Skip to content

feat(dir): add DID Auth support#823

Open
DaevMithran wants to merge 3 commits intoagntcy:mainfrom
cheqd:did-auth
Open

feat(dir): add DID Auth support#823
DaevMithran wants to merge 3 commits intoagntcy:mainfrom
cheqd:did-auth

Conversation

@DaevMithran
Copy link

@DaevMithran DaevMithran commented Jan 19, 2026

Adds DID-based authentication alongside existing SPIFFE/SPIRE modes for decentralized identity networks.

Changes

New Authentication Mode

  • Added did auth mode in server and client (alongside jwt and x509)
  • Uses Universal Resolver HTTP API for DID resolution
  • Supports did:cheqd and other W3C DID methods

Signed-off-by: DaevMithran <daevmithran1999@gmail.com>
@DaevMithran DaevMithran requested a review from a team as a code owner January 19, 2026 08:22
@github-actions github-actions bot added the size/M Denotes a PR that changes 200-999 lines label Jan 19, 2026
@DaevMithran DaevMithran changed the title feat: Add DID Auth support feat(dir): Add DID Auth support Jan 19, 2026
@DaevMithran DaevMithran changed the title feat(dir): Add DID Auth support feat(dir): add DID Auth support Jan 19, 2026
Signed-off-by: DaevMithran <daevmithran1999@gmail.com>
Signed-off-by: DaevMithran <daevmithran1999@gmail.com>
@ramizpolic
Copy link
Member

ramizpolic commented Jan 20, 2026

Hi @DaevMithran, thank you for your contribution! Although this is LGTM from my end, I do want to ask for some supporting material, either as part of documentation or some simple guide in terms of:

  • How can we use DIDs for network setup -- with SPIFFE, we have a way to configure networks through federation (dir-staging repo as an entrypoint), are there similar methods for DIDs?
  • How are we going to control the authorization rules? Although currently the authz rules are static and we are moving these to be dynamically managed, the question is: what should be the policy when using DIDs -- e.g. DID-A can do OP-A and OP-B.
  • How are we going to (and should we at all) support the cases of nodes sharing different authentication methods -- Node A working in DID mode and Node B in SPIFFE mode? If no node-to-node communication is allowed, then this can be handled on a network where a network has a common auth mode.
  • Is there a way we can access additional material beyond verification from the resolver node?

Although the current PR only supports JS clients to make use of DIDs, I think it is okay to support other clients (go/python/cli) later on.

Regarding the PR itself, we may want to cover this with at least one test case that would help us maintainers understand the setup. In that regard, having a script/document/rfc/testcase that at least showcases the usage of DID would be extremely helpful. If you have a working approach to utilising DIDs at the moment, that would also be very beneficial.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/M Denotes a PR that changes 200-999 lines

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments