idverification

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 24, 2025 License: Apache-2.0 Imports: 25 Imported by: 0

README

Identity Verification (KYC) Plugin

Enterprise-grade identity verification and Know Your Customer (KYC) compliance plugin for AuthSome. Supports multiple verification providers including Onfido, Jumio, and Stripe Identity.

Features

Core Capabilities
  • Document Verification: Passport, driver's license, national ID verification
  • Liveness Detection: Facial recognition and liveness checks
  • Age Verification: Automated age verification with configurable minimum age
  • AML/Sanctions Screening: Check users against sanctions lists and PEP databases
  • Multi-Provider Support: Onfido, Jumio, and Stripe Identity integrations
  • Webhook Integration: Real-time verification status updates
  • Document Retention: Configurable document retention policies for compliance
  • Risk Scoring: Automated risk assessment with configurable thresholds
  • Multi-Tenancy: Organization-scoped configurations and verification
Compliance & Security
  • GDPR Compliant: Built-in data retention and deletion policies
  • Audit Logging: Complete audit trail of all verification activities
  • Encryption: Sensitive data encryption at rest
  • Webhook Verification: Cryptographic signature verification for webhooks
  • Rate Limiting: Protection against abuse and excessive verification attempts
  • Data Residency: Configurable data storage locations (US, EU, UK, Global)
Enterprise Features
  • Manual Review: Support for manual review of failed verifications
  • Re-verification: Configurable re-verification workflows
  • User Blocking: Block users from verification based on risk or compliance
  • Custom Fields: Extensible metadata support
  • Analytics: Comprehensive verification statistics and reporting
  • Admin API: Full administrative control over verifications

Installation

1. Install the Plugin
import (
    "github.com/xraph/authsome"
    "github.com/xraph/authsome/plugins/enterprise/idverification"
)

func main() {
    auth, err := authsome.New(
        authsome.WithDatabase(db),
        authsome.WithConfig(config),
    )
    if err != nil {
        log.Fatal(err)
    }
    
    // Register the identity verification plugin
    plugin := idverification.NewPlugin()
    if err := auth.RegisterPlugin(plugin); err != nil {
        log.Fatal(err)
    }
    
    // Run migrations
    if err := plugin.Migrate(); err != nil {
        log.Fatal(err)
    }
}
2. Configuration

Add the following to your configuration file:

auth:
  idverification:
    enabled: true
    defaultProvider: "onfido"  # onfido, jumio, stripe_identity
    
    # Session configuration
    sessionExpiryDuration: 24h
    verificationExpiry: 8760h  # 1 year
    
    # Required checks
    requireDocumentVerification: true
    requireLivenessDetection: true
    requireAgeVerification: false
    requireAMLScreening: false
    minimumAge: 18
    
    # Accepted documents and countries
    acceptedDocuments:
      - "passport"
      - "drivers_license"
      - "national_id"
    acceptedCountries: []  # Empty = all countries
    
    # Risk configuration
    maxAllowedRiskScore: 70  # 0-100
    autoRejectHighRisk: true
    minConfidenceScore: 80
    
    # Document retention
    retainDocuments: true
    documentRetentionPeriod: 2160h  # 90 days
    autoDeleteAfterExpiry: true
    
    # Webhooks
    webhooksEnabled: true
    webhookUrl: "https://your-app.com/webhooks/verification"
    webhookEvents:
      - "verification.completed"
      - "verification.failed"
      - "verification.expired"
    webhookSecret: "your-webhook-secret"
    webhookRetryCount: 3
    
    # Features
    enableManualReview: true
    enableReverification: true
    maxVerificationAttempts: 3
    
    # Compliance
    enableAuditLog: true
    complianceMode: "standard"  # standard, strict, custom
    gdprCompliant: true
    dataResidency: "eu"  # us, eu, uk, global
    
    # Rate limiting
    rateLimitEnabled: true
    maxVerificationsPerHour: 10
    maxVerificationsPerDay: 50
    
    # Provider configurations
    onfido:
      enabled: true
      apiToken: "your-onfido-api-token"
      region: "eu"  # us, eu, ca
      webhookToken: "your-onfido-webhook-token"
      documentCheck:
        enabled: true
        validateExpiry: true
        validateDataConsistency: true
        extractData: true
      facialCheck:
        enabled: true
        variant: "video"  # standard, video
        motionCapture: true
      includeDocumentReport: true
      includeFacialReport: true
      includeWatchlistReport: true
    
    jumio:
      enabled: false
      apiToken: "your-jumio-api-token"
      apiSecret: "your-jumio-api-secret"
      dataCenter: "us"  # us, eu, sg
      verificationType: "identity"
      enableLiveness: true
      enableAMLScreening: false
      enableExtraction: true
    
    stripeIdentity:
      enabled: false
      apiKey: "your-stripe-api-key"
      webhookSecret: "your-stripe-webhook-secret"
      requireLiveCapture: true
      allowedTypes:
        - "document"
      requireMatchingSelfie: true

Middleware

The plugin provides comprehensive middleware for protecting endpoints based on verification status.

Available Middleware
// Load verification status into context (non-blocking)
plugin.Middleware().LoadVerificationStatus

// Require user to be verified
middleware.RequireVerified()

// Require specific verification level (none, basic, enhanced, full)
middleware.RequireVerificationLevel("full")

// Require specific checks
middleware.RequireDocumentVerified()
middleware.RequireLivenessVerified()
middleware.RequireAMLClear()
middleware.RequireAge(18)

// Ensure user is not blocked
middleware.RequireNotBlocked()
Usage Examples
Protect a route requiring full verification
// Get middleware from plugin
verifyMW := plugin.GetMiddleware()

// Protect endpoint
router.GET("/sensitive/endpoint", 
    verifyMW.RequireVerified(),
    handler.SensitiveOperation,
)
Require specific verification level
// Enhanced verification for medium-risk operations
router.POST("/transfer", 
    verifyMW.RequireVerificationLevel("enhanced"),
    handler.Transfer,
)

// Full verification for high-risk operations
router.POST("/withdraw", 
    verifyMW.RequireVerificationLevel("full"),
    handler.Withdraw,
)
Combine multiple requirements
// Financial operations require document + AML screening
router.POST("/investment", 
    verifyMW.RequireDocumentVerified(),
    verifyMW.RequireAMLClear(),
    handler.Investment,
)

// Age-restricted content
router.GET("/premium/content", 
    verifyMW.RequireAge(21),
    handler.PremiumContent,
)
Load status for conditional logic
// Load status into context (non-blocking)
router.Use(plugin.Middleware().LoadVerificationStatus)

// In handler, check verification status
func (h *Handler) SomeEndpoint(c forge.Context) error {
    if idverification.IsVerified(c) {
        // User is verified, show premium features
        return showPremiumFeatures(c)
    }
    
