feat: IDKit v1 migration guide (#244)

Co-authored-by: pdtfh <[email protected]>
worldcoin · Dec 9, 2023 · ace9315 · ace9315
1 parent 2f850a1
commit ace9315
Show file tree

Hide file tree

Showing 6 changed files with 187 additions and 15 deletions.
diff --git a/next.config.mjs b/next.config.mjs
@@ -27,6 +27,11 @@ const nextConfig = {
 				destination: 'https://worldcoin.org/apps',
 				permanent: true,
 			},
+			{
+				source: '/world-id-2',
+				destination: 'https://worldcoin.org/blog', // TODO: update with World ID 2.0 blog post
+				permanent: true,
+			},
 			{
 				source: '/idkit',
 				destination: '/id/idkit',
@@ -44,7 +49,7 @@ const nextConfig = {
 			},
 			{
 				source: '/protocol',
-				destination: 'https://whitepaper.worldcoin.org', // TODO: add proper anchor
+				destination: 'https://whitepaper.worldcoin.org/technical-implementation#worldcoin-protocol',
 				permanent: false,
 			},
 			{
@@ -59,7 +64,7 @@ const nextConfig = {
 			},
 			{
 				source: '/privacy',
-				destination: 'https://whitepaper.worldcoin.org', // TODO: add proper anchor
+				destination: 'https://whitepaper.worldcoin.org/technical-implementation#privacy',
 				permanent: false,
 			},
 			{

diff --git a/src/components/Navigation.tsx b/src/components/Navigation.tsx
@@ -191,6 +191,7 @@ export const navigation = [
 			{ title: 'Sign In Reference', href: '/reference/sign-in' },
 			{ title: 'Smart Contracts', href: '/reference/contracts' },
 			{ title: 'Address Book', href: '/reference/address-book' },
+			{ title: 'World ID 2.0 Migration Guide', href: '/reference/world-id-2-migration-guide' },
 		],
 	},
 	{
@@ -200,6 +201,7 @@ export const navigation = [
 			{ title: 'OIDC Explainer', href: '/further-reading/oidc' },
 			{ title: 'Protocol Internals', href: '/further-reading/protocol-internals' },
 			{ title: 'Zero-Knowledge Proofs', href: '/further-reading/zero-knowledge-proofs' },
+			{ title: 'World ID Lite', href: '/further-reading/world-id-lite' },
 			{ title: 'World ID Reset', href: '/further-reading/world-id-reset' },
 		],
 	},

diff --git a/src/pages/further-reading/protocol-internals.mdx b/src/pages/further-reading/protocol-internals.mdx
@@ -9,10 +9,10 @@ Documentation of certain protocol elements. Intended for **internal use only.**
 The universal link is used so that the World App can recognize a World ID request and handle it correctly. As more clients are built, the universal link will be extended to other wallets. The structure of the universal link is documented here. The source of truth function for this can be found [on GitHub](https://github.com/worldcoin/idkit-js/blob/main/idkit/src/services/wld-bridge.ts#L86).
 
 -   The universal link base is: `https://worldcoin.org/verify`.
-    -   If the query string `t` is equal to `wld`, the request is using the World ID Bridge, and the following requirements apply:
+    -   If the query string `t` is equal to `wld`, the request is using the Wallet Bridge, and the following requirements apply:
         -   `i` is a **required** query string, which contains the `requestId`, a UUIDv4 used to identify the request
         -   `k` is a **required** query string, which contains the URL Base64 encoded AES-GCM key
-        -   `b` is an **optional** query string, which contains the URL of the World ID Bridge. This defaults to `https://bridge.worldcoin.org/`.
+        -   `b` is an **optional** query string, which contains the URL of the Wallet Bridge. This defaults to `https://bridge.worldcoin.org/`.
     -   **Coming Soon:** If the query string `t` is equal to `wmobile`, the request is passed directly from a native mobile app to World App, and the following requirements apply:
         -   `app_id` is a **required** query string. This is the `app_id` from the Developer Portal, or is equal to `self_hosted`.
         -   `action` is a **required** query string, which contains the action ID
@@ -22,20 +22,20 @@ The universal link is used so that the World App can recognize a World ID reques
             -   `return_to` is the URL to return to after the proof is generated. This is used for web-based applications.
             -   `callback_url` is the URL to which the proof will be submitted directly. This is used for native mobile applications.
 
