative px-7">
+        <!-- Back -->
+        <button
+          @click="$router.go(-1)"
+          class="text-lg text-center px-2 py-1 absolute -left-2 -top-1"
+        >
+          <fa icon="chevron-left" class="fa-fw" />
+        </button>
+        Raw Claim
+      </h1>
+    </div>
+
+    <div class="flex">
+      <textarea rows="20" class="border-2 w-full" v-model="claimStr"></textarea>
+    </div>
+    <button
+      class="block w-full text-center text-lg font-bold uppercase bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-2 py-3 rounded-md"
+      @click="submitClaim()"
+    >
+      Sign &amp; Send
+    </button>
+  </section>
+</template>
+
+<script lang="ts">
+import { IIdentifier } from "@veramo/core";
+import { Component, Vue } from "vue-facing-decorator";
+
+import GiftedDialog from "@/components/GiftedDialog.vue";
+import { NotificationIface } from "@/constants/app";
+import { accountsDB, db } from "@/db/index";
+import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
+import * as serverUtil from "@/libs/endorserServer";
+import QuickNav from "@/components/QuickNav.vue";
+import { Account } from "@/db/tables/accounts";
+
+@Component({
+  components: { GiftedDialog, QuickNav },
+})
+export default class ClaimAddRawView extends Vue {
+  $notify!: (notification: NotificationIface, timeout?: number) => void;
+
+  accountIdentityStr: string = "null";
+  activeDid = "";
+  apiServer = "";
+  claimStr = "";
+
+  async mounted() {
+    await db.open();
+    const settings = (await db.settings.get(MASTER_SETTINGS_KEY)) as Settings;
+    this.activeDid = settings?.activeDid || "";
+    this.apiServer = settings?.apiServer || "";
+
+    this.claimStr = this.$route.query.claim;
+    try {
+      this.veriClaim = JSON.parse(this.claimStr);
+      this.claimStr = JSON.stringify(this.veriClaim, null, 2);
+    } catch (e) {
+      // ignore a parse
+    }
+  }
+
+  async submitClaim() {
+    const fullClaim = JSON.parse(this.claimStr);
+    const result = await serverUtil.createAndSubmitClaim(
+      fullClaim,
+      this.activeDid,
+      this.apiServer,
+      this.axios,
+    );
+    if (result.type === "success") {
+      this.$notify(
+        {
+          group: "alert",
+          type: "success",
+          title: "Success",
+          text: "Claim submitted.",
+        },
+        5000,
+      );
+    } else {
+      console.error("Got error submitting the claim:", result);
+      this.$notify(
+        {
+          group: "alert",
+          type: "danger",
+          title: "Error",
+          text: "There was a problem submitting the claim. See logs for more info.",
+        },
+        -1,
+      );
+    }
+  }
+}
+</script>

src/views/ClaimView.vue

@@ -407,7 +407,7 @@
 </template>
 
 <script lang="ts">
-import { AxiosError, RawAxiosRequestHeaders } from "axios";
+import { AxiosError } from "axios";
 import * as yaml from "js-yaml";
 import * as R from "ramda";
 import { IIdentifier } from "@veramo/core";
@@ -419,7 +419,6 @@ import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import * as serverUtil from "@/libs/endorserServer";
 import * as libsUtil from "@/libs/util";
 import QuickNav from "@/components/QuickNav.vue";
@@ -432,7 +431,6 @@ import { GiverReceiverInputInfo } from "@/libs/endorserServer";
 export default class ClaimView extends Vue {
   $notify!: (notification: NotificationIface, timeout?: number) => void;
 
-  accountIdentityStr: string = "null";
   activeDid = "";
   allMyDids: Array<string> = [];
   allContacts: Array<Contact> = [];
@@ -485,15 +483,12 @@ export default class ClaimView extends Vue {
     const accounts = accountsDB.accounts;
     const accountsArr: Array<Account> = await accounts?.toArray();
     this.allMyDids = accountsArr.map((acc) => acc.did);
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    this.accountIdentityStr = (account?.identity as string) || "null";
-    const identity = JSON.parse(this.accountIdentityStr);
 
     const pathParam = window.location.pathname.substring("/claim/".length);
     let claimId;
     if (pathParam) {
       claimId = decodeURIComponent(pathParam);
-      await this.loadClaim(claimId, identity);
+      await this.loadClaim(claimId, this.activeDid);
     } else {
       this.$notify(
         {
@@ -527,33 +522,6 @@ export default class ClaimView extends Vue {
     );
   }
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier> {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load project records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const headers: RawAxiosRequestHeaders = {
-      "Content-Type": "application/json",
-    };
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-    return headers;
-  }
-
   // Isn't there a better way to make this available to the template?
   didInfo(did: string) {
     return serverUtil.didInfo(
@@ -564,12 +532,12 @@ export default class ClaimView extends Vue {
     );
   }
 
-  async loadClaim(claimId: string, identity: IIdentifier) {
+  async loadClaim(claimId: string, userDid: string) {
     const urlPath = libsUtil.isGlobalUri(claimId)
       ? "/api/claim/byHandle/"
       : "/api/claim/";
     const url = this.apiServer + urlPath + encodeURIComponent(claimId);
-    const headers = await this.getHeaders(identity);
+    const headers = await serverUtil.getHeaders(userDid);
 
     try {
       const resp = await this.axios.get(url, { headers });
@@ -601,7 +569,7 @@ export default class ClaimView extends Vue {
           this.apiServer +
           "/api/v2/report/gives?handleId=" +
           encodeURIComponent(this.veriClaim.handleId as string);
-        const giveHeaders = await this.getHeaders(identity);
+        const giveHeaders = await serverUtil.getHeaders(userDid);
         const giveResp = await this.axios.get(giveUrl, {
           headers: giveHeaders,
         });
@@ -615,7 +583,7 @@ export default class ClaimView extends Vue {
           this.apiServer +
           "/api/v2/report/offers?handleId=" +
           encodeURIComponent(this.veriClaim.handleId as string);
-        const offerHeaders = await this.getHeaders(identity);
+        const offerHeaders = await serverUtil.getHeaders(userDid);
         const offerResp = await this.axios.get(offerUrl, {
           headers: offerHeaders,
         });
@@ -631,12 +599,14 @@ export default class ClaimView extends Vue {
         this.apiServer +
         "/api/report/issuersWhoClaimedOrConfirmed?claimId=" +
         encodeURIComponent(serverUtil.stripEndorserPrefix(claimId));
-      const confirmHeaders = await this.getHeaders(identity);
+      const confirmHeaders = await serverUtil.getHeaders(userDid);
       const response = await this.axios.get(confirmUrl, {
         headers: confirmHeaders,
       });
       if (response.status === 200) {
         const resultList1 = response.data.result || [];
+        //const publicUrls = resultList.publicUrls || [];
+        delete resultList1.publicUrls;
         const resultList2 = R.reject(serverUtil.isHiddenDid, resultList1);
         const resultList3 = R.reject(
           (did: string) => did === this.veriClaim.issuer,
@@ -671,15 +641,9 @@ export default class ClaimView extends Vue {
   }
 
   async showFullClaim(claimId: string) {
-    await accountsDB.open();
-    const accounts = accountsDB.accounts;
-    const accountsArr: Account[] = await accounts?.toArray();
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    const identity = JSON.parse((account?.identity as string) || "null");
-
     const url =
       this.apiServer + "/api/claim/full/" + encodeURIComponent(claimId);
-    const headers = await this.getHeaders(identity);
+    const headers = await serverUtil.getHeaders(this.activeDid);
 
     try {
       const resp = await this.axios.get(url, { headers });
@@ -758,7 +722,7 @@ export default class ClaimView extends Vue {
     };
     const result = await serverUtil.createAndSubmitClaim(
       confirmationClaim,
-      await this.getIdentity(this.activeDid),
+      this.activeDid,
       this.apiServer,
       this.axios,
     );
@@ -792,7 +756,7 @@ export default class ClaimView extends Vue {
     };
     this.$router.push(route).then(async () => {
       this.resetThisValues();
-      await this.loadClaim(claimId, JSON.parse(this.accountIdentityStr));
+      await this.loadClaim(claimId, this.activeDid);
     });
   }
 

src/views/ConfirmGiftView.vue

@@ -27,7 +27,7 @@
       </h1>
     </div>
 
-    <div v-if="giveDetails">
+    <div v-if="giveDetails && !isLoading">
       <div class="flex justify-center">
         <button
           class="col-span-1 bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-4 py-2 rounded-md"
@@ -371,9 +371,9 @@
         >
       </div>
     </div>
-    <div v-else>This does not have details to confirm.</div>
+    <div v-else-if="!isLoading">This does not have details to confirm.</div>
 
-    <div class="mt-4">
+    <div class="mt-4" v-if="!isLoading">
       <a
         @click="showClaimPage(veriClaim.id)"
         class="text-blue-500 cursor-pointer"
@@ -382,11 +382,18 @@
         All Generic Info
       </a>
     </div>
+
+    <div
+      class="fixed left-6 bottom-24 text-center text-4xl leading-none bg-slate-400 text-white w-14 py-2.5 rounded-full"
+      v-if="isLoading"
+    >
+      <fa icon="spinner" class="fa-spin-pulse"></fa>
+    </div>
   </section>
 </template>
 
 <script lang="ts">
-import { AxiosError, RawAxiosRequestHeaders } from "axios";
+import { AxiosError } from "axios";
 import * as yaml from "js-yaml";
 import * as R from "ramda";
 import { IIdentifier } from "@veramo/core";
@@ -400,7 +407,6 @@ import { accountsDB, db } from "@/db/index";
 import { Account } from "@/db/tables/accounts";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import * as serverUtil from "@/libs/endorserServer";
 import { displayAmount, GiverReceiverInputInfo } from "@/libs/endorserServer";
 import * as libsUtil from "@/libs/util";
@@ -413,7 +419,6 @@ import { isGiveAction } from "@/libs/util";
 export default class ClaimView extends Vue {
   $notify!: (notification: NotificationIface, timeout?: number) => void;
 
-  accountIdentityStr: string = "null";
   activeDid = "";
   allMyDids: Array<string> = [];
   allContacts: Array<Contact> = [];
@@ -426,6 +431,7 @@ export default class ClaimView extends Vue {
   giveDetails = null;
   giverName = "";
   issuerName = "";
+  isLoading = false;
   numConfsNotVisible = 0; // number of hidden DIDs in the confirmerIdList, minus the issuer if they aren't visible
   recipientName = "";
   showDetails = false;
@@ -452,6 +458,7 @@ export default class ClaimView extends Vue {
   }
 
   async mounted() {
+    this.isLoading = true;
     await db.open();
     const settings = (await db.settings.get(MASTER_SETTINGS_KEY)) as Settings;
     this.activeDid = settings?.activeDid || "";
@@ -462,9 +469,6 @@ export default class ClaimView extends Vue {
     const accounts = accountsDB.accounts;
     const accountsArr: Array<Account> = await accounts?.toArray();
     this.allMyDids = accountsArr.map((acc) => acc.did);
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    this.accountIdentityStr = (account?.identity as string) || "null";
-    const identity = JSON.parse(this.accountIdentityStr);
 
     const pathParam = window.location.pathname.substring(
       "/confirm-gift/".length,
@@ -472,7 +476,7 @@ export default class ClaimView extends Vue {
     let claimId;
     if (pathParam) {
       claimId = decodeURIComponent(pathParam);
-      await this.loadClaim(claimId, identity);
+      await this.loadClaim(claimId, this.activeDid);
     } else {
       this.$notify(
         {
@@ -488,6 +492,8 @@ export default class ClaimView extends Vue {
     // When Chrome compatibility is fixed https://developer.mozilla.org/en-US/docs/Web/API/Web_Share_API#api.navigator.canshare
     // then use this truer check: navigator.canShare && navigator.canShare()
     this.canShare = !!navigator.share;
+
+    this.isLoading = false;
   }
 
   // insert a space before any capital letters except the initial letter
@@ -519,33 +525,6 @@ export default class ClaimView extends Vue {
     );
   }
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier> {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load project records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const headers: RawAxiosRequestHeaders = {
-      "Content-Type": "application/json",
-    };
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-    return headers;
-  }
-
   // Isn't there a better way to make this available to the template?
   didInfo(did: string | undefined) {
     return serverUtil.didInfo(
@@ -556,14 +535,14 @@ export default class ClaimView extends Vue {
     );
   }
 
-  async loadClaim(claimId: string, identity: IIdentifier) {
+  async loadClaim(claimId: string, userDid: string) {
     const urlPath = libsUtil.isGlobalUri(claimId)
       ? "/api/claim/byHandle/"
       : "/api/claim/";
     const url = this.apiServer + urlPath + encodeURIComponent(claimId);
 
     try {
-      const headers = await this.getHeaders(identity);
+      const headers = await serverUtil.getHeaders(userDid);
       const resp = await this.axios.get(url, { headers });
       // resp.data is:
       // - a Jwt from https://api.endorser.ch/api-docs/
@@ -603,7 +582,7 @@ export default class ClaimView extends Vue {
         this.apiServer +
         "/api/v2/report/gives?handleId=" +
         encodeURIComponent(this.veriClaim.handleId as string);
-      const giveHeaders = await this.getHeaders(identity);
+      const giveHeaders = await serverUtil.getHeaders(userDid);
       const giveResp = await this.axios.get(giveUrl, {
         headers: giveHeaders,
       });
@@ -674,12 +653,14 @@ export default class ClaimView extends Vue {
         this.apiServer +
         "/api/report/issuersWhoClaimedOrConfirmed?claimId=" +
         encodeURIComponent(serverUtil.stripEndorserPrefix(claimId));
-      const confirmHeaders = await this.getHeaders(identity);
+      const confirmHeaders = await serverUtil.getHeaders(userDid);
       const response = await this.axios.get(confirmUrl, {
         headers: confirmHeaders,
       });
       if (response.status === 200) {
         const resultList1 = response.data.result || [];
+        //const publicUrls = resultList.publicUrls || [];
+        delete resultList1.publicUrls;
         const resultList2 = R.reject(serverUtil.isHiddenDid, resultList1);
         const resultList3 = R.reject(
           (did: string) => did === this.giveDetails.agentDid,
@@ -747,7 +728,7 @@ export default class ClaimView extends Vue {
     };
     const result = await serverUtil.createAndSubmitClaim(
       confirmationClaim,
-      await this.getIdentity(this.activeDid),
+      this.activeDid,
       this.apiServer,
       this.axios,
     );
@@ -781,7 +762,7 @@ export default class ClaimView extends Vue {
     };
     this.$router.push(route).then(async () => {
       this.resetThisValues();
-      await this.loadClaim(claimId, JSON.parse(this.accountIdentityStr));
+      await this.loadClaim(claimId, this.activeDid);
     });
   }
 

src/views/ContactAmountsView.vue

@@ -106,9 +106,7 @@
 
 <script lang="ts">
 import { AxiosError } from "axios";
-import * as didJwt from "did-jwt";
 import * as R from "ramda";
-import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 
 import QuickNav from "@/components/QuickNav.vue";
@@ -116,10 +114,12 @@ import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import { accessToken, SimpleSigner } from "@/libs/crypto";
+import { accessToken } from "@/libs/crypto";
 import {
   AgreeVerifiableCredential,
+  createEndorserJwtVcFromClaim,
   displayAmount,
+  getHeaders,
   GiveSummaryRecord,
   GiveVerifiableCredential,
   SCHEMA_ORG_CONTEXT,
@@ -142,31 +142,6 @@ export default class ContactAmountssView extends Vue {
     this.numAccounts = await accountsDB.accounts.count();
   }
 
-  public async getIdentity(activeDid: string) {
-    await accountsDB.open();
-    const account = await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first();
-    const identity = JSON.parse(account?.identity || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load Give records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
   async created() {
     try {
       await db.open();
@@ -174,8 +149,8 @@ export default class ContactAmountssView extends Vue {
       this.contact = (await db.contacts.get(contactDid)) || null;
 
       const settings = await db.settings.get(MASTER_SETTINGS_KEY);
-      this.activeDid = settings?.activeDid || "";
+      this.activeDid = (settings?.activeDid as string) || "";
-      this.apiServer = settings?.apiServer || "";
+      this.apiServer = (settings?.apiServer as string) || "";
 
       if (this.activeDid && this.contact) {
         this.loadGives(this.activeDid, this.contact);
@@ -199,15 +174,14 @@ export default class ContactAmountssView extends Vue {
 
   async loadGives(activeDid: string, contact: Contact) {
     try {
-      const identity = await this.getIdentity(this.activeDid);
       let result: Array<GiveSummaryRecord> = [];
       const url =
         this.apiServer +
         "/api/v2/report/gives?agentDid=" +
-        encodeURIComponent(identity.did) +
+        encodeURIComponent(this.activeDid) +
         "&recipientDid=" +
         encodeURIComponent(contact.did);
-      const headers = await this.getHeaders(identity);
+      const headers = await getHeaders(activeDid);
       const resp = await this.axios.get(url, { headers });
       if (resp.status === 200) {
         result = resp.data.data;
@@ -233,8 +207,8 @@ export default class ContactAmountssView extends Vue {
         "/api/v2/report/gives?agentDid=" +
         encodeURIComponent(contact.did) +
         "&recipientDid=" +
-        encodeURIComponent(identity.did);
+        encodeURIComponent(this.activeDid);
-      const headers2 = await this.getHeaders(identity);
+      const headers2 = await getHeaders(activeDid);
       const resp2 = await this.axios.get(url2, { headers: headers2 });
       if (resp2.status === 200) {
         result = R.concat(result, resp2.data.data);
@@ -289,33 +263,15 @@ export default class ContactAmountssView extends Vue {
       object: origClaim,
     };
 
-    // Make a payload for the claim
+    const vcJwt: string = await createEndorserJwtVcFromClaim(
-    const vcPayload = {
+      this.activeDid,
-      vc: {
+      vcClaim,
-        "@context": ["https://www.w3.org/2018/credentials/v1"],
+    );
-        type: ["VerifiableCredential"],
-        credentialSubject: vcClaim,
-      },
-    };
-
-    // Create a signature using private key of identity
-    const identity = await this.getIdentity(this.activeDid);
-    if (identity.keys[0].privateKeyHex !== null) {
-      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-      const privateKeyHex: string = identity.keys[0].privateKeyHex!;
-      const signer = await SimpleSigner(privateKeyHex);
-      const alg = undefined;
-      // Create a JWT for the request
-      const vcJwt: string = await didJwt.createJWT(vcPayload, {
-        alg: alg,
-        issuer: identity.did,
-        signer: signer,
-      });
 
     // Make the xhr request payload
     const payload = JSON.stringify({ jwtEncoded: vcJwt });
     const url = this.apiServer + "/api/v2/claim";
-      const token = await accessToken(identity);
+    const token = await accessToken(this.activeDid);
     const headers = {
       "Content-Type": "application/json",
       Authorization: "Bearer " + token,
@@ -324,7 +280,8 @@ export default class ContactAmountssView extends Vue {
     try {
       const resp = await this.axios.post(url, payload, { headers });
       if (resp.data?.success) {
-          record.amountConfirmed = origClaim.object?.amountOfThisGood || 1;
+        record.amountConfirmed =
+          (origClaim.object?.amountOfThisGood as number) || 1;
       }
     } catch (error) {
       let userMessage = "There was an error. See logs for more info.";
@@ -350,7 +307,6 @@ export default class ContactAmountssView extends Vue {
       );
     }
   }
-  }
 
   cannotConfirmMessage() {
     this.$notify(

src/views/ContactGiftingView.vue

@@ -72,17 +72,15 @@
 
 <script lang="ts">
 import { Component, Vue } from "vue-facing-decorator";
-import { IIdentifier } from "@veramo/core";
 
 import GiftedDialog from "@/components/GiftedDialog.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import EntityIcon from "@/components/EntityIcon.vue";
 import { NotificationIface } from "@/constants/app";
 import { db, accountsDB } from "@/db/index";
-import { Account, AccountsSchema } from "@/db/tables/accounts";
+import { AccountsSchema } from "@/db/tables/accounts";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import { GiverReceiverInputInfo } from "@/libs/endorserServer";
 
 @Component({
@@ -134,32 +132,7 @@ export default class ContactGiftingView extends Vue {
     }
   }
 
-  public async getIdentity(activeDid: string) {
+  openDialog(giver?: GiverReceiverInputInfo) {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load Give records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
-  openDialog(giver: GiverReceiverInputInfo) {
     const recipient = this.projectId
       ? undefined
       : { did: this.activeDid, name: "you" };

src/views/ContactQRScanShowView.vue

@@ -24,6 +24,7 @@
       >
         <span class="text-red">Beware!</span>
         You aren't sharing your name, so quickly
+        <br />
         <router-link
           :to="{ name: 'new-edit-account' }"
           class="bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-1 rounded-md"
@@ -33,7 +34,11 @@
       </p>
     </div>
 
-    <div @click="onCopyToClipboard()" v-if="activeDid" class="text-center">
+    <div
+      @click="onCopyUrlToClipboard()"
+      v-if="activeDid && activeDid.startsWith(ETHR_DID_PREFIX)"
+      class="text-center"
+    >
       <!--
         Play with display options: https://qr-code-styling.com/
         See docs: https://www.npmjs.com/package/qr-code-generator-vue3
@@ -44,8 +49,18 @@
         :dotsOptions="{ type: 'square' }"
         class="flex justify-center"
       />
-      <span> Click that QR to copy your contact URL to your clipboard. </span>
+      <span>
-      <div>Not scanning? Show it in pieces.</div>
+        Click this or QR code to copy your contact URL to your clipboard.
+      </span>
+    </div>
+    <div v-else-if="activeDid" class="text-center">
+      <!-- Not an ETHR DID so force them to paste it. (Passkey Peer DIDs are too big.) -->
+      <span @click="onCopyDidToClipboard()" class="text-blue-500">
+        Click here to copy your DID to your clipboard.
+      </span>
+      <span>
+        Then give it to them so they can paste it in their list of People.
+      </span>
     </div>
     <div class="text-center" v-else>
       You have no identitifiers yet, so
@@ -72,7 +87,7 @@
 
 <script lang="ts">
 import { AxiosError } from "axios";
-import * as didJwt from "did-jwt";
+import { Buffer } from "buffer/";
 import { sha256 } from "ethereum-cryptography/sha256.js";
 import QRCodeVue3 from "qr-code-generator-vue3";
 import * as R from "ramda";
@@ -83,24 +98,22 @@ import { useClipboard } from "@vueuse/core";
 import QuickNav from "@/components/QuickNav.vue";
 import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
-import { Account } from "@/db/tables/accounts";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
 import {
   deriveAddress,
   getContactPayloadFromJwtUrl,
   nextDerivationPath,
-  SimpleSigner,
 } from "@/libs/crypto";
 import {
   CONTACT_URL_PREFIX,
+  createEndorserJwtForDid,
   ENDORSER_JWT_URL_LOCATION,
   isDid,
   register,
   setVisibilityUtil,
 } from "@/libs/endorserServer";
-
+import { ETHR_DID_PREFIX } from "@/libs/crypto/vc";
-import { Buffer } from "buffer/";
 
 @Component({
   components: {
@@ -119,6 +132,8 @@ export default class ContactQRScanShow extends Vue {
   isRegistered = false;
   qrValue = "";
 
+  ETHR_DID_PREFIX = ETHR_DID_PREFIX;
+
   async created() {
     await db.open();
     const settings = await db.settings.get(MASTER_SETTINGS_KEY);
@@ -133,17 +148,9 @@ export default class ContactQRScanShow extends Vue {
     const accounts = await accountsDB.accounts.toArray();
     const account = R.find((acc) => acc.did === this.activeDid, accounts);
     if (account) {
-      const identity = await this.getIdentity(this.activeDid);
+      const publicKeyHex = account.publicKeyHex;
-      const publicKeyHex = identity.keys[0].publicKeyHex;
       const publicEncKey = Buffer.from(publicKeyHex, "hex").toString("base64");
 
-      const newDerivPath = nextDerivationPath(account.derivationPath);
-      const nextPublicHex = deriveAddress(account.mnemonic, newDerivPath)[2];
-      const nextPublicEncKey = Buffer.from(nextPublicHex, "hex");
-      const nextPublicEncKeyHash = sha256(nextPublicEncKey);
-      const nextPublicEncKeyHashBase64 =
-        Buffer.from(nextPublicEncKeyHash).toString("base64");
-
       const contactInfo = {
         iat: Date.now(),
         iss: this.activeDid,
@@ -152,21 +159,28 @@ export default class ContactQRScanShow extends Vue {
             (settings?.firstName || "") +
             (settings?.lastName ? ` ${settings.lastName}` : ""), // deprecated, pre v 0.1.3
           publicEncKey,
-          nextPublicEncKeyHash: nextPublicEncKeyHashBase64,
           profileImageUrl: settings?.profileImageUrl,
           registered: settings?.isRegistered,
         },
       };
 
-      const alg = undefined;
+      if (account?.mnemonic && account?.derivationPath) {
-      const privateKeyHex: string = identity.keys[0].privateKeyHex;
+        const newDerivPath = nextDerivationPath(
-      const signer = await SimpleSigner(privateKeyHex);
+          account.derivationPath as string,
-      // create a JWT for the request
+        );
-      const vcJwt: string = await didJwt.createJWT(contactInfo, {
+        const nextPublicHex = deriveAddress(
-        alg: alg,
+          account.mnemonic as string,
-        issuer: identity.did,
+          newDerivPath,
-        signer: signer,
+        )[2];
-      });
+        const nextPublicEncKey = Buffer.from(nextPublicHex, "hex");
+        const nextPublicEncKeyHash = sha256(nextPublicEncKey);
+        const nextPublicEncKeyHashBase64 =
+          Buffer.from(nextPublicEncKeyHash).toString("base64");
+        contactInfo.own.nextPublicEncKeyHash = nextPublicEncKeyHashBase64;
+      }
+
+      const vcJwt = await createEndorserJwtForDid(this.activeDid, contactInfo);
+
       const viewPrefix = CONTACT_URL_PREFIX + ENDORSER_JWT_URL_LOCATION;
       this.qrValue = viewPrefix + vcJwt;
     }
@@ -184,23 +198,6 @@ export default class ContactQRScanShow extends Vue {
     );
   }
 
-  public async getIdentity(activeDid: string) {
-    await accountsDB.open();
-    const accounts = await accountsDB.accounts.toArray();
-    const account: Account | undefined = R.find(
-      (acc) => acc.did === activeDid,
-      accounts,
-    );
-    const identity = JSON.parse((account?.identity as string) || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to show contact info with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
   /**
    *
    * @param content is the result of a QR scan, an array with one item with a rawValue property
@@ -433,7 +430,7 @@ export default class ContactQRScanShow extends Vue {
     );
   }
 