    // User not verified, show basic features
    return showBasicFeatures(c)
}

// Or get full status
status, ok := idverification.GetVerificationStatus(c)
if ok {
    level := status.VerificationLevel
    // Conditional logic based on level
}
Middleware Response Codes
Status Code Meaning
401 AUTHENTICATION_REQUIRED User not authenticated
403 VERIFICATION_REQUIRED User not verified
403 VERIFICATION_NOT_FOUND No verification status found
403 INSUFFICIENT_VERIFICATION_LEVEL Verification level too low
403 DOCUMENT_VERIFICATION_REQUIRED Document check not passed
403 LIVENESS_VERIFICATION_REQUIRED Liveness check not passed
403 AML_SCREENING_REQUIRED AML screening not done
403 AML_SCREENING_FAILED AML screening found issues
403 AGE_VERIFICATION_REQUIRED Age verification needed
403 USER_BLOCKED User blocked from verification
403 REVERIFICATION_REQUIRED Re-verification needed

Usage

Create a Verification Session
// Create a verification session for a user
session, err := service.CreateVerificationSession(ctx, &idverification.CreateSessionRequest{
    UserID:         "user_123",
    OrganizationID: "org_456",
    Provider:       "onfido",  // Optional, uses default if not specified
    RequiredChecks: []string{"document", "liveness"},
    SuccessURL:     "https://your-app.com/verification/success",
    CancelURL:      "https://your-app.com/verification/cancel",
    Metadata: map[string]interface{}{
        "purpose": "account_verification",
    },
    IPAddress: "1.2.3.4",
    UserAgent: "Mozilla/5.0...",
})

// Redirect user to session.SessionURL to complete verification
Via HTTP API
# Create verification session
curl -X POST https://your-app.com/auth/verification/sessions \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "onfido",
    "requiredChecks": ["document", "liveness"],
    "successUrl": "https://your-app.com/verification/success",
    "cancelUrl": "https://your-app.com/verification/cancel"
  }'

# Get user verification status
curl -X GET https://your-app.com/auth/verification/me/status \
  -H "Authorization: Bearer YOUR_TOKEN"

# Get user verifications
curl -X GET https://your-app.com/auth/verification/me \
  -H "Authorization: Bearer YOUR_TOKEN"

# Request re-verification
curl -X POST https://your-app.com/auth/verification/me/reverify \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "Document expired"
  }'
Check Verification Status
// Get user verification status
status, err := service.GetUserVerificationStatus(ctx, "user_123")
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Verified: %v\n", status.IsVerified)
fmt.Printf("Level: %s\n", status.VerificationLevel)
fmt.Printf("Risk Level: %s\n", status.OverallRiskLevel)
fmt.Printf("Document Verified: %v\n", status.DocumentVerified)
fmt.Printf("Liveness Verified: %v\n", status.LivenessVerified)
fmt.Printf("AML Clear: %v\n", status.AMLClear)
Handle Webhooks
// Webhook endpoint is automatically registered at:
// POST /auth/verification/webhook/:provider

// The handler will:
// 1. Verify the webhook signature
// 2. Parse the webhook payload
// 3. Update the verification record
// 4. Update user verification status
// 5. Send internal webhooks to your app
Admin Operations
// Block a user from verification
err := service.BlockUser(ctx, "user_123", "org_456", "Suspicious activity detected")

// Unblock a user
err := service.UnblockUser(ctx, "user_123", "org_456")

// Get verification stats
stats, err := repo.GetVerificationStats(ctx, "org_456", from, to)
fmt.Printf("Total: %d\n", stats.TotalVerifications)
fmt.Printf("Successful: %d\n", stats.SuccessfulVerifications)
fmt.Printf("High Risk: %d\n", stats.HighRiskCount)

API Reference

Endpoints
User Endpoints
  • POST /verification/sessions - Create a verification session
  • GET /verification/sessions/:id - Get session details
  • GET /verification/me - Get user's verifications
  • GET /verification/me/status - Get user's verification status
  • POST /verification/me/reverify - Request re-verification
  • GET /verification/:id - Get specific verification
Admin Endpoints
  • POST /verification/admin/users/:userId/block - Block user from verification
  • POST /verification/admin/users/:userId/unblock - Unblock user
  • GET /verification/admin/users/:userId/status - Get any user's status
  • GET /verification/admin/users/:userId/verifications - Get any user's verifications
Webhook Endpoints
  • POST /verification/webhook/:provider - Receive provider webhooks

Provider Integration

Onfido
  1. Sign up at Onfido
  2. Get your API token from the dashboard
  3. Configure webhook URL in Onfido dashboard
  4. Copy webhook token for signature verification
onfido:
  enabled: true
  apiToken: "test_xxxxx"
  region: "eu"
  webhookToken: "webhook_xxxxx"
Jumio
  1. Sign up at Jumio
  2. Get API credentials (token + secret)
  3. Configure callback URL
  4. Set data center region
jumio:
  enabled: true
  apiToken: "your_token"
  apiSecret: "your_secret"
  dataCenter: "us"
Stripe Identity
  1. Enable Stripe Identity in your Stripe Dashboard
  2. Get your API key
  3. Configure webhook endpoint
  4. Copy webhook signing secret
stripeIdentity:
  enabled: true
  apiKey: "sk_test_xxxxx"
  webhookSecret: "whsec_xxxxx"

Verification Flow

  1. Session Creation: Application creates a verification session
  2. User Redirect: User is redirected to provider's verification page
  3. Document Upload: User uploads documents and completes checks
  4. Provider Processing: Provider verifies documents, checks liveness, screens AML
  5. Webhook Callback: Provider sends results via webhook
  6. Status Update: AuthSome updates verification status
  7. User Notification: User is redirected to success/failure URL
  8. Application Check: Application checks verification status

Database Schema

identity_verifications

Stores individual verification attempts.

Column Type Description
id varchar(255) Unique verification ID
user_id varchar(255) User being verified
organization_id varchar(255) Organization context
provider varchar(50) Provider used (onfido, jumio, etc.)
provider_check_id varchar(255) Provider's check ID
verification_type varchar(50) Type (document, liveness, age, aml)
status varchar(50) Status (pending, completed, failed, expired)
is_verified boolean Verification result
risk_score int Risk score (0-100)
risk_level varchar(20) Risk level (low, medium, high)
confidence_score int Confidence score (0-100)
identity_verification_documents

Stores uploaded documents.

Column Type Description
id varchar(255) Document ID
verification_id varchar(255) Related verification
document_side varchar(20) Side (front, back, selfie)
file_url text Encrypted storage URL
file_hash varchar(64) SHA-256 hash
processing_status varchar(50) Processing status
identity_verification_sessions

Tracks verification sessions.

Column Type Description
id varchar(255) Session ID
user_id varchar(255) User ID
session_url text Provider verification URL
required_checks jsonb Required checks
status varchar(50) Session status
expires_at timestamptz Expiration time
user_verification_status

Tracks overall user verification status.

Column Type Description
id varchar(255) Status ID
user_id varchar(255) User ID (unique)
is_verified boolean Overall verification status
verification_level varchar(50) Verification level
document_verified boolean Document check passed
liveness_verified boolean Liveness check passed
age_verified boolean Age check passed
aml_screened boolean AML screening completed
aml_clear boolean AML screening clear
is_blocked boolean User blocked from verification

Error Handling

The plugin defines comprehensive error types:

  • ErrVerificationNotFound - Verification record not found
  • ErrVerificationExpired - Verification has expired
  • ErrMaxAttemptsReached - Maximum verification attempts exceeded
  • ErrRateLimitExceeded - Rate limit exceeded
  • ErrHighRiskDetected - High risk score detected
  • ErrSanctionsListMatch - User found on sanctions list
  • ErrPEPDetected - Politically exposed person detected
  • ErrAgeBelowMinimum - Age below minimum requirement
  • ErrDocumentNotSupported - Document type not supported
  • ErrCountryNotSupported - Country not supported

Security Considerations

  1. API Credentials: Store provider API keys securely (use environment variables or secrets manager)
  2. Webhook Verification: Always verify webhook signatures
  3. Data Encryption: Sensitive data (document numbers, tokens) are encrypted
  4. Rate Limiting: Enable rate limiting to prevent abuse
  5. GDPR Compliance: Configure appropriate retention periods
  6. Access Control: Use RBAC to control access to verification data
  7. Audit Logging: Enable audit logging for compliance

Testing

Unit Tests
go test ./plugins/idverification/...
Integration Tests
# Set test provider credentials
export ONFIDO_API_TOKEN="test_xxxxx"
export JUMIO_API_TOKEN="test_xxxxx"
export JUMIO_API_SECRET="test_xxxxx"
export STRIPE_API_KEY="sk_test_xxxxx"

# Run integration tests
go test ./plugins/idverification/... -tags=integration
Mock Provider

For testing without real provider accounts:

// Use mock provider
mockProvider := &MockProvider{
    SessionResponse: &ProviderSession{
        ID:  "mock_session_123",
        URL: "https://mock-provider.com/verify/mock_session_123",
    },
}

service.providers["mock"] = mockProvider

Use Cases

Fintech Applications
  • KYC compliance for banking and financial services
  • Age verification for investment platforms
  • AML screening for cryptocurrency exchanges
Healthcare
  • Patient identity verification
  • Telemedicine identity confirmation
  • Prescription validation
Age-Restricted Content
  • Alcohol/tobacco sales verification
  • Adult content access control
  • Gaming and gambling platforms
Regulated Industries
  • Securities trading platforms
  • Insurance applications
  • Real estate transactions

Best Practices

  1. Choose the Right Provider: Each provider has strengths

    • Onfido: Global coverage, excellent document support
    • Jumio: Strong in US market, good liveness detection
    • Stripe Identity: Easy integration, good for existing Stripe users

  2. Configure Appropriate Checks: Balance security and user experience

    • Document verification: Essential for most use cases
    • Liveness detection: Prevents photo attacks
    • AML screening: Required for regulated industries
    • Age verification: Specific use cases only

  3. Set Reasonable Thresholds: Don't make verification too strict

    • Risk score: 70 is a good starting point
    • Confidence score: 80 is reasonable
    • Max attempts: 3-5 attempts recommended

  4. Handle Failures Gracefully: Provide clear error messages and support

    • Manual review for edge cases
    • Clear rejection reasons
    • Support contact information

  5. Monitor and Optimize: Track verification metrics

    • Completion rates
    • Failure reasons
    • Provider performance
    • User feedback

Troubleshooting

Common Issues

Verification Fails Immediately

  • Check provider API credentials
  • Verify webhook configuration
  • Check rate limits

Webhook Not Received

  • Verify webhook URL is publicly accessible
  • Check webhook secret configuration
  • Review webhook logs in provider dashboard

High Failure Rate

  • Review risk score thresholds
  • Check document type requirements
  • Verify country restrictions

Session Expired

  • Increase session expiry duration
  • Send reminder emails before expiry
  • Allow re-verification

Support

For issues or questions:

  1. Check the AuthSome Documentation
  2. Review provider documentation (Onfido, Jumio, Stripe)
  3. Open an issue on GitHub
  4. Contact support@authsome.dev

License

This plugin is part of the AuthSome project and is licensed under the MIT License.

Documentation

Index

Constants

View Source 
const (
	VerificationStatusContextKey verificationContextKey = "verification_status"
	VerificationLevelContextKey  verificationContextKey = "verification_level"
)

Variables

View Source 
var (
	ErrNoProviderEnabled      = errors.New("no identity verification provider enabled")
	ErrInvalidDefaultProvider = errors.New("invalid default provider")
	ErrProviderNotEnabled     = errors.New("provider not enabled")
	ErrMissingAPIToken        = errors.New("missing API token")
	ErrMissingAPICredentials  = errors.New("missing API credentials")
	ErrMissingAPIKey          = errors.New("missing API key")
	ErrUnsupportedProvider    = errors.New("unsupported provider")
	ErrInvalidRiskScore       = errors.New("invalid risk score range (must be 0-100)")
	ErrInvalidConfidenceScore = errors.New("invalid confidence score range (must be 0-100)")
	ErrInvalidMinimumAge      = errors.New("invalid minimum age")
	ErrInvalidRateLimit       = errors.New("invalid rate limit")
	ErrInvalidMaxAttempts     = errors.New("invalid max verification attempts")
)

Configuration errors

View Source 
var (
	ErrVerificationNotFound    = errors.New("verification not found")
	ErrVerificationExpired     = errors.New("verification has expired")
	ErrVerificationFailed      = errors.New("verification failed")
	ErrVerificationPending     = errors.New("verification is still pending")
	ErrMaxAttemptsReached      = errors.New("maximum verification attempts reached")
	ErrSessionNotFound         = errors.New("verification session not found")
	ErrSessionExpired          = errors.New("verification session has expired")
	ErrInvalidVerificationType = errors.New("invalid verification type")
	ErrUserAlreadyVerified     = errors.New("user is already verified")
	ErrVerificationBlocked     = errors.New("user is blocked from verification")
)

Verification errors

View Source 
var (
	ErrDocumentNotSupported = errors.New("document type not supported")
	ErrCountryNotSupported  = errors.New("country not supported")
	ErrDocumentExpired      = errors.New("document has expired")
	ErrDocumentInvalid      = errors.New("document is invalid")
	ErrDocumentNotFound     = errors.New("document not found")
	ErrInvalidDocumentImage = errors.New("invalid document image")
	ErrDocumentUploadFailed = errors.New("document upload failed")
)

Document errors

View Source 
var (
	ErrHighRiskDetected    = errors.New("high risk detected")
	ErrSanctionsListMatch  = errors.New("user found on sanctions list")
	ErrPEPDetected         = errors.New("politically exposed person detected")
	ErrAMLCheckFailed      = errors.New("AML check failed")
	ErrAgeBelowMinimum     = errors.New("age below minimum requirement")
	ErrLivenessCheckFailed = errors.New("liveness check failed")
)