-## World ID Bridge
+## Wallet Bridge
 
-The World ID Bridge acts as the intermediary between IDKit and the user's World ID wallet (e.g. World App). It is responsible for relaying a verification request to the user's identity wallet (e.g. World App), and returning the proof to IDKit. A functional diagram is shown here, with a step-by-step explanation to follow:
+The Wallet Bridge acts as the intermediary between IDKit and the user's World ID wallet (e.g. World App). It is responsible for relaying a verification request to the user's identity wallet (e.g. World App), and returning the proof to IDKit. A functional diagram is shown here, with a step-by-step explanation to follow:
 
-![World ID Bridge Diagram](/images/docs/world-id-bridge.png)
+![Wallet Bridge Diagram](/images/docs/world-id-bridge.png)
 
 <Note>
-    All requests to the World ID Bridge must include a `Content-Type: application/json` header and a valid JSON body.
+    All requests to the Wallet Bridge must include a `Content-Type: application/json` header and a valid JSON body.
 </Note>
-1. IDKit initiates the proof request session on the World ID Bridge.
+1. IDKit initiates the proof request session on the Wallet Bridge.
     - An app configures and opens IDKit with the required parameters `app_id` and `action`, and the optional parameters `signal`, `credential_types`, and `action_description`.
         - If an application is self-hosted, the `app_id` must be equal to `self_hosted`. See more details about self-hosted applications [here](/reference/idkit#self-hosted-applications).
     - IDKit generates an AES-GCM `key` and `iv`, used to encrypt the verification request. IDKit temporarily stores the `key` in memory.
-    - IDKit encrypts the above parameters with the `key` and `iv`, forming the encrypted body of the request to the World ID Bridge. The `iv` is included unencrypted in the request body.
+    - IDKit encrypts the above parameters with the `key` and `iv`, forming the encrypted body of the request to the Wallet Bridge. The `iv` is included unencrypted in the request body.
         <CodeGroup title="Bridge POST Request">
             ```json {{ title: "Unencrypted JSON" }}
             {
@@ -61,12 +61,12 @@ The World ID Bridge acts as the intermediary between IDKit and the user's World
 2. World App or the Worldcoin Simulator (referred to going forward as the client) receives the payload from the bridge, generates the zero-knowledge proof, and returns the proof as a payload in a proof response session on the Bridge.
     - The client receives the universal link via QR code, mobile app deeplink, or pasting from the clipboard (only for the Worldcoin Simulator). 
     - The client parses the query string to extract the `requestId` and `key`. The `key` is used to decrypt the payload, and the `requestId` is used to identify the request.
-    - The client sends a GET request to the World ID Bridge to fetch the payload: `https://bridge.worldcoin.org/request/${requestId}`. The payload is returned to the client and removed from the Bridge, thus ending the proof request session.
+    - The client sends a GET request to the Wallet Bridge to fetch the payload: `https://bridge.worldcoin.org/request/${requestId}`. The payload is returned to the client and removed from the Bridge, thus ending the proof request session.
         - The client can optionally send a HEAD request to check if a payload is available for the given `requestId`. A `200` response indicates a payload is available, while a `404` response indicates no payload is available. The payload is not returned, nor removed from the bridge if it is present.
     - The client parses the payload to get the AES-GCM `iv` and encrypted body. The `key` from the universal link and `iv` are used to decrypt the body, which contains the `app_id` and `action` for the request, as well as the optional `signal`, `credential_types`, and `action_description` parameters.
     - The client calculates the `externalNullifier` from the `app_id` and `action`, and generates the zero-knowledge proof using the local Semaphore identity after receiving the user's consent.
     - The client forms the body, which either contains the successful proof or an error response.
-    - The client encrypts the body with the `key` and a newly-generated `iv`, and sends a PUT request to the World ID Bridge: `https://bridge.worldcoin.org/response/${requestId}`, with the new iv alongside the encrypted proof or error as the body.
+    - The client encrypts the body with the `key` and a newly-generated `iv`, and sends a PUT request to the Wallet Bridge: `https://bridge.worldcoin.org/response/${requestId}`, with the new iv alongside the encrypted proof or error as the body.
     - The client must delete any information received from the Bridge, as this could be used to disclose which actions a user has performed.
 3. IDKit polls the Bridge for the response from the client, receives the encrypted response, decrypts it, and calls the callback with the proof or handles the returned error.
     <Note>The response will only be returned once, and will be deleted from the Bridge after being returned.</Note>