-  onCopyToClipboard() {
+  onCopyUrlToClipboard() {
     //this.onScanDetect([{ rawValue: this.qrValue }]); // good for testing
     useClipboard()
       .copy(this.qrValue)
@@ -450,5 +447,22 @@ export default class ContactQRScanShow extends Vue {
         );
       });
   }
+
+  onCopyDidToClipboard() {
+    //this.onScanDetect([{ rawValue: this.qrValue }]); // good for testing
+    useClipboard()
+      .copy(this.activeDid)
+      .then(() => {
+        this.$notify(
+          {
+            group: "alert",
+            type: "info",
+            title: "Copied",
+            text: "Your DID was copied to the clipboard. Have them paste it on their 'People' screen to add you.",
+          },
+          10000,
+        );
+      });
+  }
 }
 </script>

src/views/ContactsView.vue

@@ -109,7 +109,7 @@
               }"
               title="See more about this DID"
             >
-              <fa icon="circle-info" class="text-blue-500 ml-6" />
+              <fa icon="circle-info" class="text-blue-500 ml-4" />
             </router-link>
           </h2>
           <div class="text-sm truncate">
@@ -303,20 +303,20 @@
 import { AxiosError } from "axios";
 import { IndexableType } from "dexie";
 import * as R from "ramda";
-import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 import { Router } from "vue-router";
 
 import { AppString, NotificationIface } from "@/constants/app";
-import { accountsDB, db } from "@/db/index";
+import { db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken, getContactPayloadFromJwtUrl } from "@/libs/crypto";
+import { getContactPayloadFromJwtUrl } from "@/libs/crypto";
 import {
   CONTACT_CSV_HEADER,
   CONTACT_URL_PREFIX,
   GiverReceiverInputInfo,
   GiveSummaryRecord,
+  getHeaders,
   isDid,
   register,
   setVisibilityUtil,
@@ -326,7 +326,6 @@ import QuickNav from "@/components/QuickNav.vue";
 import EntityIcon from "@/components/EntityIcon.vue";
 import GiftedDialog from "@/components/GiftedDialog.vue";
 import OfferDialog from "@/components/OfferDialog.vue";
-import { Account } from "@/db/tables/accounts";
 
 import { Buffer } from "buffer/";
 
@@ -400,36 +399,6 @@ export default class ContactsView extends Vue {
     );
   }
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier> {
-    await accountsDB.open();
-    const accounts = await accountsDB.accounts.toArray();
-    const account = R.find((acc) => acc.did === activeDid, accounts) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load Give records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
-  public async getHeadersAndIdentity(activeDid: string) {
-    const identity = await this.getIdentity(activeDid);
-    const headers = await this.getHeaders(identity);
-
-    return { headers, identity };
-  }
-
   async loadGives() {
     if (!this.activeDid) {
       return;
@@ -481,7 +450,7 @@ export default class ContactsView extends Vue {
     };
 
     try {
-      const { headers } = await this.getHeadersAndIdentity(this.activeDid);
+      const headers = await getHeaders(this.activeDid);
       const givenByUrl =
         this.apiServer +
         "/api/v2/report/gives?agentDid=" +
@@ -954,8 +923,19 @@ export default class ContactsView extends Vue {
       this.apiServer +
       "/api/report/canDidExplicitlySeeMe?did=" +
       encodeURIComponent(contact.did);
-    const identity = await this.getIdentity(this.activeDid);
+    const headers = await getHeaders(this.activeDid);
-    const headers = await this.getHeaders(identity);
+    if (!headers["Authorization"]) {
+      this.$notify(
+        {
+          group: "alert",
+          type: "danger",
+          title: "No Identity",
+          text: "There is no identity to use to check visibility.",
+        },
+        3000,
+      );
+      return;
+    }
 
     try {
       const resp = await this.axios.get(url, { headers });

src/views/DIDView.vue

@@ -136,11 +136,11 @@ import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { BoundingBox, MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import {
   capitalizeAndInsertSpacesBeforeCaps,
   didInfoForContact,
   displayAmount,
+  getHeaders,
   GenericCredWrapper,
   GenericVerifiableCredential,
   GiveVerifiableCredential,
@@ -203,30 +203,6 @@ export default class DIDView extends Vue {
     this.allMyDids = allAccounts.map((acc) => acc.did);
   }
 
-  public async buildHeaders(): Promise<HeadersInit> {
-    const headers: HeadersInit = {
-      "Content-Type": "application/json",
-    };
-
-    if (this.activeDid) {
-      await accountsDB.open();
-      const allAccounts = await accountsDB.accounts.toArray();
-      const account = allAccounts.find((acc) => acc.did === this.activeDid);
-      const identity = JSON.parse((account?.identity as string) || "null");
-
-      if (!identity) {
-        throw new Error(
-          "An ID is chosen but there are no keys for it so it cannot be used to talk with the service. Switch your ID.",
-        );
-      }
-
-      headers["Authorization"] = "Bearer " + (await accessToken(identity));
-    } else {
-      // it's OK without auth... we just won't get any identifiers
-    }
-    return headers;
-  }
-
   /**
    * Data loader used by infinite scroller
    * @param payload is the flag from the InfiniteScroll indicating if it should load
@@ -255,7 +231,7 @@ export default class DIDView extends Vue {
         this.apiServer + "/api/v2/report/claims?" + queryParams + postfix,
         {
           method: "GET",
-          headers: await this.buildHeaders(),
+          headers: await getHeaders(this.activeDid),
         },
       );
 

src/views/DiscoverView.vue

@@ -37,7 +37,7 @@
               isRemoteActive = false;
               searchLocal();
             "
-            v-bind:class="computedLocalTabClassNames()"
+            v-bind:class="computedLocalTabStyleClassNames()"
           >
             Nearby
             <span
@@ -57,7 +57,7 @@
               isLocalActive = false;
               searchAll();
             "
-            v-bind:class="computedRemoteTabClassNames()"
+            v-bind:class="computedRemoteTabStyleClassNames()"
           >
             Anywhere
             <span
@@ -138,8 +138,7 @@ import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { BoundingBox, MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
+import { didInfo, getHeaders, PlanData } from "@/libs/endorserServer";
-import { didInfo, PlanData } from "@/libs/endorserServer";
 
 @Component({
   components: {
@@ -203,30 +202,6 @@ export default class DiscoverView extends Vue {
     }
   }
 
-  public async buildHeaders(): Promise<HeadersInit> {
-    const headers: HeadersInit = {
-      "Content-Type": "application/json",
-    };
-
-    if (this.activeDid) {
-      await accountsDB.open();
-      const allAccounts = await accountsDB.accounts.toArray();
-      const account = allAccounts.find((acc) => acc.did === this.activeDid);
-      const identity = JSON.parse(account?.identity || "null");
-
-      if (!identity) {
-        throw new Error(
-          "An ID is chosen but there are no keys for it so it cannot be used to talk with the service. Switch your ID.",
-        );
-      }
-
-      headers["Authorization"] = "Bearer " + (await accessToken(identity));
-    } else {
-      // it's OK without auth... we just won't get any identifiers
-    }
-    return headers;
-  }
-
   public async searchAll(beforeId?: string) {
     this.resetCounts();
 
@@ -247,7 +222,7 @@ export default class DiscoverView extends Vue {
         this.apiServer + "/api/v2/report/plans?" + queryParams,
         {
           method: "GET",
-          headers: await this.buildHeaders(),
+          headers: await getHeaders(this.activeDid),
         },
       );
 
@@ -337,7 +312,7 @@ export default class DiscoverView extends Vue {
         this.apiServer + "/api/v2/report/plansByLocation?" + queryParams,
         {
           method: "GET",
-          headers: await this.buildHeaders(),
+          headers: await getHeaders(this.activeDid),
         },
       );
 
@@ -422,7 +397,7 @@ export default class DiscoverView extends Vue {
     this.$router.push(route);
   }
 
-  public computedLocalTabClassNames() {
+  public computedLocalTabStyleClassNames() {
     return {
       "inline-block": true,
       "py-3": true,
@@ -440,7 +415,7 @@ export default class DiscoverView extends Vue {
     };
   }
 
-  public computedRemoteTabClassNames() {
+  public computedRemoteTabStyleClassNames() {
     return {
       "inline-block": true,
       "py-3": true,

src/views/GiftedDetails.vue

@@ -21,8 +21,17 @@
     <h1 class="text-4xl text-center font-light px-4 mb-4">What Was Given</h1>
 
     <h1 class="text-xl font-bold text-center mb-4">
-      <span>From {{ giverName || "somebody not named" }}</span>
+      <span>From {{ giverName }}</span>
-      <span> to {{ recipientName || "somebody not named" }}</span>
+      <span>
+        to
+        {{
+          givenToProject
+            ? projectName
+            : givenToRecipient
+              ? recipientName
+              : "someone unidentified"
+        }}</span
+      >
     </h1>
     <textarea
       class="block w-full rounded border border-slate-400 mb-2 px-3 py-2"
@@ -78,7 +87,7 @@
 
     <div class="h-7 mt-4 flex">
       <input
-        v-if="projectId && !givenToUser"
+        v-if="projectId && !givenToRecipient"
         type="checkbox"
         class="h-6 w-6 mr-2"
         v-model="givenToProject"
@@ -100,20 +109,24 @@
 
     <div class="h-7 mt-4 flex">
       <input
-        v-if="!givenToProject"
+        v-if="recipientDid && !givenToProject"
         type="checkbox"
         class="h-6 w-6 mr-2"
-        v-model="givenToUser"
+        v-model="givenToRecipient"
       />
       <fa
         v-else
         icon="square"
         class="bg-slate-500 text-slate-500 h-5 w-5 px-0.5 py-0.5 mr-2 rounded"
-        @click="
+        @click="notifyUserOfRecipient()"
-          notifyUser('You cannot assign this both a project and also to you.')
-        "
       />
-      <label class="text-sm mt-1">This was given to you</label>
+      <label class="text-sm mt-1">
+        {{
+          recipientDid
+            ? "This was given to " + recipientName
+            : "No recipient was chosen."
+        }}
+      </label>
     </div>
 
     <div class="mt-4 flex">
@@ -121,6 +134,20 @@
       <label class="text-sm mt-1">This was a trade (not a gift)</label>
     </div>
 
+    <div class="mt-4 flex">
+      <router-link
+        :to="{
+          name: 'claim-add-raw',
+          query: {
+            claim: constructGiveParam(),
+          },
+        }"
+        class="text-blue-500"
+      >
+        Edit & Submit Raw
+      </router-link>
+    </div>
+
     <p class="text-center mb-2 mt-6 italic">
       Sign & Send to publish to the world
       <fa
@@ -153,11 +180,17 @@ import ImageMethodDialog from "@/components/ImageMethodDialog.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import TopMessage from "@/components/TopMessage.vue";
 import { DEFAULT_IMAGE_API_SERVER, NotificationIface } from "@/constants/app";
-import { db } from "@/db/index";
+import { accountsDB, db } from "@/db/index";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { createAndSubmitGive, getPlanFromCache } from "@/libs/endorserServer";
+import {
+  constructGive,
+  createAndSubmitGive,
+  didInfo,
+  getPlanFromCache,
+} from "@/libs/endorserServer";
 import * as libsUtil from "@/libs/util";
 import { accessToken } from "@/libs/crypto";
+import { Contact } from "@/db/tables/contacts";
 
 @Component({
   components: {
@@ -176,7 +209,7 @@ export default class GiftedDetails extends Vue {
   description = "";
   destinationNameAfter = "";
   givenToProject = false;
-  givenToUser = false;
+  givenToRecipient = false;
   giverDid: string | undefined;
   giverName = "";
   hideBackButton = false;
@@ -188,7 +221,6 @@ export default class GiftedDetails extends Vue {
   projectName = "a project";
   recipientDid = "";
   recipientName = "";
-  showGivenToUser = false;
   unitCode = "HUR";
 
   libsUtil = libsUtil;
@@ -234,18 +266,36 @@ export default class GiftedDetails extends Vue {
       this.apiServer = settings?.apiServer || "";
       this.activeDid = settings?.activeDid || "";
 
+      let allContacts: Contact[] = [];
+      let allMyDids: string[] = [];
+      if (
+        (this.giverDid && !this.giverName) ||
+        (this.recipientDid && !this.recipientName)
+      ) {
+        allContacts = await db.contacts.toArray();
+
+        await accountsDB.open();
+        const allAccounts = await accountsDB.accounts.toArray();
+        allMyDids = allAccounts.map((acc) => acc.did);
         if (this.giverDid && !this.giverName) {
-        this.giverName =
+          this.giverName = didInfo(
-          this.giverDid === this.activeDid ? "you" : "someone not named";
+            this.giverDid,
+            this.activeDid,
+            allMyDids,
+            allContacts,
+          );
         }
-      this.givenToUser = this.recipientDid === this.activeDid;
         if (this.recipientDid && !this.recipientName) {
-        this.recipientName =
+          this.recipientName = didInfo(
-          this.recipientDid === this.activeDid ? "you" : "someone not named";
+            this.recipientDid,
+            this.activeDid,
+            allMyDids,
+            allContacts,
+          );
+        }
       }
       this.givenToProject = !!this.projectId;
-      this.givenToUser =
+      this.givenToRecipient = !this.givenToProject && !!this.recipientDid;
-        !this.projectId && this.recipientDid === this.activeDid;
 