Risk and compliance errors

View Source 
var (
	ErrProviderAPIError        = errors.New("provider API error")
	ErrProviderTimeout         = errors.New("provider request timeout")
	ErrProviderRateLimited     = errors.New("provider rate limit exceeded")
	ErrInvalidProviderResponse = errors.New("invalid provider response")
	ErrProviderWebhookInvalid  = errors.New("invalid provider webhook")
)

Provider errors

View Source 
var (
	ErrRateLimitExceeded = errors.New("rate limit exceeded")
	ErrTooManyAttempts   = errors.New("too many verification attempts")
)

Rate limit errors

Functions

func GetVerificationLevel 

func GetVerificationLevel(c forge.Context) string

GetVerificationLevel retrieves the verification level from context

func GetVerificationStatus 

func GetVerificationStatus(c forge.Context) (*schema.UserVerificationStatus, bool)

GetVerificationStatus retrieves the verification status from context

func IsVerified 

func IsVerified(c forge.Context) bool

IsVerified checks if the user is verified

Types

type AMLMatch 

type AMLMatch struct {
	MatchType   string // sanction, pep, adverse_media
	Name        string
	Score       float64
	Source      string
	Description string
}

AMLMatch represents a sanctions/PEP match

type BlockUserRequest 

type BlockUserRequest struct {
	Reason string `json:"reason"`
}

BlockUserRequest represents admin request to block a user

type CheckSubResult 

type CheckSubResult struct {
	Name   string
	Result string
	Reason string
}

CheckSubResult represents a sub-result within a check

type Config 

type Config struct {
	// General settings
	Enabled               bool          `json:"enabled" yaml:"enabled"`
	DefaultProvider       string        `json:"defaultProvider" yaml:"defaultProvider"` // onfido, jumio, stripe_identity
	SessionExpiryDuration time.Duration `json:"sessionExpiryDuration" yaml:"sessionExpiryDuration"`
	VerificationExpiry    time.Duration `json:"verificationExpiry" yaml:"verificationExpiry"` // How long verification is valid

	// Required checks
	RequireDocumentVerification bool `json:"requireDocumentVerification" yaml:"requireDocumentVerification"`
	RequireLivenessDetection    bool `json:"requireLivenessDetection" yaml:"requireLivenessDetection"`
	RequireAgeVerification      bool `json:"requireAgeVerification" yaml:"requireAgeVerification"`
	RequireAMLScreening         bool `json:"requireAMLScreening" yaml:"requireAMLScreening"`
	MinimumAge                  int  `json:"minimumAge" yaml:"minimumAge"` // For age verification

	// Accepted document types
	AcceptedDocuments []string `json:"acceptedDocuments" yaml:"acceptedDocuments"` // passport, drivers_license, national_id
	AcceptedCountries []string `json:"acceptedCountries" yaml:"acceptedCountries"` // ISO 3166-1 alpha-2 codes, empty = all

	// Risk scoring
	MaxAllowedRiskScore int  `json:"maxAllowedRiskScore" yaml:"maxAllowedRiskScore"` // 0-100
	AutoRejectHighRisk  bool `json:"autoRejectHighRisk" yaml:"autoRejectHighRisk"`
	MinConfidenceScore  int  `json:"minConfidenceScore" yaml:"minConfidenceScore"` // Minimum confidence to pass

	// Document retention
	RetainDocuments         bool          `json:"retainDocuments" yaml:"retainDocuments"`
	DocumentRetentionPeriod time.Duration `json:"documentRetentionPeriod" yaml:"documentRetentionPeriod"`
	AutoDeleteAfterExpiry   bool          `json:"autoDeleteAfterExpiry" yaml:"autoDeleteAfterExpiry"`

	// Webhook configuration
	WebhooksEnabled   bool     `json:"webhooksEnabled" yaml:"webhooksEnabled"`
	WebhookURL        string   `json:"webhookUrl" yaml:"webhookUrl"`
	WebhookEvents     []string `json:"webhookEvents" yaml:"webhookEvents"` // verification.completed, verification.failed, etc.
	WebhookSecret     string   `json:"webhookSecret" yaml:"webhookSecret"`
	WebhookRetryCount int      `json:"webhookRetryCount" yaml:"webhookRetryCount"`

	// Callback URLs (defaults)
	DefaultSuccessURL string `json:"defaultSuccessUrl" yaml:"defaultSuccessUrl"`
	DefaultCancelURL  string `json:"defaultCancelUrl" yaml:"defaultCancelUrl"`

	// Provider configurations
	Onfido         OnfidoConfig         `json:"onfido" yaml:"onfido"`
	Jumio          JumioConfig          `json:"jumio" yaml:"jumio"`
	StripeIdentity StripeIdentityConfig `json:"stripeIdentity" yaml:"stripeIdentity"`

	// Features
	EnableManualReview      bool `json:"enableManualReview" yaml:"enableManualReview"`     // Allow manual review of failed verifications
	EnableReverification    bool `json:"enableReverification" yaml:"enableReverification"` // Allow re-verification
	MaxVerificationAttempts int  `json:"maxVerificationAttempts" yaml:"maxVerificationAttempts"`

	// Compliance
	EnableAuditLog bool   `json:"enableAuditLog" yaml:"enableAuditLog"`
	ComplianceMode string `json:"complianceMode" yaml:"complianceMode"` // standard, strict, custom
	GDPRCompliant  bool   `json:"gdprCompliant" yaml:"gdprCompliant"`
	DataResidency  string `json:"dataResidency" yaml:"dataResidency"` // us, eu, uk, global

	// Rate limiting
	RateLimitEnabled        bool `json:"rateLimitEnabled" yaml:"rateLimitEnabled"`
	MaxVerificationsPerHour int  `json:"maxVerificationsPerHour" yaml:"maxVerificationsPerHour"`
	MaxVerificationsPerDay  int  `json:"maxVerificationsPerDay" yaml:"maxVerificationsPerDay"`

	// Metadata
	CustomFields map[string]interface{} `json:"customFields" yaml:"customFields"`
}

Config holds the identity verification plugin configuration

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns the default configuration

func (*Config) Validate 

func (c *Config) Validate() error

Validate validates the configuration

type CreateSessionHTTPRequest 

type CreateSessionHTTPRequest struct {
	Provider       string                 `json:"provider"`
	RequiredChecks []string               `json:"requiredChecks,omitempty"`
	SuccessURL     string                 `json:"successUrl,omitempty"`
	CancelURL      string                 `json:"cancelUrl,omitempty"`
	Config         map[string]interface{} `json:"config,omitempty"`
	Metadata       map[string]interface{} `json:"metadata,omitempty"`
}

CreateSessionHTTPRequest represents the HTTP request body for session creation

type CreateSessionRequest 

type CreateSessionRequest struct {
	// V2 Context
	AppID          xid.ID
	EnvironmentID  *xid.ID
	OrganizationID xid.ID
	UserID         xid.ID