diff --git a/src/pages/further-reading/world-id-lite.mdx b/src/pages/further-reading/world-id-lite.mdx
@@ -0,0 +1,14 @@
+# World ID Lite
+
+World ID Lite is replacing the previous `phone` credential in World ID. World ID Lite relies on the user's identity wallet, such as World App, to verify a user's unique device.
+
+The premise of World ID Lite is users having a unique device. This is more scalable, user friendly, and privacy-preserving than the previous `phone` credential, which was issued when a user verified their phone number in World App.
+
+<Note>Read about configuring IDKit for World ID Lite in the [IDKit Reference](/reference/idkit/).</Note>
+
+## Benefits
+
+World ID Lite has a number of benefits over the previous `phone` credential:
+
+- **Automatic Issuance:** World ID Lite is automatically issued to all World App users with a unique device. No action needs to be taken by users to receive this credential.
+- **Privacy:** Users can now receive a World ID without providing any information at all. Although verifying a phone number in World App has always been optional, users could previously only use World ID after they verified their phone number or verified at an Orb.
diff --git a/src/pages/index.mdx b/src/pages/index.mdx
@@ -1,12 +1,21 @@
 <span className="mb-9 mt-4 flex rounded-3xl bg-gray-900 bg-[url('/images/docs/announcement-texture.png')] bg-repeat px-8 py-1 text-white">
 	<span className="grow">
-		<span className="block text-lg font-bold">World ID SDK now publicly available</span>
-		The SDK is now available for public use. Read the announcement and start building now.
+		<span className="block text-lg font-bold">World ID 2.0 is live!</span>
+		Learn more about the new features in World ID and how to migrate your app to the new version of IDKit.
+	</span>
+	<span className="flex items-center justify-end pl-6">
+		<a
+			className="m-0 rounded-lg bg-gray-900 outline outline-white px-4 py-2 text-white no-underline hover:no-underline"
+			href="/reference/world-id-2-migration-guide"
+			target="_blank"
+		>
+			<p className="m-0 p-0 font-medium whitespace-nowrap hover:no-underline">Migration Guide</p>
+		</a>
 	</span>
 	<span className="flex items-center justify-end pl-6">
 		<a
 			className="m-0 rounded-lg bg-white px-4 py-2 text-gray-900 no-underline hover:no-underline"
-			href="http://worldcoin.org/blog/product/wait-over-worldcoin-world-id-sdk-publicly-available"
+			href="/world-id-2"
 			target="_blank"
 		>
 			<p className="m-0 p-0 font-medium hover:no-underline">Announcement</p>

