You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. **Browser Extension First**: If the Reclaim browser extension is installed, it will use the extension for a seamless in-browser verification experience.
201
-
2. **QR Code Fallback**: If the extension is not available, it automatically displays a QR code modal for mobile scanning.
211
+
1. **Browser Extension First**: If the Reclaim browser extension is installed, it will use the extension regardless of verification mode.
212
+
2. **Portal mode** (no extension): Opens the portal in a new tab.
213
+
3. **App mode** (no extension): Shows QR code modal with share page URL.
214
+
215
+
#### On Mobile Devices (portal mode):
202
216
203
-
#### On Mobile Devices:
217
+
Opens the portal in a new tab.
204
218
205
-
1. **iOS Devices**: Automatically redirects to the Reclaim App Clip for native iOS verification.
206
-
2. **Android Devices**: Automatically redirects to the Reclaim Instant App for native Android verification.
219
+
#### On Mobile Devices (app mode):
220
+
221
+
1. **All platforms**: Redirects to the share page.
222
+
2. **iOS with `useAppClip:true`**: Redirects to the Reclaim App Clip instead.
223
+
224
+
The same `verificationMode` option works with `getRequestUrl()`:
@@ -289,7 +315,7 @@ Your Reclaim SDK demo should now be running. Click the "Create Claim" button to
289
315
290
316
4. **Verification**: The `onSuccess` is called when verification is successful, providing the proof data. When using a custom callback url, the proof is returned to the callback url and we get an empty array instead of a proof.
291
317
292
-
5. **Handling Failures**: The `onFailure` is called if verification fails, allowing you to handle errors gracefully.
318
+
5. **Handling Failures**: The `onError` is called if verification fails, allowing you to handle errors gracefully.
293
319
294
320
## Advanced Configuration
295
321
@@ -431,33 +457,35 @@ For more details about response format, check out [official documentation of Err
>**Note:**`portalUrl` defaults to `https://portal.reclaimprotocol.org` and `useAppClip` defaults to `false` when no options are provided. `portalUrl` is the preferred option. The previous `customSharePageUrl` is deprecated but still supported. If both are provided, `portalUrl` takes precedence.
477
+
450
478
10.**Platform-Specific Flow Control**:
451
-
The`triggerReclaimFlow()`method provides intelligent platform detection, but you can still use traditional methods for custom flows:
479
+
Both`triggerReclaimFlow()`and `getRequestUrl()` support `verificationMode`:
452
480
453
481
```javascript
454
-
// Traditional approach with manual QR code handling
const { isVerified, data } = await verifyProof(proof, {
576
605
providerId: "YOUR_PROVIDER_ID",
577
606
// The exact provider version used in the session.
578
607
providerVersion: "1.0.0",
@@ -587,47 +616,106 @@ If you want to avoid network requests, you can manually feed the expected crypto
587
616
588
617
```javascript
589
618
// Verify a proof against a known, strict expected hash
590
-
const isValid = await verifyProof(proof, {
591
-
hashes: ['0x1abc2def3456...']
619
+
const { isVerified, data } = await verifyProof(proof, {
620
+
hashes: ['0x1abc2def3456...']
592
621
});
593
622
```
594
623
595
624
### 3. Advanced: Multiple Proofs and Optional Matches
596
625
When building advanced use-cases, you might process multiple distinct proofs at once or deal with providers that yield a few valid hash possibilities (e.g., due to optional data fields).
The SDK supports verifying TEE (Trusted Execution Environment) attestations included in proofs. This provides hardware-level assurance that the proof was generated inside a secure enclave (AMD SEV-SNP).
670
+
671
+
### Enabling TEE Attestation
672
+
673
+
To request TEE attestation during proof generation, enable it during initialization:
Pass `true` as the third argument (`verifyTEE`) to `verifyProof` to require and verify TEE attestation. If TEE data is missing or invalid, verification will fail.
684
+
685
+
```javascript
686
+
import { verifyProof } from "@reclaimprotocol/js-sdk";
687
+
688
+
// Pass true as the third argument (verifyTEE) to require TEE verification
When `verifyTEE` is `true`, the result includes `isTeeVerified`. The overall `isVerified` will be `false` if TEE data is missing or TEE verification fails.
699
+
700
+
The TEE verification validates:
701
+
- **Nonce binding**: Ensures the attestation nonce matches the proof context
702
+
- **Application ID**: Confirms the attestation was generated for your application (optional)
703
+
- **Timestamp**: Verifies the attestation timestamp is within an acceptable range of the proof timestamp
704
+
- **SNP report**: Validates the AMD SEV-SNP hardware attestation report
705
+
- **VLEK certificate**: Verifies the certificate chain against AMD's root of trust
706
+
-**Report data**: Confirms the workload and verifier digests match the attestation
707
+
708
+
You can also verify TEE attestation separately using the lower-level `verifyTeeAttestation` function:
709
+
710
+
```javascript
711
+
import { verifyTeeAttestation } from "@reclaimprotocol/js-sdk";
console.log("TEE attestation verified — proof was generated in a secure enclave");
716
+
}
717
+
```
718
+
631
719
## Error Handling
632
720
633
721
The SDK provides specific error types for different failure scenarios. Here's how to handle them:
@@ -677,6 +765,10 @@ try {
677
765
- `ProofSubmissionFailedError`: Proof submission to callback failed
678
766
- `ErrorDuringVerificationError`: An abort error during verification which was caused by the user aborting the verification process or provider's JS script raising a validation error
Explore the [Reclaim Protocol documentation](https://docs.reclaimprotocol.org/) for more advanced features and best practices for integrating the SDK into your production applications.
0 commit comments