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
     } catch (err: any) {
@@ -263,14 +313,12 @@ export default class GiftedDetails extends Vue {
 
     if (this.projectId) {
       // console.log("Getting project name from cache", this.projectId);
-      const identity = await libsUtil.getIdentity(this.activeDid);
       const project = await getPlanFromCache(
         this.projectId,
-        identity,
         this.axios,
         this.apiServer,
+        this.activeDid,
       );
-      console.log("Got project name from cache", project);
       this.projectName = project?.name
         ? "the project: " + project.name
         : "a project";
@@ -332,8 +380,7 @@ export default class GiftedDetails extends Vue {
       return;
     }
     try {
-      const identity = await libsUtil.getIdentity(this.activeDid);
+      const token = await accessToken(this.activeDid);
-      const token = await accessToken(identity);
       const response = await this.axios.delete(
         DEFAULT_IMAGE_API_SERVER +
           "/image/" +
@@ -442,37 +489,50 @@ export default class GiftedDetails extends Vue {
     await this.recordGive();
   }
 
-  notifyUser(message: string) {
+  notifyUserOfProject() {
+    if (!this.projectId) {
       this.$notify(
         {
           group: "alert",
           type: "warning",
           title: "Error",
-        text: message,
+          text: "To assign to a project, you must open this dialog through a project.",
+        },
+        3000,
+      );
+    } else {
+      // must be because givenToRecipient is true
+      this.$notify(
+        {
+          group: "alert",
+          type: "warning",
+          title: "Error",
+          text: "You cannot assign both to a project and to a recipient.",
         },
         3000,
       );
     }
+  }
 
-  notifyUserOfProject() {
+  notifyUserOfRecipient() {
-    if (!this.projectId) {
+    if (!this.recipientDid) {
       this.$notify(
         {
           group: "alert",
           type: "warning",
           title: "Error",
-          text: "To assign to a project, you must open this dialog through a project.",
+          text: "To assign to a recipient, you must open this dialog from a contact.",
         },
         3000,
       );
     } else {
-      // must be because givenToUser is true
+      // must be because givenToProject is true
       this.$notify(
         {
           group: "alert",
           type: "warning",
           title: "Error",
-          text: "You cannot assign both to a project and to yourself.",
+          text: "You cannot assign both to a recipient and to a project.",
         },
         3000,
       );
@@ -488,18 +548,14 @@ export default class GiftedDetails extends Vue {
    */
   public async recordGive() {
     try {
-      const identity = await libsUtil.getIdentity(this.activeDid);
+      const recipientDid = this.givenToRecipient
-      const recipientDid =
+        ? this.recipientDid
-        this.recipientDid === this.activeDid
+        : undefined;
-          ? this.givenToUser
-            ? this.activeDid
-            : undefined
-          : this.recipientDid;
       const projectId = this.givenToProject ? this.projectId : undefined;
       const result = await createAndSubmitGive(
         this.axios,
         this.apiServer,
-        identity,
+        this.activeDid,
         this.giverDid,
         recipientDid,
         this.description,
@@ -562,6 +618,24 @@ export default class GiftedDetails extends Vue {
     }
   }
 
+  constructGiveParam() {
+    const recipientDid = this.givenToRecipient ? this.recipientDid : undefined;
+    const projectId = this.givenToProject ? this.projectId : undefined;
+    const giveClaim = constructGive(
+      this.giverDid,
+      recipientDid,
+      this.description,
+      parseFloat(this.amountInput),
+      this.unitCode,
+      projectId,
+      this.offerId,
+      this.isTrade,
+      this.imageUrl,
+    );
+    const claimStr = JSON.stringify(giveClaim);
+    return claimStr;
+  }
+
   // Helper functions for readability
 
   /**

src/views/HelpView.vue

@@ -76,9 +76,6 @@
       <p>
         Go
         <router-link class="text-blue-500" to="/import-account">import your identifier</router-link>.
-        If you don't want the old one, click "Advanced" and check the box to erase it.
-        (The erase option only shows if you have exactly one identifier.
-         For more in-depth surgery, you'll have to erase data from the browser or reinstall.)
       </p>
 
       <h2 class="text-xl font-semibold">How do I add someone else?</h2>
@@ -86,8 +83,8 @@
         <a href="/help-onboarding" target="_blank" class="text-blue-500">
           Use these instructions.
         </a>
-        To start scanning, go
+        To start scanning, go to the
-        <router-link class="text-blue-500" to="/contact-qr">here.</router-link>
+        <router-link class="text-blue-500" to="/contact-qr">contact-scanning page.</router-link>
       </p>
       <p>
         If they are not nearby to scan QR codes, you each can tap on the QR code
@@ -119,7 +116,7 @@
         </ul>
 
         <h2 class="text-xl font-semibold">
-          How do I backup my non-secret, non-public text data?
+          How do I backup my other private text data like settings & contacts?
         </h2>
         <ul class="list-disc list-outside ml-4">
           <li>
@@ -133,7 +130,7 @@
         </ul>
 
         <h2 class="text-xl font-semibold">
-          How do I backup my non-secret, non-public image?
+          How do I backup my profile image?
         </h2>
         <ul class="list-disc list-outside ml-4">
           <li>
@@ -143,7 +140,7 @@
         </ul>
 
         <h2 class="text-xl font-semibold">
-          How do I backup my public data?
+          How do I backup other data I've posted?
         </h2>
         <ul class="list-disc list-outside ml-4">
           <li>
@@ -180,6 +177,7 @@
           <li>
             Go to Your Identity <fa icon="circle-user" class="fa-fw" /> page,
             click Advanced, and follow the instructions for the Contacts & Settings Database "Import".
+            Beware that this will erase your existing contact & settings.
           </li>
         </ul>
       </div>
@@ -340,7 +338,7 @@
 
       <h2 class="text-xl font-semibold">What are the terms & conditions and the privacy policy?</h2>
       <p style="display:inline; align-items: center">
-        This work is public domain, governed by
+        This work is public domain. If you like rules, reference
         <a href="http://creativecommons.org/publicdomain/zero/1.0?ref=chooser-v1" target="_blank" rel="license noopener noreferrer">
           <span class="text-blue-500 mr-1">CC0 1.0</span>
           <img
@@ -366,6 +364,26 @@
         </a>
       </p>
 
+      <h2 class="text-xl font-semibold">How can I contribute?</h2>
+      <p>
+        If you have skills, contact us below.
+        If you have Bitcoin, donate to
+        <button
+          @click="
+            doCopyTwoSecRedo(
+              'bc1q90v4ted6cpt63tjfh2lvd5xzfc67sd4g9w8xma',
+              () => (showDidCopy = !showDidCopy)
+            )
+          "
+          class="text-blue-500 ml-2"
+        >
+          bc1q90v4ted6cpt63tjfh2lvd5xzfc67sd4g9w8xma
+          <fa icon="copy" class="text-slate-400 fa-fw"></fa>
+        </button>
+        <span v-show="showDidCopy">Copied</span>
+        For other donations, contact us.
+      </p>
+
       <h2 class="text-xl font-semibold">Where can I read more?</h2>
       <p>
         This is part of the
@@ -379,7 +397,7 @@
       <p>{{ package.version }} ({{ commitHash }})</p>
 
       <h2 class="text-xl font-semibold">
-        For any other questions, including removing all your data from the public ledger:
+        For any other questions, like getting a new account or removing all your data from the public ledger:
       </h2>
       <p>
         Contact us at
@@ -394,6 +412,7 @@
 
 <script lang="ts">
 import { Component, Vue } from "vue-facing-decorator";
+import { useClipboard } from "@vueuse/core";
 
 import * as Package from "../../package.json";
 import QuickNav from "@/components/QuickNav.vue";
@@ -405,5 +424,14 @@ export default class Help extends Vue {
 
   package = Package;
   commitHash = import.meta.env.VITE_GIT_HASH;
+  showDidCopy = false;
+
+  // call fn, copy text to the clipboard, then redo fn after 2 seconds
+  doCopyTwoSecRedo(text: string, fn: () => void) {
+    fn();
+    useClipboard()
+      .copy(text)
+      .then(() => setTimeout(fn, 2000));
+  }
 }
 </script>

src/views/HomeView.vue

@@ -5,7 +5,7 @@
   <!-- CONTENT -->
   <section id="Content" class="p-2 pb-24 max-w-3xl mx-auto">
     <h1 id="ViewHeading" class="text-4xl text-center font-light px-4 mb-8">
-      Time Safari
+      {{ AppString.APP_NAME }}
     </h1>
 
     <!-- prompt to install notifications -->
@@ -64,38 +64,65 @@
         :to="{ name: 'quick-action-bvc' }"
         class="block text-center text-md font-bold bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white mt-2 px-2 py-3 rounded-md"
       >
-        Bountiful Voluntaryist Community Actions</router-link
+        Bountiful Voluntaryist Community Actions
-      >
+      </router-link>
     </div>
 
-    <!-- show the actions for recognizing a give -->
     <div class="mb-8">
       <div v-if="isCreatingIdentifier">
         <p class="text-slate-500 text-center italic mt-4 mb-4">
           <fa icon="spinner" class="fa-spin-pulse" /> Loading&hellip;
         </p>
       </div>
+
+      <div v-else>
+        <!-- !isCreatingIdentifier -->
         <div
-        v-if="!activeDid && !isCreatingIdentifier"
+          v-if="!activeDid"
-        class="bg-amber-200 rounded-md overflow-hidden text-center px-4 py-3 mb-4"
+          class="bg-amber-200 rounded-md text-center px-4 py-3 mb-4"
         >
+          <div v-if="PASSKEYS_ENABLED">
             <p class="text-lg mb-3">
-          Want to connect with your contacts, or share contributions or
+              Choose how to see info from your contacts or share contributions:
-          projects?
             </p>
+            <div class="flex justify-between">
+              <button
+                class="block text-center text-md font-bold bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white mt-2 px-2 py-3 rounded-md"
+                @click="generateIdentifier()"
+              >
+                Let me start the easiest (with a passkey).
+              </button>
               <router-link
                 :to="{ name: 'start' }"
                 class="block text-center text-md font-bold bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white mt-2 px-2 py-3 rounded-md"
               >
-          Create An Identifier</router-link
+                Give me all the options.
+              </router-link>
+            </div>
+          </div>
+          <div v-else>
+            <p class="text-lg mb-3">
+              To recognize giving or collaborate, have someone register you:
+            </p>
+            <router-link
+              :to="{ name: 'contact-qr' }"
+              class="block text-center text-md font-bold bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white mt-2 px-2 py-3 rounded-md"
             >
+              Share your contact info.
+            </router-link>
           </div>
+        </div>
+
+        <div v-else class="mb-4">
+          <!-- activeDid -->
 
           <div
-        v-else-if="!isRegistered"
+            v-if="!isRegistered"
             class="bg-amber-200 rounded-md overflow-hidden text-center px-4 py-3 mb-4"
           >
-        Someone must register you before you can give or offer.
+            <!-- activeDid && !isRegistered -->
+            Someone must register you before you can give kudos or make offers
+            or create projects... basically before doing anything.
             <router-link
               :to="{ name: 'contact-qr' }"
               class="block text-center text-md font-bold bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white mt-2 px-2 py-3 rounded-md"
@@ -106,6 +133,8 @@
 
           <div v-else>
             <!-- activeDid && isRegistered -->
+
+            <!-- show the actions for recognizing a give -->
             <div class="mb-4">
               <h2 class="text-xl font-bold">Record Something Given By:</h2>
             </div>
@@ -159,6 +188,8 @@
             </div>
           </div>
         </div>
+      </div>
+    </div>
 
     <GiftedDialog ref="customDialog" />
     <GiftedPrompts ref="giftedPrompts" />
@@ -200,14 +231,22 @@
             </div>
 
             <div class="grid grid-cols-12">
-              <span class="col-span-1 justify-self-start">
+              <span class="pt-1 col-span-1 justify-self-start">
                 <span>
                   <fa
-                    v-if="record.giver.known || record.receiver.known"
                     icon="circle-user"
-                    class="pt-1 text-slate-500"
+                    :class="
+                      computeKnownPersonIconStyleClassNames(
+                        record.giver.known || record.receiver.known,
+                      )
+                    "
+                    @click="toastUser('This involves your contacts.')"
+                  />
+                  <fa
+                    icon="gift"
+                    class="pl-3 text-slate-500"
+                    @click="toastUser('This is a gift.')"
                   />
-                  <fa v-else icon="gift" class="pt-1 pl-3 text-slate-500" />
                 </span>
               </span>
               <span class="col-span-10 justify-self-stretch">
@@ -290,10 +329,10 @@
 
 <script lang="ts">
 import { UAParser } from "ua-parser-js";
-import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 import { Router } from "vue-router";
 
+import App from "../App.vue";
 import EntityIcon from "@/components/EntityIcon.vue";
 import GiftedDialog from "@/components/GiftedDialog.vue";
 import GiftedPrompts from "@/components/GiftedPrompts.vue";
@@ -301,9 +340,8 @@ import FeedFilters from "@/components/FeedFilters.vue";
 import InfiniteScroll from "@/components/InfiniteScroll.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import TopMessage from "@/components/TopMessage.vue";
-import { NotificationIface } from "@/constants/app";
+import { AppString, NotificationIface, PASSKEYS_ENABLED } from "@/constants/app";
 import { db, accountsDB } from "@/db/index";
-import { Account } from "@/db/tables/accounts";
 import { Contact } from "@/db/tables/contacts";
 import {
   BoundingBox,
@@ -311,17 +349,17 @@ import {
   MASTER_SETTINGS_KEY,
   Settings,
 } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import {
   contactForDid,
   containsNonHiddenDid,
   didInfoForContact,
   fetchEndorserRateLimits,
+  getHeaders,
   getPlanFromCache,
   GiverReceiverInputInfo,
   GiveSummaryRecord,
 } from "@/libs/endorserServer";
-import { generateSaveAndActivateIdentity } from "@/libs/util";
+import { registerSaveAndActivatePasskey } from "@/libs/util";
 
 interface GiveRecordWithContactInfo extends GiveSummaryRecord {
   giver: {
@@ -339,6 +377,11 @@ interface GiveRecordWithContactInfo extends GiveSummaryRecord {
 }
 