	// Session configuration
	Provider       string   // onfido, jumio, stripe_identity
	RequiredChecks []string // document, liveness, age, aml
	SuccessURL     string
	CancelURL      string
	Config         map[string]interface{}
	Metadata       map[string]interface{}

	// Tracking
	IPAddress string
	UserAgent string
}

CreateSessionRequest represents a request to create a verification session

type CreateVerificationRequest 

type CreateVerificationRequest struct {
	// V2 Context
	AppID          xid.ID
	EnvironmentID  *xid.ID
	OrganizationID xid.ID
	UserID         xid.ID

	// Verification details
	Provider         string
	ProviderCheckID  string
	VerificationType string
	DocumentType     string
	Metadata         map[string]interface{}

	// Tracking
	IPAddress string
	UserAgent string
}

CreateVerificationRequest represents a request to create a verification

type DocumentCheckConfig 

type DocumentCheckConfig struct {
	Enabled                 bool `json:"enabled" yaml:"enabled"`
	ValidateExpiry          bool `json:"validateExpiry" yaml:"validateExpiry"`
	ValidateDataConsistency bool `json:"validateDataConsistency" yaml:"validateDataConsistency"`
	ExtractData             bool `json:"extractData" yaml:"extractData"`
}

DocumentCheckConfig configures document verification

type ErrorResponse 

type ErrorResponse = responses.ErrorResponse

Response types - use shared responses from core

type FacialCheckConfig 

type FacialCheckConfig struct {
	Enabled       bool   `json:"enabled" yaml:"enabled"`
	Variant       string `json:"variant" yaml:"variant"` // standard, video
	MotionCapture bool   `json:"motionCapture" yaml:"motionCapture"`
}

FacialCheckConfig configures facial/liveness verification

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler handles HTTP requests for identity verification

func NewHandler 

func NewHandler(service *Service) *Handler

NewHandler creates a new identity verification handler

func (*Handler) AdminBlockUser 

func (h *Handler) AdminBlockUser(c forge.Context) error

AdminBlockUser blocks a user from verification (admin only) POST /verification/admin/users/:userId/block

func (*Handler) AdminGetUserVerificationStatus 

func (h *Handler) AdminGetUserVerificationStatus(c forge.Context) error

AdminGetUserVerificationStatus retrieves verification status for any user (admin only) GET /verification/admin/users/:userId/status

func (*Handler) AdminGetUserVerifications 

func (h *Handler) AdminGetUserVerifications(c forge.Context) error

AdminGetUserVerifications retrieves all verifications for any user (admin only) GET /verification/admin/users/:userId/verifications

func (*Handler) AdminUnblockUser 

func (h *Handler) AdminUnblockUser(c forge.Context) error

AdminUnblockUser unblocks a user (admin only) POST /verification/admin/users/:userId/unblock

func (*Handler) CreateVerificationSession 

func (h *Handler) CreateVerificationSession(c forge.Context) error

CreateVerificationSession creates a new verification session POST /verification/sessions

func (*Handler) GetUserVerificationStatus 

func (h *Handler) GetUserVerificationStatus(c forge.Context) error

GetUserVerificationStatus retrieves the verification status for the current user GET /verification/me/status

func (*Handler) GetUserVerifications 

func (h *Handler) GetUserVerifications(c forge.Context) error

GetUserVerifications retrieves all verifications for the current user GET /verification/me

func (*Handler) GetVerification 

func (h *Handler) GetVerification(c forge.Context) error

GetVerification retrieves a verification by ID GET /verification/:id

func (*Handler) GetVerificationSession 

func (h *Handler) GetVerificationSession(c forge.Context) error

GetVerificationSession retrieves a verification session GET /verification/sessions/:id

func (*Handler) HandleWebhook 

func (h *Handler) HandleWebhook(c forge.Context) error

HandleWebhook handles provider webhook callbacks POST /verification/webhook/:provider

func (*Handler) RequestReverification 

func (h *Handler) RequestReverification(c forge.Context) error

RequestReverification requests re-verification for the current user POST /verification/me/reverify

type IDVerificationErrorResponse 

type IDVerificationErrorResponse struct {
	Error string `json:"error" example:"Error message"`
}

Response types for identity verification routes

type IDVerificationListResponse 

type IDVerificationListResponse struct {
	Verifications []interface{} `json:"verifications"`
}

type IDVerificationResponse 

type IDVerificationResponse struct {
	Verification interface{} `json:"verification"`
}

type IDVerificationSessionResponse 

type IDVerificationSessionResponse struct {
	Session interface{} `json:"session"`
}

type IDVerificationStatusResponse 

type IDVerificationStatusResponse struct {
	Status interface{} `json:"status"`
}

type IDVerificationWebhookResponse 

type IDVerificationWebhookResponse struct {
	Status string `json:"status" example:"processed"`
}

type JumioConfig 

type JumioConfig struct {
	Enabled    bool   `json:"enabled" yaml:"enabled"`
	APIToken   string `json:"apiToken" yaml:"apiToken"`
	APISecret  string `json:"apiSecret" yaml:"apiSecret"`
	DataCenter string `json:"dataCenter" yaml:"dataCenter"` // us, eu, sg

	// Verification settings
	VerificationType string `json:"verificationType" yaml:"verificationType"` // identity, document, similarity
	PresetID         string `json:"presetId" yaml:"presetId"`                 // Jumio preset configuration

	// Document settings
	EnabledDocumentTypes []string `json:"enabledDocumentTypes" yaml:"enabledDocumentTypes"`
	EnabledCountries     []string `json:"enabledCountries" yaml:"enabledCountries"`

	// Features
	EnableLiveness     bool `json:"enableLiveness" yaml:"enableLiveness"`
	EnableAMLScreening bool `json:"enableAMLScreening" yaml:"enableAMLScreening"`
	EnableExtraction   bool `json:"enableExtraction" yaml:"enableExtraction"`

	// Callback
	CallbackURL string `json:"callbackUrl" yaml:"callbackUrl"`
}

JumioConfig holds Jumio-specific configuration

type JumioProvider 

type JumioProvider struct {
	// contains filtered or unexported fields
}

JumioProvider implements the Provider interface for Jumio

func NewJumioProvider 

func NewJumioProvider(config JumioConfig) (*JumioProvider, error)

NewJumioProvider creates a new Jumio provider

func (*JumioProvider) CreateSession 

func (p *JumioProvider) CreateSession(ctx context.Context, req *ProviderSessionRequest) (*ProviderSession, error)

CreateSession creates a Jumio verification session

func (*JumioProvider) GetCheck 

func (p *JumioProvider) GetCheck(ctx context.Context, checkID string) (*ProviderCheckResult, error)

GetCheck retrieves a Jumio verification result

func (*JumioProvider) GetProviderName 

func (p *JumioProvider) GetProviderName() string

GetProviderName returns the provider name

func (*JumioProvider) GetSession 

func (p *JumioProvider) GetSession(ctx context.Context, sessionID string) (*ProviderSession, error)

