The new link did not contain attributes but just a signed JWT token:
const payload = {
clientId: "CLIENT_ID",
kyc: true,
level: "basic+liveness+idos",
state?: "state",
}
// There is no expiration
const token = jwt.sign(payload, privateKey, { algorithm: "ES512" });
https://kraken.fractal.id/kyc?token=token # JWT signed token from previous step
The link is the same for redirection or an iframe interaction.
3. Redirection back behavior
When a user is redirected back to your site or KYC ends in an iframe, you will receive a one-time token:
// redirect-back url
https://yourserver.com/redirect_back_url?oneTimeToken=[ONE_TIME_TOKEN]
// Iframe message
const messageReceiver = useCallback((message: any) => {
// React only messages from ID iframe
if (message.origin === "https://kraken.fractal.id") {
if (message.data.response === "rejected") {
setMessage(`KYC process failed with: ${JSON.stringify(message.data.error)}`);
// Hide iframe ...
} else if (message.data.open) {
// If you want to use wallet-sign-in, this is required
// since there are security limitations, especially with
// opening metamask protocol link in mobile device
window.open(message.data.open, message.data.target, message.data.features);
} else {
setMessage(`KYC process is completed.`);
// Hide iframe, load data, etc...
// {
// "oneTimeToken": "MXES5XpDzMRAHyMI3Jx5K3nrxzZjWjEr-Cskq3Jevso",
// "state": "state_arg"
// }
}
}
}, []);
useEffect(() => {
window.addEventListener("message", messageReceiver);
return () => window.removeEventListener("message", messageReceiver);
}, []);
This one-time token needs to be exchanged for a user ID.
Our API is secured by a JWT token, which should be generated on your side: