Ontology Developer Center
Comment on page

Integration and Usage

In this example we use go-chi to build the RESTful service. You can view the full code here, and find the SDK here.


Add the following in the go.mod file.
require ( ... github.com/ontology-tech/ontlogin-sdk-go latest)

Add API Methods

Import the methods in the main.go file.
  • requestChallenge: Returns the challenge from the server
  • submitChallenge : Passes the signed challenge and VP (if requested by the server)
package main​
import (
Initialize the service, perform cross-origin resource sharing checks and define API methods.
func main() {
r := chi.NewRouter()
service.InitService() // Service Initialization
// AllowedOrigins: []string{"https://foo.com"}, // Use this to allow specific origin hosts
AllowedOrigins: []string{"*"},
// AllowOriginFunc: func(r *http.Request, origin string) bool { return true },
AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
// AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
AllowedHeaders: []string{"Authorization", "Content-Length", "X-CSRF-Token", "Token", "session", "X_Requested_With", "Accept", "Origin", "Host", "Connection", "Accept-Encoding", "Accept-Language", "DNT", "X-CustomHeader", "Keep-Alive", "User-Agent", "X-Requested-With", "If-Modified-Since", "Cache-Control", "Content-Type", "Pragma"},
ExposedHeaders: []string{"Content-Length", "token", "Access-Control-Allow-Origin", "Access-Control-Allow-Headers", "Cache-Control", "Content-Language", "Content-Type", "Expires", "Last-Modified", "Pragma", "FooBar"},
AllowCredentials: false,
MaxAge: 172800, // Maximum value not ignored by any of major browsers
r.Use(auth.Middleware()) // Detect app login permission​
r.Post("/requestChallenge", service.RequestChallenge) // Challenge request
r.Post("/submitChallenge",service.Login) // Challenge submission
r.Get("/afterLogin",service.AfterLogin) // Other business logic
log.Fatal(http.ListenAndServe(":3000", r))

Import and Use service.go

Handle API requests using service.go
package service​
import (
ontloginsdk "github.com/ontology-tech/ontlogin-sdk-go/sdk"
var loginsdk *ontloginsdk.OntLoginSdk
var mapstore map[string]string
func InitService() {
mapstore = make(map[string]string) // To store UUID. In real projects, UUID can be stored in the database, redis or cache
vcfilters := make(map[string][]*modules.VCFilter) // Configure `VCFilter` according to `actionType`
vcfilters[modules.ACTION_REGISTER] = []*modules.VCFilter{
{Type: "EmailCredential", Required: true, TrustRoots: []string{"did:ont:ssssss"}}, // Issuer DID
} // Server configuration information needed by the SDK, which can be obtained from config files
conf := &ontloginsdk.SDKConfig{
Chain: []string{"ont"}, // Supported chains, e.g. eth, ont, bsc, respective Processors needed
Alg: []string{"ES256"}, // Supported signature schemes
ServerInfo: &modules.ServerInfo{
Name: "testServcer",
Icon: "http://somepic.jpg",
Url: "https://ont.io",
Did: "did:ont:sampletest",
VerificationMethod: "",
VCFilters: vcfilters, // VC required by the server
Processors := make(map[string]did.DidProcessor) // Initialize the Processor of the respective chain
// Parameter specification using Ontology as an example
// 1. doubleDirection bool: if mutual authentication is required
// 2. Ontology node rpc server address
// 3. DID contract address, can be null when 1 takes `false`
// 4. Ontology wallet address, can be null when 1 takes `false`
// 5. Wallet password, can be null when 1 takes `false`
ontProcessor, err := ont.NewOntProcessor(false, "http://polaris2.ont.io:20336", "52df370680de17bc5d4262c446f102a0ee0d6312", "./wallet.dat", "123456")
if err != nil {
Processors["ont"] = ontProcessor
// Except config, Processor and SDK, the following functions need to be passed
// 1. func()string: generates UUID
// 2. func(string)error: checks if the nonce (UUID) exists in the database/redis/cache
loginsdk, err = ontloginsdk.NewOntLoginSdk(conf, Processors, GenUUID, CheckNonce)
if err != nil {
func RequestChallenge(writer http.ResponseWriter, request *http.Request){
// Handle the request from the client
cr := &modules.ClientHello{}
writer.Header().Set("Content-Type", "application/json")
err := json.NewDecoder(request.Body).Decode(&cr)
if err != nil {
// Invoke the SDK to generate the challenge
serverHello,err := loginsdk.GenerateChallenge(cr)
if err!= nil{
// Return the challenge
func Login(writer http.ResponseWriter, request *http.Request){
lr := &modules.ClientResponse{}
writer.Header().Set("Content-Type", "application/json")
err := json.NewDecoder(request.Body).Decode(&lr)
if err != nil {
err = loginsdk.ValidateClientResponse(lr)
if err != nil {
// The challenge response from the client has passed validation
// Now you can proceed according to your business logic
// In this example, JWT is used for authentication​​
s ,err:= jwt.GenerateToken(lr.Did)
func AfterLogin(writer http.ResponseWriter, request *http.Request) {
if err := auth.CheckLogin(request.Context()); err != nil {
fmt.Printf("err:%s\n", err.Error())
writer.Write([]byte("please login first"))
writer.Write([]byte("normal business process"))
​​func GenUUID()string{
uuid,err := uuid.NewUUID()
if err != nil{
fmt.Printf("uuid failed:%s\n",err.Error())
return ""
mapstore[uuid.String()] = "ok"
return uuid.String()
func CheckNonce(nonce string)error{
if _,ok:=mapstore[nonce]
return fmt.Errorf("no nonce found")
return nil

Handle VP

Use the following to extract VC from VP in form of JSON text.
GetCredentialJson(chain, presentation string) ([]string, error)
Since the form of VC varies according to the server's request, only JSON is supported here. The server can parse the VC into the per-defined form.
Last modified 2yr ago