 @Component({
+  computed: {
+    App() {
+      return App;
+    },
+  },
   components: {
     GiftedDialog,
     GiftedPrompts,
@@ -352,6 +395,9 @@ interface GiveRecordWithContactInfo extends GiveSummaryRecord {
 export default class HomeView extends Vue {
   $notify!: (notification: NotificationIface, timeout?: number) => void;
 
+  AppString = AppString;
+  PASSKEYS_ENABLED = PASSKEYS_ENABLED;
+
   activeDid = "";
   allContacts: Array<Contact> = [];
   allMyDids: Array<string> = [];
@@ -359,6 +405,7 @@ export default class HomeView extends Vue {
   feedData: GiveRecordWithContactInfo[] = [];
   feedPreviousOldestId?: string;
   feedLastViewedClaimId?: string;
+  givenName = "";
   isAnyFeedFilterOn: boolean;
   isCreatingIdentifier = false;
   isFeedFilteredByVisible = false;
@@ -372,25 +419,6 @@ export default class HomeView extends Vue {
   showShortcutBvc = false;
   userAgentInfo = new UAParser(); // see https://docs.uaparser.js.org/v2/api/ua-parser-js/get-os.html
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier | null> {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-    return identity; // may be null
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
   async mounted() {
     try {
       await accountsDB.open();
@@ -403,6 +431,7 @@ export default class HomeView extends Vue {
       this.activeDid = settings?.activeDid || "";
       this.allContacts = await db.contacts.toArray();
       this.feedLastViewedClaimId = settings?.lastViewedClaimId;
+      this.givenName = settings?.firstName || "";
       this.isFeedFilteredByVisible = !!settings?.filterFeedByVisible;
       this.isFeedFilteredByNearby = !!settings?.filterFeedByNearby;
       this.isRegistered = !!settings?.isRegistered;
@@ -411,21 +440,13 @@ export default class HomeView extends Vue {
 
       this.isAnyFeedFilterOn = isAnyFeedFilterOn(settings);
 
-      if (this.allMyDids.length === 0) {
+      // someone may have have registered after sharing contact info, so recheck
-        this.isCreatingIdentifier = true;
-        this.activeDid = await generateSaveAndActivateIdentity();
-        this.allMyDids = [this.activeDid];
-        this.isCreatingIdentifier = false;
-      }
-
-      // someone may have have registered after sharing contact info
       if (!this.isRegistered && this.activeDid) {
-        const identity = await this.getIdentity(this.activeDid);
         try {
           const resp = await fetchEndorserRateLimits(
             this.apiServer,
             this.axios,
-            identity as IIdentifier,
+            this.activeDid,
           );
           if (resp.status === 200) {
             // we just needed to know that they're registered
@@ -460,6 +481,15 @@ export default class HomeView extends Vue {
     }
   }
 
+  async generateIdentifier() {
+    this.isCreatingIdentifier = true;
+    const account = await registerSaveAndActivatePasskey(
+      AppString.APP_NAME + (this.givenName ? " - " + this.givenName : ""),
+    );
+    this.activeDid = account.did;
+    this.allMyDids = this.allMyDids.concat(this.activeDid);
+    this.isCreatingIdentifier = false;
+  }
   resultsAreFiltered() {
     return this.isFeedFilteredByVisible || this.isFeedFilteredByNearby;
   }
@@ -468,26 +498,6 @@ export default class HomeView extends Vue {
     return "Notification" in window;
   }
 
-  public async buildHeaders() {
-    const headers: HeadersInit = {
-      "Content-Type": "application/json",
-    };
-
-    const identity = await this.getIdentity(this.activeDid);
-    if (this.activeDid) {
-      if (identity) {
-        headers["Authorization"] = "Bearer " + (await accessToken(identity));
-      } else {
-        throw new Error(
-          "An ID is chosen but there are no keys for it so it cannot be used to talk with the service. Switch your ID.",
-        );
-      }
-    } else {
-      // it's OK without auth... we just won't get any identifiers
-    }
-    return headers;
-  }
-
   // only called when a setting was changed
   async reloadFeedOnChange() {
     await db.open();
@@ -505,7 +515,7 @@ export default class HomeView extends Vue {
    * Data loader used by infinite scroller
    * @param payload is the flag from the InfiniteScroll indicating if it should load
    **/
-  public async loadMoreGives(payload: boolean) {
+  async loadMoreGives(payload: boolean) {
     // Since feed now loads projects along the way, it takes longer
     // and the InfiniteScroll component triggers a load before finished.
     // One alternative is to totally separate the project link loading.
@@ -527,7 +537,7 @@ export default class HomeView extends Vue {
     }
   }
 
-  public async updateAllFeed() {
+  async updateAllFeed() {
     this.isFeedLoading = true;
     let endOfResults = true;
     await this.retrieveGives(this.apiServer, this.feedPreviousOldestId)
@@ -535,7 +545,6 @@ export default class HomeView extends Vue {
         if (results.data.length > 0) {
           endOfResults = false;
           // include the descriptions of the giver and receiver
-          const identity = await this.getIdentity(this.activeDid);
           for (const record: GiveSummaryRecord of results.data) {
             // similar code is in endorser-mobile utility.ts
             // claim.claim happen for some claims wrapped in a Verifiable Credential
@@ -552,9 +561,9 @@ export default class HomeView extends Vue {
             // We should display it immediately and then get the plan later.
             const plan = await getPlanFromCache(
               record.fulfillsPlanHandleId,
-              identity,
               this.axios,
               this.apiServer,
+              this.activeDid,
             );
 
             // check if the record should be filtered out
@@ -635,7 +644,7 @@ export default class HomeView extends Vue {
    * @param beforeId the earliest ID (of previous searches) to search earlier
    * @return claims in reverse chronological order
    */
-  public async retrieveGives(endorserApiServer: string, beforeId?: string) {
+  async retrieveGives(endorserApiServer: string, beforeId?: string) {
     const beforeQuery = beforeId == null ? "" : "&beforeId=" + beforeId;
     const response = await fetch(
       endorserApiServer +
@@ -643,7 +652,7 @@ export default class HomeView extends Vue {
         beforeQuery,
       {
         method: "GET",
-        headers: await this.buildHeaders(),
+        headers: await getHeaders(this.activeDid),
       },
     );
 
@@ -758,5 +767,21 @@ export default class HomeView extends Vue {
   openFeedFilters() {
     (this.$refs.feedFilters as FeedFilters).open(this.reloadFeedOnChange);
   }
+
+  toastUser(message) {
+    this.$notify(
+      {
+        group: "alert",
+        type: "toast",
+        title: "FYI",
+        text: message,
+      },
+      2000,
+    );
+  }
+
+  computeKnownPersonIconStyleClassNames(known: boolean) {
+    return known ? "text-slate-500" : "text-slate-100";
+  }
 }
 </script>

src/views/IdentitySwitcherView.vue

@@ -39,10 +39,10 @@
 
     <!-- Other Identity/ies -->
     <ul class="mb-4">
-      <li
+      <li v-for="ident in otherIdentities" :key="ident.did">
-        class="block bg-slate-100 rounded-md flex items-center px-4 py-3 mb-2"
+        <div class="flex items-center justify-between mb-2">
-        v-for="ident in otherIdentities"
+          <div
-        :key="ident.did"
+            class="flex flex-grow items-center bg-slate-100 rounded-md px-4 py-3 mb-2 truncate cursor-pointer"
             @click="switchAccount(ident.did)"
           >
             <fa
@@ -50,13 +50,32 @@
               icon="circle-check"
               class="fa-fw text-blue-600 text-xl mr-3"
             />
-        <fa v-else icon="circle" class="fa-fw text-slate-400 text-xl mr-3" />
+            <fa
-        <span class="overflow-hidden">
+              v-else
-          <h2 class="text-xl font-semibold mb-0"></h2>
+              icon="circle"
+              class="fa-fw text-slate-400 text-xl mr-3"
+            />
+            <span class="flex-grow overflow-hidden">
               <div class="text-sm text-slate-500 truncate">
                 <b>ID:</b> <code>{{ ident.did }}</code>
               </div>
             </span>
+          </div>
+          <div>
+            <fa
+              v-if="ident.did === activeDid"
+              icon="trash-can"
+              class="text-slate-400 text-xl ml-2 mr-2 cursor-pointer"
+              @click="notifyCannotDelete()"
+            />
+            <fa
+              v-else
+              icon="trash-can"
+              class="text-red-600 text-xl ml-2 mr-2 cursor-pointer"
+              @click="deleteAccount(ident.id)"
+            />
+          </div>
+        </div>
       </li>
     </ul>
 
@@ -81,9 +100,8 @@
 <script lang="ts">
 import { Component, Vue } from "vue-facing-decorator";
 
-import { AppString, NotificationIface } from "@/constants/app";
+import { NotificationIface } from "@/constants/app";
 import { db, accountsDB } from "@/db/index";
-import { AccountsSchema } from "@/db/tables/accounts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
 import QuickNav from "@/components/QuickNav.vue";
 
@@ -91,14 +109,11 @@ import QuickNav from "@/components/QuickNav.vue";
 export default class IdentitySwitcherView extends Vue {
   $notify!: (notification: NotificationIface, timeout?: number) => void;
 
-  Constants = AppString;
-  public accounts: typeof AccountsSchema;
   public activeDid = "";
   public activeDidInIdentities = false;
   public apiServer = "";
   public apiServerInput = "";
-  public otherIdentities: Array<{ did: string }> = [];
+  public otherIdentities: Array<{ id: string; did: string }> = [];
-  public showContactGives = false;
 
   async created() {
     try {
@@ -107,21 +122,15 @@ export default class IdentitySwitcherView extends Vue {
       this.activeDid = settings?.activeDid || "";
       this.apiServer = settings?.apiServer || "";
       this.apiServerInput = settings?.apiServer || "";
-      this.showContactGives = !!settings?.showContactGivesInline;
 
       await accountsDB.open();
       const accounts = await accountsDB.accounts.toArray();
       for (let n = 0; n < accounts.length; n++) {
-        try {
+        const acct = accounts[n];
-          const did = JSON.parse(accounts[n].identity)["did"];
+        this.otherIdentities.push({ id: acct.id as string, did: acct.did });
-          this.otherIdentities.push({ did: did });
+        if (acct.did && this.activeDid === acct.did) {
-          if (did && this.activeDid === did) {
           this.activeDidInIdentities = true;
         }
-        } catch (err) {
-          console.error("Error parsing identity:", err);
-          continue;
-        }
       }
     } catch (err) {
       this.$notify(
@@ -148,5 +157,36 @@ export default class IdentitySwitcherView extends Vue {
     });
     this.$router.push({ name: "account" });
   }
+
+  async deleteAccount(id: string) {
+    this.$notify(
+      {
+        group: "modal",
+        type: "confirm",
+        title: "Delete Identity?",
+        text: "Are you sure you want to erase this identity? (There is no undo. You may want to select it and back it up just in case.)",
+        onYes: async () => {
+          await accountsDB.open();
+          await accountsDB.accounts.delete(id);
+          this.otherIdentities = this.otherIdentities.filter(
+            (ident) => ident.id !== id,
+          );
+        },
+      },
+      -1,
+    );
+  }
+
+  notifyCannotDelete() {
+    this.$notify(
+      {
+        group: "alert",
+        type: "warning",
+        title: "Cannot Delete",
+        text: "You cannot delete the active identity.",
+      },
+      3000,
+    );
+  }
 }
 </script>

src/views/ImportDerivedAccountView.vue

@@ -17,7 +17,7 @@
 
     <div>
       <p class="text-center text-xl mb-4 font-light">
-        Will increment the maximum derivation path from the existing seed.
+        Will increment the maximum known derivation path from the existing seed.
       </p>
 
       <p v-if="didArrays.length > 1">
@@ -75,7 +75,7 @@ import {
   deriveAddress,
   newIdentifier,
   nextDerivationPath,
-} from "../libs/crypto";
+} from "@/libs/crypto";
 import { accountsDB, db } from "@/db/index";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
 

src/views/NewEditAccountView.vue

@@ -68,8 +68,6 @@ export default class NewEditAccountView extends Vue {
       firstName: this.givenName,
       lastName: "", // deprecated, pre v 0.1.3
     });
-    localStorage.setItem("firstName", this.givenName as string);
-    localStorage.setItem("lastName", ""); // deprecated, pre v 0.1.3
     this.$router.back();
   }
 

src/views/NewEditProjectView.vue

@@ -174,21 +174,21 @@
 <script lang="ts">
 import "leaflet/dist/leaflet.css";
 import { AxiosError } from "axios";
-import * as didJwt from "did-jwt";
 import { DateTime } from "luxon";
-import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 import { LMap, LMarker, LTileLayer } from "@vue-leaflet/vue-leaflet";
 