diff --git a/src/pages/reference/world-id-2-migration-guide.mdx b/src/pages/reference/world-id-2-migration-guide.mdx
@@ -0,0 +1,142 @@
+# World ID 2.0 Migration Guide
+
+This guide will help you migrate your application to use World ID 2.0, including upgrading from the beta version of IDKit (v0.5.1 or earlier) to the new release of IDKit (v1.0.0 or later). 
+We recommend you read the [World ID 2.0 Announcement](/world-id-2) to understand the new features and changes.
+
+<Note>
+    The [Breaking Changes](#breaking-changes) section outlines changes that must be addressed in order to successfully migrate your application to IDKit v1.
+    The [New Features](#new-features) and [Deprecated Functionality](#deprecated-functionality) sections outline changes that do not require immediate action.
+</Note>
+
+## Breaking Changes
+
+IDKit v1 introduces a number of breaking changes that must be addressed in order to successfully migrate.
+
+<Note type="warning">
+    The minimum versions of World App compatible with IDKit v1 are **2.5.0.1 on Android** and **2.5.1 on iOS**. 
+    If your users experience issues after migrating your application to IDKit v1, please ensure they are using the latest version of World App.
+</Note>
+
+### Changes to `credential_types`
+
+The `phone` credential has been deprecated in favor of World ID Lite. World ID Lite is the name for the new `device` credential, which relies on the user's identity wallet, such as World App, to verify a user's unique device.
+
+<Note>Read more about [World ID Lite](/further-reading/world-id-lite).</Note>
+
+In order to support this change, the `credential_types` field in the IDKitWidget's parameters has been updated. If you previously accepted the `phone` credential, you should now accept the `device` credential instead.
+
+<CodeGroup title="Device Credential">
+```jsx {{ title: "JavaScript" }}
+import { IDKitWidget } from '@worldcoin/idkit'
+
+<IDKitWidget
+	app_id="app_GBkZ1KlVUdFTjeMXKlVUdFT"
+	action="vote_1"
+	onSuccess={onSuccess}
+	handleVerify={handleVerify}
+	credential_types={['orb', 'device']} // `phone` has been replaced with `device`
+>
+	{({ open }) => <button onClick={open}>Verify with World ID</button>}
+</IDKitWidget>
+```
+```tsx {{ title: "TypeScript" }}
+import { IDKitWidget, CredentialType } from '@worldcoin/idkit'
+
+<IDKitWidget
+	app_id="app_GBkZ1KlVUdFTjeMXKlVUdFT"
+	action="vote_1"
+	onSuccess={onSuccess}
+	handleVerify={handleVerify}
+	credential_types={[CredentialType.Orb, CredentialType.Device]} // `phone` has been replaced with `device`
+>
+	{({ open }) => <button onClick={open}>Verify with World ID</button>}
+</IDKitWidget>
+```
+</CodeGroup>
+
+### New Package for Vanilla JavaScript
+
+If your application uses vanilla JavaScript, you will need to install the new `@worldcoin/idkit-standalone` package instead of `@worldcoin/idkit`. 
+This package acts as a wrapper around the `@worldcoin/idkit` package for applications that do not use React.
+
+<Note>See the [IDKit Standalone](/reference/idkit#idkit-standalone) reference documentation for integration details.</Note>
+
+## New Features
+
+This section outlines new features introduced in IDKit v1 and other developer tools. These features are optional, and you can safely upgrade to IDKit v1 without making any changes described in this section.
+
+### Wallet Bridge
+
+The Wallet Bridge is a lightweight, open-source, and secure message passing service that allows IDKit to request and receive a zero-knowledge proof from a user's identity wallet, such as World App. This replaces WalletConnect, which was previously used for this functionality.
+The Wallet Bridge enables increased performance both in terms of speed and stability.
+
+<Note>
+    You can view the [Protocol Internals](/further-reading/protocol-internals#wallet-bridge) page or [Wallet Bridge](https://github.com/worldcoin/wallet-bridge) GitHub repository to learn more about how the Wallet Bridge works.
+
+    Usage information can be found in the [IDKit Reference Documentation](/reference/idkit#parameters).
+</Note> 
+
+### World ID Reset
+
+World ID Reset is a new feature that allows users to reset their World ID in case their World ID is lost or stolen.
+
+<Note>Read more about World ID Reset and important considerations for your application in the [World ID Reset documentation](/further-reading/world-id-reset).</Note>
+
+### `onError` Callback
+
+The new `onError` callback allows you to gracefully handle errors that occur during the World ID verification flow. This optional callback is called when the IDKit Widget is closed from an error state.
+
+<Note>Read more about the `onError` callback in the [IDKit reference documentation](/reference/idkit#parameters).</Note>
+
+### Self-Hosted Applications
+
+Self-hosted applications are more clearly supported in IDKit v1. These applications completely bypass the Worldcoin Developer Portal, allowing for permissionless use of the World ID protocol with IDKit.
+
+<Note>Read more about self-hosted applications in the [IDKit Reference](/reference/idkit#self-hosted-applications).</Note>
+
+### `idkit-core` Package
+
+The `@worldcoin/idkit-core` package is a new package that contains the core functionality of IDKit, primarily interactions with the Wallet Bridge. This package is used by the `@worldcoin/idkit` and `@worldcoin/idkit-standalone` packages.
+**Intended only for use within another IDKit package**, and not intended to be used directly by applications.
+
+### `idkit-js` Monorepo
+
+The [GitHub repository for IDKit](https://github.com/worldcoin/idkit-js) has been updated to a monorepo, which contains the source code for the `@worldcoin/idkit-core`, `@worldcoin/idkit`, and `@worldcoin/idkit-standalone` packages.
+This refactor allows for easier maintenance and development of IDKit, and allows for much simpler creation of new IDKit packages for various frontend frameworks.
+
+<Note>Want support for a new frontend framework? Let us know by [opening an issue](https://github.com/worldcoin/idkit-js/issues) or build it and [submit a pull request](https://github.com/worldcoin/idkit-js/pulls)!</Note>
+
+### Use Email Address to Sign In to the Developer Portal
+
+The [Worldcoin Developer Portal](https://developer.worldcoin.org) now supports signing in with an email address in addition to Sign In with Worldcoin.
+
+## Deprecated Functionality
+
+This section outlines deprecated functionality in IDKit v1. These features have been removed or will be removed in the near future.
+
+### Telemetry
+
+All telemetry has been removed from the IDKit package. The `enableTelemetry` parameter should be removed.
+
+### WalletConnect
+
+WalletConnect was previously used to pass messages between IDKit and a user's identity wallet. This has been replaced with the new Wallet Bridge, which is a lightweight, open-source, and secure message passing service.
+
+If you previously set `walletConnectProjectId` in IDKit's parameters, you should remove it.
+
+<Note>More information about the new Wallet Bridge can be found [above](#wallet-bridge).</Note>
+
+### `SignInWithWorldID` Component
+
+The `SignInWithWorldID` and `SignInButton` components have been removed from IDKit. All applications that wish to use Sign In with Worldcoin should do so through our [OIDC Provider](/id/sign-in).
+
+## Other Changes
+
+World ID 2.0 includes other changes that are noted here.
+
+### Terminology
+
+The following terminology changes have been made:
+
+- 'Sign In with Worldcoin' has been updated to 'Sign In with World ID'
+- 'Anonymous Actions' has been updated to 'Incognito Actions'