• 中文说明

SDID is a Chrome extension that helps teams manage decentralized identities for passwordless and passkey-first workflows. Generate DID key pairs, sign login challenges, store fallback secrets, and approve dapp requests directly from the browser toolbar.

• DID key management & signing – generate P-256 key pairs per identity, expose the DID, and sign login challenges for dapps.
• Per-site authorization control – remember approved origins for one-click logins, or revoke them later from the options page.
• Role-aware metadata – capture roles, domains, tags, and notes to describe responsibilities or access boundaries.
• Secure storage & backup – all identity data (including keys) lives in encrypted Chrome sync storage with JSON import/export support.
• Autofill fallback – keep optional usernames/passwords for legacy systems and inject them into the current tab in one click.
• Verifiable DID auth proofs – login responses ship with a canonicalized payload and W3C-style proof so relying parties can audit who signed what.
• Language toggle – switch between English and Chinese across the popup, options page, and approval overlays with a single tap.
• Minimal interface – refreshed visual styling inspired by Google/Apple design language: light surfaces, clean lines, and focused typography.
• Demo dApp – the /demo folder hosts a ready-to-run site that requests SDID login and verifies the returned signature.

Web apps can call SDID from the page context and receive a streamlined confirmation dialog that mirrors popular wallet-to-dapp experiences. The sheet lets the user pick an identity, review roles and DID details, and optionally remember the requesting origin. Once confirmed, SDID produces a canonical authentication payload, signs it with the identity’s private key, attaches a W3C-style proof object, and (when possible) fills matching username/password fields automatically.

1. Ensure the SDID extension is installed and the user has saved at least one identity.
2. From the web app, call window.SDID.requestLogin() with a challenge string, optional message, and optional preferred identity ID.
3. Wait for the promise to resolve. On success you receive sanitized identity details, a base64 signature of the challenge, autofill status, and authorization metadata; on rejection the user dismissed or denied the request.

<script>
  async function connectToSdid() {
    try {
      const challenge = `demo-${Date.now().toString(16)}-${Math.random().toString(16).slice(2)}`;
      const response = await window.SDID.requestLogin({
        message: 'Connect Example dApp to SDID',
        challenge,
      });
      console.log('SDID identity granted', response.identity);
      console.log('Proof metadata', response.proof);

      const canonicalRequest = response.authentication?.canonicalRequest || response.challenge;
      console.log('Canonical payload', response.authentication?.payload);
      // If you need to re-create the canonical string, reuse the JSON canonicalization logic from the extension.

      const publicKey = await crypto.subtle.importKey(
        'jwk',
        response.identity.publicKeyJwk,
        { name: 'ECDSA', namedCurve: 'P-256' },
        false,
        ['verify']
      );
      const signatureBytes = Uint8Array.from(atob(response.signature), (char) => char.charCodeAt(0));
      const verified = await crypto.subtle.verify(
        { name: 'ECDSA', hash: { name: 'SHA-256' } },
        publicKey,
        signatureBytes,
        new TextEncoder().encode(canonicalRequest)
      );
      console.log('Signature verified?', verified);
      // response.fill contains autofill status for traditional login forms
    } catch (error) {
      console.error('SDID login denied', error);
    }
  }
</script>

The request/response messages use window.postMessage under the hood. If you implement your own bridge, be sure to filter events by event.data.type === 'SDID_LOGIN_RESULT'.

When the bridge loads it dispatches a sdid#initialized event, so apps can wait for window.SDID before calling requestLogin.

The repository ships with a static demo site located in the demo/ folder. It exercises the new DID flow by generating a challenge, requesting approval, and verifying the returned signature.

Run any static file server pointed at the demo directory, then open the site in Chrome with the extension loaded:

npx serve demo
# or
python -m http.server --directory demo

Use the Connect with SDID button to trigger the approval flow. The page will show the returned identity payload and whether the signature verifies against the supplied challenge.

1. Open chrome://extensions/ in Chrome.
2. Enable Developer mode in the top right corner.
3. Choose Load unpacked and select the extension folder from this repository.
4. Pin the “SDID Identity Manager” extension to your toolbar for quick access.
5. Open the SDID popup on the dapp page and click Enable for this site to grant runtime access and inject the DID bridge immediately.

• Use the toolbar popup to search identities, copy DIDs or public keys, autofill legacy credentials, and revoke the current site’s authorization with one click.
• Open the Manage button in the popup (or right-click the toolbar icon and choose Options) to create identities, generate or rotate DID key pairs, reveal or copy private keys, and review per-site authorization history.
• If you are new to the tool, press Create demo identities to load sample DIDs that showcase roles, notes, and authorized sites.

The extension is built with Manifest V3 and plain JavaScript. You can customize it by editing the files inside the extension/ directory. No build step is required – reload the extension in Chrome after saving changes.

This project is released under the MIT License. See LICENSE for details.