did:web & Hosting

Wallet Server can create and serve a did:web document per authenticated user.

How paths are built

The server reads:

  • DID_WEB_DOMAIN (required): host/FQDN, without protocol

  • DID_WEB_JSON_PATH (optional): base path; can contain :id placeholder

  • DID_WEB_PORT (optional): included in the DID if set

Rules:

  • If DID_WEB_JSON_PATH contains :id, it is replaced with the JWT sub.

  • If DID_WEB_JSON_PATH is empty, the path becomes /<sub>.

  • The server serves GET /did/user/:id/did.json publicly to match the did:web location.

Examples

Given:

DID_WEB_DOMAIN=example.com
DID_WEB_JSON_PATH=/did/user/:id

For sub = 1234, the did:web is:

did:web:example.com:did:user:1234

And the document is available at:

https://example.com/did/user/1234/did.json

If no base path is set:

DID_WEB_DOMAIN=example.com
# DID_WEB_JSON_PATH not set

For sub = 1234 → did:web path is /1234/did.json and the DID is did:web:example.com:1234.

PreviousFlows: Claim and PresentationNextSecurity Considerations

Last updated