+import ImageMethodDialog from "@/components/ImageMethodDialog.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import { DEFAULT_IMAGE_API_SERVER, NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import { accessToken, SimpleSigner } from "@/libs/crypto";
+import { accessToken } from "@/libs/crypto";
-import * as libsUtil from "@/libs/util";
+import {
+  createEndorserJwtVcFromClaim,
+  PlanVerifiableCredential,
+} from "@/libs/endorserServer";
 import { useAppStore } from "@/store/app";
-import { PlanVerifiableCredential } from "@/libs/endorserServer";
-import ImageMethodDialog from "@/components/ImageMethodDialog.vue";
 
 @Component({
   components: { ImageMethodDialog, LMap, LMarker, LTileLayer, QuickNav },
@@ -227,33 +227,6 @@ export default class NewEditProjectView extends Vue {
   zoneName = DateTime.local().zoneName;
   zoom = 2;
 
-  libsUtil = libsUtil;
-
-  public async getIdentity(activeDid: string) {
-    await accountsDB.open();
-    const account = await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first();
-    const identity = JSON.parse((account?.identity as string) || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load project records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
   async mounted() {
     await accountsDB.open();
     this.numAccounts = await accountsDB.accounts.count();
@@ -267,23 +240,17 @@ export default class NewEditProjectView extends Vue {
       if (this.numAccounts === 0) {
         this.errNote("There was a problem loading your account info.");
       } else {
-        const identity = await this.getIdentity(this.activeDid);
+        this.loadProject(this.activeDid);
-        if (!identity) {
-          throw new Error(
-            "An ID is chosen but there are no keys for it so it cannot be used to talk with the service. Switch your ID.",
-          );
-        }
-        this.loadProject(identity);
       }
     }
   }
 
-  async loadProject(identity: IIdentifier) {
+  async loadProject(userDid: string) {
     const url =
       this.apiServer +
       "/api/claim/byHandle/" +
       encodeURIComponent(this.projectId);
-    const token = await accessToken(identity);
+    const token = await accessToken(userDid);
     const headers = {
       "Content-Type": "application/json",
       Authorization: "Bearer " + token,
@@ -342,8 +309,7 @@ export default class NewEditProjectView extends Vue {
       return;
     }
     try {
-      const identity = await libsUtil.getIdentity(this.activeDid);
+      const token = await accessToken(this.activeDid);
-      const token = await accessToken(identity);
       const response = await this.axios.delete(
         DEFAULT_IMAGE_API_SERVER +
           "/image/" +
@@ -395,7 +361,7 @@ export default class NewEditProjectView extends Vue {
     }
   }
 
-  private async saveProject(identity: IIdentifier) {
+  private async saveProject(issuerDid: string) {
     // Make a claim
     const vcClaim: PlanVerifiableCredential = this.fullClaim;
     if (this.projectId) {
@@ -446,31 +412,13 @@ export default class NewEditProjectView extends Vue {
     } else {
       delete vcClaim.startTime;
     }
-    // Make a payload for the claim
+    const vcJwt = await createEndorserJwtVcFromClaim(issuerDid, vcClaim);
-    const vcPayload = {
-      vc: {
-        "@context": ["https://www.w3.org/2018/credentials/v1"],
-        type: ["VerifiableCredential"],
-        credentialSubject: vcClaim,
-      },
-    };
-    // create a signature using private key of identity
-    if (identity.keys[0].privateKeyHex != null) {
-      const privateKeyHex: string = identity.keys[0].privateKeyHex;
-      const signer = await SimpleSigner(privateKeyHex);
-      const alg = undefined;
-      // create a JWT for the request
-      const vcJwt: string = await didJwt.createJWT(vcPayload, {
-        alg: alg,
-        issuer: identity.did,
-        signer: signer,
-      });
 
     // Make the xhr request payload
 
     const payload = JSON.stringify({ jwtEncoded: vcJwt });
     const url = this.apiServer + "/api/v2/claim";
-      const token = await accessToken(identity);
+    const token = await accessToken(issuerDid);
     const headers = {
       "Content-Type": "application/json",
       Authorization: "Bearer " + token,
@@ -533,10 +481,7 @@ export default class NewEditProjectView extends Vue {
           );
         }
       } else {
-          console.error(
+        console.error("Here's the full error trying to save the claim:", error);
-            "Here's the full error trying to save the claim:",
-            error,
-          );
         this.$notify(
           {
             group: "alert",
@@ -551,7 +496,6 @@ export default class NewEditProjectView extends Vue {
       this.errorMessage = userMessage;
     }
   }
-  }
 
   public async onSaveProjectClick() {
     this.isHiddenSave = true;
@@ -560,8 +504,7 @@ export default class NewEditProjectView extends Vue {
     if (this.numAccounts === 0) {
       console.error("Error: there is no account.");
     } else {
-      const identity = await this.getIdentity(this.activeDid);
+      this.saveProject(this.activeDid);
-      this.saveProject(identity);
     }
   }
 

src/views/ProjectViewView.vue

@@ -256,6 +256,7 @@
           contact above.)
         </div>
 
+        <!-- similar to gift display below -->
         <ul v-else class="text-sm border-t border-slate-300">
           <li
             v-for="give in givesToThis"
@@ -263,8 +264,8 @@
             class="py-1.5 border-b border-slate-300"
           >
             <div class="flex justify-between gap-4">
-              <span
+              <span>
-                ><fa icon="user" class="fa-fw text-slate-400"></fa>
+                <fa icon="user" class="fa-fw text-slate-400" />
                 {{
                   serverUtil.didInfo(
                     give.agentDid,
@@ -308,12 +309,62 @@
       </div>
 
       <div class="grid items-start grid-cols-1 gap-4">
+        <div
+          v-if="givesProvidedByThis.length > 0"
+          class="bg-slate-100 px-4 py-3 rounded-md"
+        >
+          <h3 class="text-sm uppercase font-semibold mb-3 border-b">
+            Individuals Getting Contributions From This
+          </h3>
+          <!-- similar to gift display above -->
+          <ul class="text-sm border-t border-slate-300">
+            <li
+              v-for="give in givesProvidedByThis"
+              :key="give.id"
+              class="py-1.5 border-b border-slate-300"
+            >
+              <div class="flex justify-between gap-4">
+                <span>
+                  {{
+                    serverUtil.didInfo(
+                      give.agentDid,
+                      activeDid,
+                      allMyDids,
+                      allContacts,
+                    )
+                  }}
+                </span>
+                <span v-if="give.amount" class="whitespace-nowrap">
+                  <fa
+                    :icon="libsUtil.iconForUnitCode(give.unit)"
+                    class="fa-fw text-slate-400"
+                  />{{ give.amount }}
+                </span>
+              </div>
+              <div class="text-slate-500">
+                <fa icon="calendar" class="fa-fw text-slate-400" />
+                {{ give.issuedAt?.substring(0, 10) }}
+              </div>
+              <div v-if="give.description" class="text-slate-500">
+                <fa icon="comment" class="fa-fw text-slate-400" />
+                {{ give.description }}
+              </div>
+              <a @click="onClickLoadClaim(give.jwtId)">
+                <fa icon="file-lines" class="text-blue-500 cursor-pointer" />
+              </a>
+            </li>
+          </ul>
+          <div v-if="givesProvidedByHitLimit" class="text-center">
+            <button @click="loadGivesProvidedBy()">Load More</button>
+          </div>
+        </div>
+
         <div
           v-if="fulfillersToThis.length > 0"
           class="bg-slate-100 px-4 py-3 rounded-md"
         >
           <h3 class="text-sm uppercase font-semibold mb-3">
-            Contributions To This Idea
+            Projects That Contribute To This
           </h3>
           <!-- centering because long, wrapped project names didn't left align with blank or "text-left" -->
           <div class="text-center">
@@ -325,13 +376,15 @@
                 {{ plan.name }}
               </button>
             </div>
-            <div v-if="fulfillersToHitLimit" class="text-center">Load More</div>
+            <div v-if="fulfillersToHitLimit" class="text-center">
+              <button @click="loadPlanFulfillersTo()">Load More</button>
+            </div>
           </div>
         </div>
 
         <div v-if="fulfilledByThis" class="bg-slate-100 px-4 py-3 rounded-md">
           <h3 class="text-sm uppercase font-semibold mb-3">
-            Contributions From This Idea
+            Projects Getting Contributions From This
           </h3>
           <!-- centering because long, wrapped project names didn't left align with blank or "text-left" -->
           <div class="text-center">
@@ -349,8 +402,7 @@
 </template>
 
 <script lang="ts">
-import { AxiosError, RawAxiosRequestHeaders } from "axios";
+import { AxiosError } from "axios";
-import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 
 import GiftedDialog from "@/components/GiftedDialog.vue";
@@ -369,6 +421,7 @@ import * as libsUtil from "@/libs/util";
 import {
   BLANK_GENERIC_SERVER_RECORD,
   GenericCredWrapper,
+  getHeaders,
   GiverReceiverInputInfo,
   GiveSummaryRecord,
   OfferSummaryRecord,
@@ -401,6 +454,8 @@ export default class ProjectViewView extends Vue {
   fulfillersToHitLimit = false;
   givesToThis: Array<GiveSummaryRecord> = [];
   givesHitLimit = false;
+  givesProvidedByThis: Array<GiveSummaryRecord> = [];
+  givesProvidedByHitLimit = false;
   imageUrl = "";
   issuer = "";
   latitude = 0;
@@ -429,24 +484,12 @@ export default class ProjectViewView extends Vue {
     const accounts = accountsDB.accounts;
     const accountsArr: Account[] = await accounts?.toArray();
     this.allMyDids = accountsArr.map((acc) => acc.did);
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    const identity = JSON.parse((account?.identity as string) || "null");
 
     const pathParam = window.location.pathname.substring("/project/".length);
     if (pathParam) {
       this.projectId = decodeURIComponent(pathParam);
     }
-    this.loadProject(this.projectId, identity);
+    this.loadProject(this.projectId, this.activeDid);
-  }
-
-  public async getIdentity(activeDid: string) {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-    return identity;
   }
 
   onEditClick() {
@@ -466,18 +509,12 @@ export default class ProjectViewView extends Vue {
     this.expanded = false;
   }
 
-  async loadProject(projectId: string, identity: IIdentifier) {
+  async loadProject(projectId: string, userDid: string) {
     this.projectId = projectId;
 
     const url =
       this.apiServer + "/api/claim/byHandle/" + encodeURIComponent(projectId);
-    const headers: RawAxiosRequestHeaders = {
+    const headers = await getHeaders(userDid);
-      "Content-Type": "application/json",
-    };
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
 
     try {
       const resp = await this.axios.get(url, { headers });
@@ -540,13 +577,15 @@ export default class ProjectViewView extends Vue {
 
     this.loadGives();
 
+    this.loadGivesProvidedBy();
+
     this.loadOffers();
 
-    this.loadFulfillersTo();
+    this.loadPlanFulfillersTo();
 
     // now load fulfilled-by, a single project
-    if (identity) {
+    if (this.activeDid) {
-      const token = await accessToken(identity);
+      const token = await accessToken(this.activeDid);
       headers["Authorization"] = "Bearer " + token;
     }
     const fulfilledByUrl =
@@ -598,15 +637,7 @@ export default class ProjectViewView extends Vue {
     }
     const givesInUrl = givesUrl + postfix;
 
-    const headers: RawAxiosRequestHeaders = {
+    const headers = await getHeaders(this.activeDid);
-      "Content-Type": "application/json",
-    };
-    const identity = await this.getIdentity(this.activeDid);
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-
     try {
       const resp = await this.axios.get(givesInUrl, { headers });
       if (resp.status === 200 && resp.data.data) {
@@ -653,15 +684,7 @@ export default class ProjectViewView extends Vue {
     }
     const offersInUrl = offersUrl + postfix;
 
-    const headers: RawAxiosRequestHeaders = {
+    const headers = await getHeaders(this.activeDid);
-      "Content-Type": "application/json",
-    };
-    const identity = await this.getIdentity(this.activeDid);
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-
     try {
       const resp = await this.axios.get(offersInUrl, { headers });
       if (resp.status === 200 && resp.data.data) {
@@ -696,7 +719,7 @@ export default class ProjectViewView extends Vue {
     }
   }
 
-  async loadFulfillersTo() {
+  async loadPlanFulfillersTo() {
     const fulfillsUrl =
       this.apiServer +
       "/api/v2/report/planFulfillersToPlan?planHandleId=" +
@@ -709,15 +732,7 @@ export default class ProjectViewView extends Vue {
     }
     const fulfillsInUrl = fulfillsUrl + postfix;
 
-    const headers: RawAxiosRequestHeaders = {
+    const headers = await getHeaders(this.activeDid);
-      "Content-Type": "application/json",
-    };
-    const identity = await this.getIdentity(this.activeDid);
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-
     try {
       const resp = await this.axios.get(fulfillsInUrl, { headers });
       if (resp.status === 200) {
@@ -752,6 +767,56 @@ export default class ProjectViewView extends Vue {
     }
   }
 