GetSession retrieves a Jumio session status

func (*JumioProvider) ParseWebhook 

func (p *JumioProvider) ParseWebhook(payload []byte) (*WebhookPayload, error)

ParseWebhook parses a Jumio webhook payload

func (*JumioProvider) VerifyWebhook 

func (p *JumioProvider) VerifyWebhook(signature, payload string) (bool, error)

VerifyWebhook verifies a Jumio webhook signature

type MessageResponse 

type MessageResponse = responses.MessageResponse

type Middleware 

type Middleware struct {
	// contains filtered or unexported fields
}

Middleware handles identity verification checks

func NewMiddleware 

func NewMiddleware(service *Service) *Middleware

NewMiddleware creates a new identity verification middleware

func (*Middleware) LoadVerificationStatus 

func (m *Middleware) LoadVerificationStatus(next func(forge.Context) error) func(forge.Context) error

LoadVerificationStatus loads the user's verification status into context This middleware is non-blocking - it will set context values if found, but will not reject requests (use RequireVerified for that)

func (*Middleware) RequireAMLClear 

func (m *Middleware) RequireAMLClear() func(next func(forge.Context) error) func(forge.Context) error

RequireAMLClear enforces that AML screening is complete and clear

func (*Middleware) RequireAge 

func (m *Middleware) RequireAge(minimumAge int) func(next func(forge.Context) error) func(forge.Context) error

RequireAge enforces minimum age requirement

func (*Middleware) RequireDocumentVerified 

func (m *Middleware) RequireDocumentVerified() func(next func(forge.Context) error) func(forge.Context) error

RequireDocumentVerified enforces that document verification is complete

func (*Middleware) RequireLivenessVerified 

func (m *Middleware) RequireLivenessVerified() func(next func(forge.Context) error) func(forge.Context) error

RequireLivenessVerified enforces that liveness detection is complete

func (*Middleware) RequireNotBlocked 

func (m *Middleware) RequireNotBlocked() func(next func(forge.Context) error) func(forge.Context) error

RequireNotBlocked ensures the user is not blocked from verification

func (*Middleware) RequireVerificationLevel 

func (m *Middleware) RequireVerificationLevel(level string) func(next func(forge.Context) error) func(forge.Context) error

RequireVerificationLevel enforces a specific verification level Levels: none, basic, enhanced, full

func (*Middleware) RequireVerified 

func (m *Middleware) RequireVerified() func(next func(forge.Context) error) func(forge.Context) error

RequireVerified enforces that the user must be verified

type OnfidoConfig 

type OnfidoConfig struct {
	Enabled      bool   `json:"enabled" yaml:"enabled"`
	APIToken     string `json:"apiToken" yaml:"apiToken"`
	Region       string `json:"region" yaml:"region"` // us, eu, ca
	WebhookToken string `json:"webhookToken" yaml:"webhookToken"`

	// Check configuration
	DocumentCheck DocumentCheckConfig `json:"documentCheck" yaml:"documentCheck"`
	FacialCheck   FacialCheckConfig   `json:"facialCheck" yaml:"facialCheck"`

	// Workflow
	WorkflowID string `json:"workflowId" yaml:"workflowId"` // Predefined Onfido workflow

	// Reports
	IncludeDocumentReport  bool `json:"includeDocumentReport" yaml:"includeDocumentReport"`
	IncludeFacialReport    bool `json:"includeFacialReport" yaml:"includeFacialReport"`
	IncludeWatchlistReport bool `json:"includeWatchlistReport" yaml:"includeWatchlistReport"`
}

OnfidoConfig holds Onfido-specific configuration

type OnfidoProvider 

type OnfidoProvider struct {
	// contains filtered or unexported fields
}

OnfidoProvider implements the Provider interface for Onfido

func NewOnfidoProvider 

func NewOnfidoProvider(config OnfidoConfig) (*OnfidoProvider, error)

NewOnfidoProvider creates a new Onfido provider

func (*OnfidoProvider) CreateSession 

func (p *OnfidoProvider) CreateSession(ctx context.Context, req *ProviderSessionRequest) (*ProviderSession, error)

CreateSession creates an Onfido verification session

func (*OnfidoProvider) GetCheck 

func (p *OnfidoProvider) GetCheck(ctx context.Context, checkID string) (*ProviderCheckResult, error)

GetCheck retrieves an Onfido check result

func (*OnfidoProvider) GetProviderName 

func (p *OnfidoProvider) GetProviderName() string

GetProviderName returns the provider name

func (*OnfidoProvider) GetSession 

func (p *OnfidoProvider) GetSession(ctx context.Context, sessionID string) (*ProviderSession, error)

GetSession retrieves an Onfido session status

func (*OnfidoProvider) ParseWebhook 

func (p *OnfidoProvider) ParseWebhook(payload []byte) (*WebhookPayload, error)

ParseWebhook parses an Onfido webhook payload

func (*OnfidoProvider) VerifyWebhook 

func (p *OnfidoProvider) VerifyWebhook(signature, payload string) (bool, error)

VerifyWebhook verifies an Onfido webhook signature

type Plugin 

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin implements the identity verification plugin

func NewPlugin 

func NewPlugin() *Plugin

NewPlugin creates a new identity verification plugin

func (*Plugin) Description 

func (p *Plugin) Description() string

Description returns the plugin description

func (*Plugin) GetConfig 

func (p *Plugin) GetConfig() Config

GetConfig returns the plugin configuration

func (*Plugin) GetHandler 

func (p *Plugin) GetHandler() *Handler

GetHandler returns the HTTP handler

func (*Plugin) GetMiddleware 

func (p *Plugin) GetMiddleware() *Middleware

GetMiddleware returns the verification middleware

func (*Plugin) GetService 

func (p *Plugin) GetService() *Service

GetService returns the verification service

func (*Plugin) ID 

func (p *Plugin) ID() string

ID returns the plugin ID

func (*Plugin) Init 

func (p *Plugin) Init(container interface{}) error

Init initializes the plugin

func (*Plugin) IsEnabled 

func (p *Plugin) IsEnabled() bool

IsEnabled returns whether the plugin is enabled

func (*Plugin) Middleware 

func (p *Plugin) Middleware() func(next func(forge.Context) error) func(forge.Context) error

Middleware returns the LoadVerificationStatus middleware function This is a convenience method for registering the middleware with Forge

func (*Plugin) Migrate 

func (p *Plugin) Migrate() error

Migrate runs database migrations for the plugin

func (*Plugin) Name 

func (p *Plugin) Name() string

Name returns the plugin name

func (*Plugin) RegisterRoutes 

func (p *Plugin) RegisterRoutes(router forge.Router) error

RegisterRoutes registers the plugin routes

func (*Plugin) Version 

func (p *Plugin) Version() string

Version returns the plugin version

type Provider 

type Provider interface {
	// CreateSession creates a verification session with the provider
	CreateSession(ctx context.Context, req *ProviderSessionRequest) (*ProviderSession, error)

	// GetSession retrieves session status from the provider
	GetSession(ctx context.Context, sessionID string) (*ProviderSession, error)

	// GetCheck retrieves a verification check result
	GetCheck(ctx context.Context, checkID string) (*ProviderCheckResult, error)

	// VerifyWebhook verifies a webhook signature
	VerifyWebhook(signature, payload string) (bool, error)

	// ParseWebhook parses a webhook payload
	ParseWebhook(payload []byte) (*WebhookPayload, error)

	// GetProviderName returns the provider name
	GetProviderName() string
}

Provider interface for KYC providers

type ProviderCheckResult 

type ProviderCheckResult struct {
	ID              string
	Type            string // document, liveness, aml
	Status          string
	Result          string // clear, consider, rejected
	SubResults      []CheckSubResult
	Properties      map[string]interface{}
	RiskScore       int
	ConfidenceScore int

	// Document-specific
	DocumentType    string
	DocumentCountry string
	DocumentNumber  string
	DocumentExpiry  *time.Time
	IsDocumentValid bool

	// Personal data extraction
	FirstName   string
	LastName    string
	DateOfBirth *time.Time
	Gender      string
	Nationality string

	// Liveness-specific
	IsLive        bool
	LivenessScore int

	// AML-specific
	IsOnSanctionsList bool
	IsPEP             bool
	Matches           []AMLMatch

	CreatedAt   time.Time
	CompletedAt *time.Time
}

ProviderCheckResult represents the result of a provider check

type ProviderSession 

type ProviderSession struct {
	ID        string
	URL       string // URL for the user to complete verification
	Token     string // Session token
	Status    string
	ExpiresAt time.Time
	CreatedAt time.Time
}

ProviderSession represents a provider verification session

type ProviderSessionRequest 

type ProviderSessionRequest struct {
	// V2 Context
	AppID          xid.ID
	EnvironmentID  *xid.ID
	OrganizationID xid.ID
	UserID         xid.ID

	// Session configuration
	RequiredChecks []string
	SuccessURL     string
	CancelURL      string
	Metadata       map[string]interface{}
}

ProviderSessionRequest represents a provider session creation request

type Repository 

type Repository interface {
	// Identity Verification CRUD
	CreateVerification(ctx context.Context, verification *schema.IdentityVerification) error
	GetVerificationByID(ctx context.Context, appID xid.ID, id string) (*schema.IdentityVerification, error)
	GetVerificationsByUserID(ctx context.Context, appID xid.ID, userID xid.ID, limit, offset int) ([]*schema.IdentityVerification, error)
	GetVerificationsByOrgID(ctx context.Context, appID xid.ID, orgID xid.ID, limit, offset int) ([]*schema.IdentityVerification, error)
	UpdateVerification(ctx context.Context, verification *schema.IdentityVerification) error
	DeleteVerification(ctx context.Context, appID xid.ID, id string) error

	// Query methods
	GetLatestVerificationByUser(ctx context.Context, appID xid.ID, userID xid.ID) (*schema.IdentityVerification, error)
	GetVerificationByProviderCheckID(ctx context.Context, appID xid.ID, providerCheckID string) (*schema.IdentityVerification, error)
	GetVerificationsByStatus(ctx context.Context, appID xid.ID, status string, limit, offset int) ([]*schema.IdentityVerification, error)
	GetVerificationsByType(ctx context.Context, appID xid.ID, verificationType string, limit, offset int) ([]*schema.IdentityVerification, error)
	CountVerificationsByUser(ctx context.Context, appID xid.ID, userID xid.ID, since time.Time) (int, error)
	GetExpiredVerifications(ctx context.Context, appID xid.ID, before time.Time, limit int) ([]*schema.IdentityVerification, error)

	// Document operations
	CreateDocument(ctx context.Context, document *schema.IdentityVerificationDocument) error
	GetDocumentByID(ctx context.Context, appID xid.ID, id string) (*schema.IdentityVerificationDocument, error)
	GetDocumentsByVerificationID(ctx context.Context, appID xid.ID, verificationID string) ([]*schema.IdentityVerificationDocument, error)
	UpdateDocument(ctx context.Context, document *schema.IdentityVerificationDocument) error
	DeleteDocument(ctx context.Context, appID xid.ID, id string) error
	GetDocumentsForDeletion(ctx context.Context, appID xid.ID, before time.Time, limit int) ([]*schema.IdentityVerificationDocument, error)

	// Session operations
	CreateSession(ctx context.Context, session *schema.IdentityVerificationSession) error
	GetSessionByID(ctx context.Context, appID xid.ID, id string) (*schema.IdentityVerificationSession, error)
	GetSessionsByUserID(ctx context.Context, appID xid.ID, userID xid.ID, limit, offset int) ([]*schema.IdentityVerificationSession, error)
	UpdateSession(ctx context.Context, session *schema.IdentityVerificationSession) error
	DeleteSession(ctx context.Context, appID xid.ID, id string) error
	GetExpiredSessions(ctx context.Context, appID xid.ID, before time.Time, limit int) ([]*schema.IdentityVerificationSession, error)

	// User verification status
	CreateUserVerificationStatus(ctx context.Context, status *schema.UserVerificationStatus) error
	GetUserVerificationStatus(ctx context.Context, appID xid.ID, orgID xid.ID, userID xid.ID) (*schema.UserVerificationStatus, error)
	UpdateUserVerificationStatus(ctx context.Context, status *schema.UserVerificationStatus) error
	DeleteUserVerificationStatus(ctx context.Context, appID xid.ID, orgID xid.ID, userID xid.ID) error
	GetUsersRequiringReverification(ctx context.Context, appID xid.ID, limit int) ([]*schema.UserVerificationStatus, error)
	GetUsersByVerificationLevel(ctx context.Context, appID xid.ID, level string, limit, offset int) ([]*schema.UserVerificationStatus, error)
	GetBlockedUsers(ctx context.Context, appID xid.ID, limit, offset int) ([]*schema.UserVerificationStatus, error)

	// Analytics and reporting - Returns map[string]interface{} for flexibility
	GetVerificationStats(ctx context.Context, appID xid.ID, orgID xid.ID, from, to time.Time) (map[string]interface{}, error)
	GetProviderStats(ctx context.Context, appID xid.ID, provider string, from, to time.Time) (map[string]interface{}, error)
}

Repository defines the interface for identity verification data operations Updated for V2 architecture with App → Environment → Organization hierarchy

type ReverifyRequest 

type ReverifyRequest struct {
	Reason string `json:"reason,omitempty"`
}

ReverifyRequest represents a request for re-verification

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service handles identity verification operations

func NewService 

func NewService(
	repo Repository,
	config Config,
	auditService *audit.Service,
	webhookService *webhook.Service,
) (*Service, error)

NewService creates a new identity verification service

func (*Service) BlockUser 

func (s *Service) BlockUser(ctx context.Context, appID xid.ID, orgID xid.ID, userID xid.ID, reason string) error