+  async loadGivesProvidedBy() {
+    const providedByUrl =
+      this.apiServer +
+      "/api/v2/report/givesProvidedBy?providerId=" +
+      encodeURIComponent(this.projectId);
+    let postfix = "";
+    if (this.givesProvidedByThis.length > 0) {
+      postfix =
+        "&beforeId=" +
+        this.givesProvidedByThis[this.givesProvidedByThis.length - 1].jwtId;
+    }
+    const providedByFullUrl = providedByUrl + postfix;
+
+    const headers = await getHeaders(this.activeDid);
+    try {
+      const resp = await this.axios.get(providedByFullUrl, { headers });
+      if (resp.status === 200) {
+        this.givesProvidedByThis = this.givesProvidedByThis.concat(
+          resp.data.data,
+        );
+        this.givesProvidedByHitLimit = resp.data.hitLimit;
+      } else {
+        this.$notify(
+          {
+            group: "alert",
+            type: "danger",
+            title: "Error",
+            text: "Failed to retrieve gives that were provided by this project.",
+          },
+          5000,
+        );
+      }
+    } catch (error: unknown) {
+      const serverError = error as AxiosError;
+      this.$notify(
+        {
+          group: "alert",
+          type: "danger",
+          title: "Error",
+          text: "Something went wrong retrieving gives that were provided by this project.",
+        },
+        5000,
+      );
+      console.error(
+        "Something went wrong retrieving gives that were provided by this project:",
+        serverError.message,
+      );
+    }
+  }
+
   /**
    * Handle clicking on a project entry found in the list
    * @param id of the project
@@ -762,7 +827,7 @@ export default class ProjectViewView extends Vue {
       path: "/project/" + encodeURIComponent(projectId),
     };
     this.$router.push(route);
-    this.loadProject(projectId, await this.getIdentity(this.activeDid));
+    this.loadProject(projectId, this.activeDid);
   }
 
   getOpenStreetMapUrl() {
@@ -906,7 +971,7 @@ export default class ProjectViewView extends Vue {
     };
     const result = await serverUtil.createAndSubmitClaim(
       confirmationClaim,
-      await this.getIdentity(this.activeDid),
+      this.activeDid,
       this.apiServer,
       this.axios,
     );

src/views/ProjectsView.vue

@@ -235,7 +235,6 @@ import { accountsDB, db } from "@/db/index";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
 import { accessToken } from "@/libs/crypto";
 import * as libsUtil from "@/libs/util";
-import { IIdentifier } from "@veramo/core";
 import InfiniteScroll from "@/components/InfiniteScroll.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import ProjectIcon from "@/components/ProjectIcon.vue";
@@ -255,9 +254,9 @@ export default class ProjectsView extends Vue {
     );
   }
 
+  activeDid = "";
   apiServer = "";
   projects: PlanData[] = [];
-  currentIid: IIdentifier;
   isLoading = false;
   isRegistered = false;
   numAccounts = 0;
@@ -271,7 +270,7 @@ export default class ProjectsView extends Vue {
     try {
       await db.open();
       const settings = await db.settings.get(MASTER_SETTINGS_KEY);
-      const activeDid: string = (settings?.activeDid as string) || "";
+      this.activeDid = (settings?.activeDid as string) || "";
       this.apiServer = (settings?.apiServer as string) || "";
       this.isRegistered = !!settings?.isRegistered;
 
@@ -281,7 +280,6 @@ export default class ProjectsView extends Vue {
         console.error("No accounts found.");
         this.errNote("You need an identifier to load your projects.");
       } else {
-        this.currentIid = await this.getIdentity(activeDid);
         await this.loadOffers();
       }
     } catch (err) {
@@ -342,7 +340,7 @@ export default class ProjectsView extends Vue {
     if (this.projects.length > 0 && payload) {
       const latestProject = this.projects[this.projects.length - 1];
       await this.loadProjects(
-        this.currentIid,
+        this.activeDid,
         `beforeId=${latestProject.rowid}`,
       );
     }
@@ -350,32 +348,15 @@ export default class ProjectsView extends Vue {
 
   /**
    * Load projects initially
-   * @param identifier of the user
+   * @param issuerDid of the user
    * @param urlExtra additional url parameters in a string
    **/
-  async loadProjects(identifier?: IIdentifier, urlExtra: string = "") {
+  async loadProjects(activeDid?: string, urlExtra: string = "") {
-    const identity = identifier || this.currentIid;
     const url = `${this.apiServer}/api/v2/report/plansByIssuer?${urlExtra}`;
-    const token: string = await accessToken(identity);
+    const token: string = await accessToken(activeDid);
     await this.projectDataLoader(url, token);
   }
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier> {
-    await accountsDB.open();
-    const account = await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first();
-    const identity = JSON.parse((account?.identity as string) || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load project records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
   /**
    * Handle clicking on a project entry found in the list
    * @param id of the project
@@ -462,19 +443,18 @@ export default class ProjectsView extends Vue {
   async loadMoreOfferData(payload: boolean) {
     if (this.offers.length > 0 && payload) {
       const latestOffer = this.offers[this.offers.length - 1];
-      await this.loadOffers(this.currentIid, `&beforeId=${latestOffer.jwtId}`);
+      await this.loadOffers(this.activeDid, `&beforeId=${latestOffer.jwtId}`);
     }
   }
 
   /**
    * Load offers initially
-   * @param identifier of the user
+   * @param issuerDid of the user
    * @param urlExtra additional url parameters in a string
    **/
-  async loadOffers(identifier?: IIdentifier, urlExtra: string = "") {
+  async loadOffers(issuerDid?: string, urlExtra: string = "") {
-    const identity = identifier || this.currentIid;
+    const url = `${this.apiServer}/api/v2/report/offers?offeredByDid=${issuerDid}${urlExtra}`;
-    const url = `${this.apiServer}/api/v2/report/offers?offeredByDid=${identity.did}${urlExtra}`;
+    const token: string = await accessToken(issuerDid);
-    const token: string = await accessToken(identity);
     await this.offerDataLoader(url, token);
   }
 

src/views/QuickActionBvcBeginView.vue

@@ -124,7 +124,6 @@ export default class QuickActionBvcBeginView extends Vue {
 
     try {
       const hoursNum = libsUtil.numberOrZero(this.hoursStr);
-      const identity = await libsUtil.getIdentity(activeDid);
 
       this.$notify({ group: "alert", type: "toast", title: "Sent..." }, 1000);
 
@@ -134,7 +133,7 @@ export default class QuickActionBvcBeginView extends Vue {
         const timeResult = await createAndSubmitGive(
           axios,
           apiServer,
-          identity,
+          activeDid,
           activeDid,
           undefined,
           undefined,
@@ -165,7 +164,7 @@ export default class QuickActionBvcBeginView extends Vue {
       if (this.attended) {
         const attendResult = await createAndSubmitClaim(
           bvcMeetingJoinClaim(activeDid, this.todayOrPreviousStartDate),
-          identity,
+          activeDid,
           apiServer,
           axios,
         );

src/views/QuickActionBvcEndView.vue

@@ -138,28 +138,25 @@
 import axios from "axios";
 import { DateTime } from "luxon";
 import * as R from "ramda";
-import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 
 import QuickNav from "@/components/QuickNav.vue";
 import TopMessage from "@/components/TopMessage.vue";
 import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
-import { Account } from "@/db/tables/accounts";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import {
   BVC_MEETUPS_PROJECT_CLAIM_ID,
   claimSpecialDescription,
   containsHiddenDid,
   createAndSubmitConfirmation,
   createAndSubmitGive,
-  ErrorResult,
   GenericCredWrapper,
   GenericVerifiableCredential,
+  getHeaders,
+  ErrorResult,
 } from "@/libs/endorserServer";
-import * as libsUtil from "@/libs/util";
 
 @Component({
   methods: { claimSpecialDescription },
@@ -213,16 +210,7 @@ export default class QuickActionBvcBeginView extends Vue {
     await accountsDB.open();
     const allAccounts = await accountsDB.accounts.toArray();
     this.allMyDids = allAccounts.map((acc) => acc.did);
-    const account: Account | undefined = await accountsDB.accounts
+    const headers = await getHeaders(this.activeDid);
-      .where("did")
-      .equals(this.activeDid)
-      .first();
-    const identity: IIdentifier = JSON.parse(
-      (account?.identity as string) || "null",
-    );
-    const headers = {
-      Authorization: "Bearer " + (await accessToken(identity)),
-    };
     try {
       const response = await fetch(
         this.apiServer +
@@ -275,8 +263,6 @@ export default class QuickActionBvcBeginView extends Vue {
 
   async record() {
     try {
-      const identity = await libsUtil.getIdentity(this.activeDid);
-
       this.$notify({ group: "alert", type: "toast", title: "Sent..." }, 1000);
 
       // in parallel, make a confirmation for each selected claim and send them all to the server
@@ -288,9 +274,8 @@ export default class QuickActionBvcBeginView extends Vue {
           if (!record) {
             return { type: "error", error: "Record not found." };
           }
-          const identity = await libsUtil.getIdentity(this.activeDid);
           return createAndSubmitConfirmation(
-            identity,
+            this.activeDid,
             record.claim as GenericVerifiableCredential,
             record.id,
             record.handleId,
@@ -324,7 +309,7 @@ export default class QuickActionBvcBeginView extends Vue {
         const giveResult = await createAndSubmitGive(
           axios,
           this.apiServer,
-          identity,
+          this.activeDid,
           undefined,
           this.activeDid,
           this.description,

src/views/SharedPhotoView.vue

@@ -65,7 +65,6 @@ import {
 } from "@/constants/app";
 import { db } from "@/db/index";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import { getIdentity } from "@/libs/util";
 import { accessToken } from "@/libs/crypto";
 
 @Component({ components: { PhotoDialog, QuickNav } })
@@ -152,8 +151,7 @@ export default class SharedPhotoView extends Vue {
     let result;
     try {
       // send the image to the server
-      const identifier = await getIdentity(this.activeDid as string);
+      const token = await accessToken(this.activeDid);
-      const token = await accessToken(identifier);
       const headers = {
         Authorization: "Bearer " + token,
       };

src/views/StartView.vue

@@ -17,7 +17,7 @@
 
       <!-- Heading -->
       <h1 id="ViewHeading" class="text-4xl text-center font-light pt-4 mb-8">
-        Start Here
+        Generate an Identity
       </h1>
     </div>
 
@@ -25,33 +25,57 @@
     <div id="start-question" class="mt-8">
       <div class="max-w-3xl mx-auto">
         <p class="text-center text-xl font-light">
-          Do you want a new identifier of your own?
+          How do you want to create this identifier?
         </p>
-        <p class="text-center font-light">
+        <p class="text-center font-light mt-6">
-          If you haven't used this before, click "Yes" to generate a new
+          A <strong>passkey</strong> is easy to manage, though it is less
-          identifier.
+          interoperable with other systems for advanced uses.
+          <a
+            href="https://www.perplexity.ai/search/what-are-passkeys-v2SHV3yLQlyA2CYH6.Nvhg"
+            target="_blank"
+          >
+            <fa icon="info-circle" class="fa-fw text-blue-500" />
+          </a>
         </p>
-        <p class="text-center mb-4 font-light">
+        <p class="text-center font-light mt-4">
-          Only click "No" if you have a seed of 12 or 24 words generated
+          A <strong>new seed</strong> allows you full control over the keys,
-          elsewhere.
+          though you are responsible for backups.
+          <a
+            href="https://www.perplexity.ai/search/what-is-a-seed-phrase-OqiP9foVRXidr_2le5OFKA"
+            target="_blank"
+          >
+            <fa icon="info-circle" class="fa-fw text-blue-500" />
+          </a>
         </p>
+        <div class="grid grid-cols-1 sm:grid-cols-2 gap-2 mt-4">
           <a
-          @click="onClickYes()"
+            @click="onClickNewPasskey()"
-          class="block w-full text-center text-lg uppercase bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-2 py-3 rounded-md mb-2"
+            class="block w-full text-center text-lg uppercase bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-2 py-3 rounded-md mb-2 cursor-pointer"
           >
-          Yes, generate one
+            Generate one with a passkey
           </a>
-        <div class="grid grid-cols-1 sm:grid-cols-2 gap-2">
+          <a
+            @click="onClickNewSeed()"
+            class="block w-full text-center text-lg uppercase bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-2 py-3 rounded-md mb-2 cursor-pointer"
+          >
+            Generate one with a new seed
+          </a>
+        </div>
+        <p class="text-center font-light mt-4">
+          You can also import an existing seed or derive a new address from an
+          existing seed.
+        </p>
+        <div class="grid grid-cols-1 sm:grid-cols-2 gap-2 mt-2">
           <a
             @click="onClickNo()"
-            class="block w-full text-center text-md uppercase bg-gradient-to-b from-slate-400 to-slate-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-2 rounded-md"
+            class="block w-full text-center text-md uppercase bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-2 rounded-md cursor-pointer"
           >
-            No, I have a seed
+            You have a seed
           </a>
           <a
             v-if="numAccounts > 0"
             @click="onClickDerive()"
-            class="block w-full text-center text-md uppercase bg-gradient-to-b from-slate-400 to-slate-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-2 rounded-md"
+            class="block w-full text-center text-md uppercase bg-gradient-to-b from-blue-400 to-blue-700 shadow-[inset_0_-1px_0_0_rgba(0,0,0,0.5)] text-white px-1.5 py-2 rounded-md cursor-pointer"
           >
             Derive new address from existing seed
           </a>
@@ -63,23 +87,39 @@
 
 <script lang="ts">
 import { Component, Vue } from "vue-facing-decorator";
-import { accountsDB } from "@/db/index";
+
+import { AppString } from "@/constants/app";
+import { accountsDB, db } from "@/db/index";
+import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
+import { registerSaveAndActivatePasskey } from "@/libs/util";
 
 @Component({
   components: {},
 })
 export default class StartView extends Vue {
+  givenName = "";
   numAccounts = 0;
 
   async mounted() {
+    await db.open();
+    const settings = (await db.settings.get(MASTER_SETTINGS_KEY)) as Settings;
+    this.givenName = settings?.firstName || "";
+
     await accountsDB.open();
     this.numAccounts = await accountsDB.accounts.count();
   }
 