BlockUser blocks a user from verification with V2 context

func (*Service) CreateVerification 

func (s *Service) CreateVerification(ctx context.Context, req *CreateVerificationRequest) (*schema.IdentityVerification, error)

CreateVerification creates a new verification record with V2 context

func (*Service) CreateVerificationSession 

func (s *Service) CreateVerificationSession(ctx context.Context, req *CreateSessionRequest) (*schema.IdentityVerificationSession, error)

CreateVerificationSession creates a new verification session for a user with V2 context

func (*Service) GetUserVerificationStatus 

func (s *Service) GetUserVerificationStatus(ctx context.Context, appID xid.ID, orgID xid.ID, userID xid.ID) (*schema.UserVerificationStatus, error)

GetUserVerificationStatus retrieves the verification status for a user with V2 context

func (*Service) GetUserVerifications 

func (s *Service) GetUserVerifications(ctx context.Context, appID xid.ID, userID xid.ID, limit, offset int) ([]*schema.IdentityVerification, error)

GetUserVerifications retrieves all verifications for a user with V2 context

func (*Service) GetVerification 

func (s *Service) GetVerification(ctx context.Context, appID xid.ID, id string) (*schema.IdentityVerification, error)

GetVerification retrieves a verification by ID with V2 context

func (*Service) GetVerificationSession 

func (s *Service) GetVerificationSession(ctx context.Context, appID xid.ID, sessionID string) (*schema.IdentityVerificationSession, error)

GetVerificationSession retrieves a verification session with V2 context

func (*Service) ProcessVerificationResult 

func (s *Service) ProcessVerificationResult(ctx context.Context, appID xid.ID, verificationID string, result *VerificationResult) error

ProcessVerificationResult processes the result from a provider with V2 context

func (*Service) RequestReverification 

func (s *Service) RequestReverification(ctx context.Context, appID xid.ID, orgID xid.ID, userID xid.ID, reason string) error

RequestReverification initiates a re-verification for a user with V2 context

func (*Service) UnblockUser 

func (s *Service) UnblockUser(ctx context.Context, appID xid.ID, orgID xid.ID, userID xid.ID) error

UnblockUser unblocks a user with V2 context

type StatusResponse 

type StatusResponse = responses.StatusResponse

type StripeIdentityConfig 

type StripeIdentityConfig struct {
	Enabled       bool   `json:"enabled" yaml:"enabled"`
	APIKey        string `json:"apiKey" yaml:"apiKey"`
	WebhookSecret string `json:"webhookSecret" yaml:"webhookSecret"`

	// Verification options
	RequireLiveCapture bool     `json:"requireLiveCapture" yaml:"requireLiveCapture"`
	AllowedTypes       []string `json:"allowedTypes" yaml:"allowedTypes"` // document, id_number

	// Document options
	RequireMatchingSelfie bool `json:"requireMatchingSelfie" yaml:"requireMatchingSelfie"`

	// Return URL
	ReturnURL string `json:"returnUrl" yaml:"returnUrl"`

	// Testing
	UseMock bool `json:"useMock" yaml:"useMock"` // Use mock implementation for testing/development
}

StripeIdentityConfig holds Stripe Identity-specific configuration

type StripeIdentityProvider 

type StripeIdentityProvider struct {
	// contains filtered or unexported fields
}

StripeIdentityProvider implements the Provider interface for Stripe Identity

func NewStripeIdentityProvider 

func NewStripeIdentityProvider(config StripeIdentityConfig) (*StripeIdentityProvider, error)

NewStripeIdentityProvider creates a new Stripe Identity provider

func (*StripeIdentityProvider) CreateSession 

func (p *StripeIdentityProvider) CreateSession(ctx context.Context, req *ProviderSessionRequest) (*ProviderSession, error)

CreateSession creates a Stripe Identity verification session

func (*StripeIdentityProvider) GetCheck 

func (p *StripeIdentityProvider) GetCheck(ctx context.Context, sessionID string) (*ProviderCheckResult, error)

GetCheck retrieves a Stripe Identity verification result

func (*StripeIdentityProvider) GetProviderName 

func (p *StripeIdentityProvider) GetProviderName() string

GetProviderName returns the provider name

func (*StripeIdentityProvider) GetSession 

func (p *StripeIdentityProvider) GetSession(ctx context.Context, sessionID string) (*ProviderSession, error)

GetSession retrieves a Stripe Identity verification session status

func (*StripeIdentityProvider) ParseWebhook 

func (p *StripeIdentityProvider) ParseWebhook(payload []byte) (*WebhookPayload, error)

ParseWebhook parses a Stripe webhook payload

func (*StripeIdentityProvider) VerifyWebhook 

func (p *StripeIdentityProvider) VerifyWebhook(signature, payload string) (bool, error)

VerifyWebhook verifies a Stripe webhook signature

type SuccessResponse 

type SuccessResponse = responses.SuccessResponse

type UnblockUserRequest 

type UnblockUserRequest struct {
}

UnblockUserRequest represents admin request to unblock a user

type UserVerificationStatusResponse 

type UserVerificationStatusResponse struct {
	Status *base.UserVerificationStatus `json:"status"`
}

UserVerificationStatusResponse represents a user's verification status

type VerificationListResponse 

type VerificationListResponse struct {
	Verifications []*base.IdentityVerification `json:"verifications"`
	Limit         int                          `json:"limit"`
	Offset        int                          `json:"offset"`
	Total         int                          `json:"total,omitempty"`
}

VerificationListResponse represents a list of verifications with pagination

type VerificationResponse 

type VerificationResponse struct {
	Verification *base.IdentityVerification `json:"verification"`
}

VerificationResponse represents a single verification response

type VerificationResult 

type VerificationResult struct {
	Status           string
	IsVerified       bool
	RiskScore        int
	RiskLevel        string
	ConfidenceScore  int
	RejectionReasons []string
	FailureReason    string
	ProviderData     map[string]interface{}

	// Personal information
	FirstName       string
	LastName        string
	DateOfBirth     *time.Time
	DocumentNumber  string
	DocumentCountry string
	Nationality     string
	Gender          string

	// AML/Sanctions
	IsOnSanctionsList bool
	IsPEP             bool
	SanctionsDetails  string

	// Liveness
	LivenessScore int
	IsLive        bool
}

VerificationResult represents the result from a provider

type VerificationSessionResponse 

type VerificationSessionResponse struct {
	Session *base.IdentityVerificationSession `json:"session"`
}

VerificationSessionResponse represents a single verification session response

type WebhookPayload 

type WebhookPayload struct {
	EventType  string
	CheckID    string
	SessionID  string
	Status     string
	Result     *ProviderCheckResult
	Timestamp  time.Time
	RawPayload map[string]interface{}
}

WebhookPayload represents a parsed webhook from a provider

type WebhookResponse 

type WebhookResponse struct {
	Received        bool   `json:"received"`
	ProcessedStatus string `json:"status,omitempty"`
}

WebhookResponse represents a webhook processing response

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.