-  public onClickYes() {
+  public onClickNewSeed() {
     this.$router.push({ name: "new-identifier" });
   }
 
+  public async onClickNewPasskey() {
+    const keyName =
+      AppString.APP_NAME + (this.givenName ? " - " + this.givenName : "");
+    await registerSaveAndActivatePasskey(keyName);
+    this.$router.push({ name: "account" });
+  }
+
   public onClickNo() {
     this.$router.push({ name: "import-account" });
   }

src/views/TestView.vue

@@ -21,8 +21,8 @@
       </h1>
     </div>
 
-    <div class="mb-8">
+    <div>
-      <h2 class="text-xl font-bold mb-4">Notiwind Alert Test Suite</h2>
+      <h2 class="text-xl font-bold mb-4">Notiwind Alerts</h2>
 
       <button
         @click="
@@ -154,8 +154,8 @@
       </button>
     </div>
 
-    <div>
+    <div class="mt-8">
-      <h2 class="text-xl font-bold mb-4">Share Image</h2>
+      <h2 class="text-xl font-bold mb-4">Image Sharing</h2>
       Populates the "shared-photo" view as if they used "share_target".
       <input type="file" @change="uploadFile" />
       <router-link
@@ -169,24 +169,141 @@
         Go to Shared Page
       </router-link>
     </div>
+
+    <div class="mt-8">
+      <h2 class="text-xl font-bold mb-4">Passkeys</h2>
+      See console for results.
+      <br />
+      See existing passkeys in Chrome at: chrome://settings/passkeys
+      <br />
+      Active DID: {{ activeDid || "nothing, which" }}
+      {{ credIdHex ? "has a passkey ID" : "has no passkey ID" }}
+
+      <div>
+        Register Passkey
+        <button
+          @click="register()"
+          class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+        >
+          Simplewebauthn
+        </button>
+      </div>
+
+      <div>
+        Create JWT
+        <button
+          @click="createJwtSimplewebauthn()"
+          class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+        >
+          Simplewebauthn
+        </button>
+        <button
+          @click="createJwtNavigator()"
+          class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+        >
+          Navigator
+        </button>
+      </div>
+
+      <div v-if="jwt">
+        Verify New JWT
+        <button
+          @click="verifySimplewebauthn()"
+          class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+        >
+          Simplewebauthn
+        </button>
+        <button
+          @click="verifyWebCrypto()"
+          class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+        >
+          WebCrypto
+        </button>
+        <button
+          @click="verifyP256()"
+          class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+        >
+          p256 - broken
+        </button>
+      </div>
+      <div v-else>Verify New JWT -- requires creation first</div>
+      <button
+        @click="verifyMyJwt()"
+        class="font-bold uppercase bg-slate-500 text-white px-3 py-2 rounded-md mr-2"
+      >
+        Verify Hard-Coded JWT
+      </button>
+    </div>
   </section>
 </template>
 
 <script lang="ts">
+import { Buffer } from "buffer/";
+import { Base64URLString } from "@simplewebauthn/types";
 import { ref } from "vue";
 import { Component, Vue } from "vue-facing-decorator";
 
 import QuickNav from "@/components/QuickNav.vue";
-import { db } from "@/db/index";
+import { AppString, NotificationIface } from "@/constants/app";
+import { accountsDB, db } from "@/db/index";
+import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
+import * as vcLib from "@/libs/crypto/vc";
+import {
+  PeerSetup,
+  verifyJwtP256,
+  verifyJwtSimplewebauthn,
+  verifyJwtWebCrypto,
+} from "@/libs/crypto/vc/passkeyDidPeer";
+import {AccountKeyInfo, getAccount, registerAndSavePasskey} from "@/libs/util";
 
 const inputFileNameRef = ref<Blob>();
 
+const TEST_PAYLOAD = {
+  vc: {
+    credentialSubject: {
+      "@context": "https://schema.org",
+      "@type": "GiveAction",
+      description: "pizza",
+    },
+  },
+};
+
 @Component({ components: { QuickNav } })
 export default class Help extends Vue {
+  $notify!: (notification: NotificationIface, timeout?: number) => void;
+
+  // for file import
   fileName?: string;
 
+  // for passkeys
+  credIdHex?: string;
+  activeDid?: string;
+  jwt?: string;
+  peerSetup?: PeerSetup;
+  userName?: string;
+
+  async mounted() {
+    await db.open();
+    const settings = await db.settings.get(MASTER_SETTINGS_KEY);
+    this.activeDid = (settings?.activeDid as string) || "";
+    this.userName = settings?.firstName as string;
+
+    await accountsDB.open();
+    const account: { identity?: string } | undefined = await accountsDB.accounts
+      .where("did")
+      .equals(this.activeDid)
+      .first();
+    if (this.activeDid) {
+      if (account) {
+        this.credIdHex = account.passkeyCredIdHex as string;
+      } else {
+        alert("No account found for DID " + this.activeDid);
+      }
+    }
+  }
+
   async uploadFile(event: Event) {
-    inputFileNameRef.value = event.target.files[0];
+    inputFileNameRef.value = event.target?.["files"][0];
     // https://developer.mozilla.org/en-US/docs/Web/API/File
     // ... plus it has a `type` property from my testing
     const file = inputFileNameRef.value;
@@ -214,5 +331,129 @@ export default class Help extends Vue {
   showFileNextStep() {
     return !!inputFileNameRef.value;
   }
+
+  public async register() {
+    const DEFAULT_USERNAME = AppString.APP_NAME + " Tester";
+    if (!this.userName) {
+      this.$notify(
+        {
+          group: "modal",
+          type: "confirm",
+          title: "No Name",
+          text: "You should have a name to attach to this passkey. Would you like to enter your own name first?",
+          onNo: async () => {
+            this.userName = DEFAULT_USERNAME;
+          },
+          onYes: async () => {
+            this.$router.push({ name: "new-edit-account" });
+          },
+          noText: "try again and use " + DEFAULT_USERNAME,
+        },
+        -1,
+      );
+      return;
+    }
+    const account = await registerAndSavePasskey(
+      AppString.APP_NAME + " - " + this.userName,
+    );
+    this.activeDid = account.did;
+    this.credIdHex = account.passkeyCredIdHex;
+  }
+
+  public async createJwtSimplewebauthn() {
+    const account: AccountKeyInfo | undefined = await getAccount(
+      this.activeDid || "",
+    );
+    if (!vcLib.isFromPasskey(account)) {
+      alert(`The DID ${this.activeDid} is not passkey-enabled.`);
+      return;
+    }
+    this.peerSetup = new PeerSetup();
+    this.jwt = await this.peerSetup.createJwtSimplewebauthn(
+      this.activeDid as string,
+      TEST_PAYLOAD,
+      this.credIdHex as string,
+    );
+    console.log("simple jwt4url", this.jwt);
+  }
+
+  public async createJwtNavigator() {
+    const account: AccountKeyInfo | undefined = await getAccount(
+      this.activeDid || "",
+    );
+    if (!vcLib.isFromPasskey(account)) {
+      alert(`The DID ${this.activeDid} is not passkey-enabled.`);
+      return;
+    }
+    this.peerSetup = new PeerSetup();
+    this.jwt = await this.peerSetup.createJwtNavigator(
+      this.activeDid as string,
+      TEST_PAYLOAD,
+      this.credIdHex as string,
+    );
+    console.log("lower jwt4url", this.jwt);
+  }
+
+  public async verifyP256() {
+    const decoded = await verifyJwtP256(
+      this.credIdHex as string,
+      this.activeDid as string,
+      this.peerSetup?.authenticatorData as ArrayBuffer,
+      this.peerSetup?.challenge as Uint8Array,
+      this.peerSetup?.clientDataJsonBase64Url as Base64URLString,
+      this.peerSetup?.signature as Base64URLString,
+    );
+    console.log("decoded", decoded);
+  }
+
+  public async verifySimplewebauthn() {
+    const decoded = await verifyJwtSimplewebauthn(
+      this.credIdHex as string,
+      this.activeDid as string,
+      this.peerSetup?.authenticatorData as ArrayBuffer,
+      this.peerSetup?.challenge as Uint8Array,
+      this.peerSetup?.clientDataJsonBase64Url as Base64URLString,
+      this.peerSetup?.signature as Base64URLString,
+    );
+    console.log("decoded", decoded);
+  }
+
+  public async verifyWebCrypto() {
+    const decoded = await verifyJwtWebCrypto(
+      this.credIdHex as string,
+      this.activeDid as string,
+      this.peerSetup?.authenticatorData as ArrayBuffer,
+      this.peerSetup?.challenge as Uint8Array,
+      this.peerSetup?.clientDataJsonBase64Url as Base64URLString,
+      this.peerSetup?.signature as Base64URLString,
+    );
+    console.log("decoded", decoded);
+  }
+
+  public async verifyMyJwt() {
+    const did =
+      "did:peer:0zKMFjvUgYrM1hXwDciYHiA9MxXtJPXnRLJvqoMNAKoDLX9pKMWLb3VDsgua1p2zW1xXRsjZSTNsfvMnNyMS7dB4k7NAhFwL3pXBrBXgyYJ9ri";
+    const jwt =
+      "eyJ0eXAiOiJKV0FOVCIsImFsZyI6IkVTMjU2In0.eyJBdXRoZW50aWNhdGlvbkRhdGFCNjRVUkwiOiJTWllONVlnT2pHaDBOQmNQWkhaZ1c0X2tycm1paGpMSG1Wenp1b01kbDJNRkFBQUFBQSIsIkNsaWVudERhdGFKU09OQjY0VVJMIjoiZXlKMGVYQmxJam9pZDJWaVlYVjBhRzR1WjJWMElpd2lZMmhoYkd4bGJtZGxJam9pWlhsS01sbDVTVFpsZVVwcVkyMVdhMXBYTlRCaFYwWnpWVE5XYVdGdFZtcGtRMGsyWlhsS1FWa3lPWFZrUjFZMFpFTkpOa2x0YURCa1NFSjZUMms0ZG1NeVRtOWFWekZvVEcwNWVWcDVTWE5KYTBJd1pWaENiRWxxYjJsU01td3lXbFZHYW1SSGJIWmlhVWx6U1cxU2JHTXlUbmxoV0VJd1lWYzVkVWxxYjJsalIydzJaVzFGYVdaWU1ITkpiV3hvWkVOSk5rMVVZM2hQUkZVMFRtcHJOVTFEZDJsaFdFNTZTV3B2YVZwSGJHdFBia0pzV2xoSk5rMUljRXhVVlZweFpHeFdibGRZU2s1TlYyaFpaREJTYW1GV2JFbGhWVVUxVkZob1dXUkZjRkZYUnpWVFZFVndNbU5YT1U1VWEwWk1ZakJTVFZkRWJIZFRNREZZVkVkSmVsWnJVbnBhTTFab1RWaEJlV1ZzWTNobFJtaFRZekp3WVZVeFVrOWpNbG95VkZjMVQyVlZNVlJPTWxKRFRrZHpNMVJyUm05U2JtUk5UVE5DV1ZGdVNrTlhSMlExVjFWdk5XTnRhMmxtVVNJc0ltOXlhV2RwYmlJNkltaDBkSEE2THk5c2IyTmhiR2h2YzNRNk9EQTRNQ0lzSW1OeWIzTnpUM0pwWjJsdUlqcG1ZV3h6WlgwIiwiaWF0IjoxNzE4NTg2OTkyLCJpc3MiOiJkaWQ6cGVlcjowektNRmp2VWdZck0xaFh3RGNpWUhpQTlNeFh0SlBYblJMSnZxb01OQUtvRExYOXBLTVdMYjNWRHNndWExcDJ6VzF4WFJzalpTVE5zZnZNbk55TVM3ZEI0azdOQWhGd0wzcFhCckJYZ3lZSjlyaSJ9.MEUCIQDJyCTbMPIFnuBoW3FYnlgtDEIHZ2OrkCEvqVnHU7kJDQIgVxjBjfW1TwQfcSOYwK8Z7AdCWGJlyxtLEsrnPif7caE";
+    const pieces = jwt.split(".");
+    const payload = JSON.parse(Buffer.from(pieces[1], "base64").toString());
+    const authData = Buffer.from(payload["AuthenticationDataB64URL"], "base64");
+    const clientJSON = Buffer.from(
+      payload["ClientDataJSONB64URL"],
+      "base64",
+    ).toString();
+    const clientData = JSON.parse(clientJSON);
+    const challenge = clientData.challenge;
+    const signatureB64URL = pieces[2];
+    const decoded = await verifyJwtWebCrypto(
+      this.credIdHex as string,
+      did,
+      authData,
+      challenge,
+      payload["ClientDataJSONB64URL"],
+      signatureB64URL,
+    );
+    console.log("decoded", decoded);
+  }
 }
 </script>

vite.config.mjs

@@ -16,6 +16,8 @@ export default defineConfig({
       srcDir: '.',
       filename: 'sw_scripts-combined.js',
       manifest: {
+        // This is used for the app name. It doesn't include a space, because iOS complains if i recall correctly.
+        // There is a name with spaces in the constants/app.js file for use internally.
         name: process.env.TIME_SAFARI_APP_TITLE || require('./package.json').name,
         short_name: process.env.TIME_SAFARI_APP_TITLE || require('./package.json').name,
         // 192x192 and 512x512 are important for Chrome to show that it's installable