Disclosures

# Disclosures Disclosures control what information users reveal during identity verification. You configure them in the frontend `disclosures` object, which contains two types of settings: 1. **Verification Requirements** - conditions that must be met (must match backend) 2. **Disclosure Requests** - information users will reveal (frontend only) ## Verification Requirements These settings define verification conditions and must match your backend `verification_config`: ### `minimumAge` Verifies user is at least this age without revealing exact age or date of birth. ```javascript disclosures: { minimumAge: 18, // User must be 18 or older } ``` ### `excludedCountries` Blocks users from specific countries using [ISO 3-letter country codes](https://www.iso.org/obp/ui/#search). ```javascript disclosures: { excludedCountries: ['IRN', 'PRK'], // Block Iran and North Korea } ``` :::note The maximum amount of excluded countries you can specify is 40. Any more than this will cause proofs to fail verification on the Self App. ::: ### `ofac` Enables OFAC (sanctions) checking against official watchlists. ```javascript disclosures: { ofac: true, // Enable sanctions checking } ``` ## Disclosure Requests These settings specify what information users will reveal. Configure only in frontend - backend receives this data automatically. ### Personal Information * **`name`**: User's full name from the verified document * **`nationality`**: User's nationality * **`gender`**: User's gender (M/F) * **`date_of_birth`**: Full date of birth ### Document Information * **`passport_number`**: Document number (use carefully for privacy) * **`expiry_date`**: Document expiry date * **`issuing_state`**: Country that issued the document ## Example Configuration ```javascript disclosures: { // Verification requirements (must match backend) minimumAge: 21, excludedCountries: ['IRN'], ofac: true, // Disclosure requests (frontend only) nationality: true, gender: true, name: false, // Don't request name date_of_birth: true, passport_number: false, // Don't request for privacy } ``` ## Verification Result When verification succeeds, disclosed information is available in `result.discloseOutput`: ```javascript const result = await selfBackendVerifier.verify(/*...*/); if (result.isValidDetails.isValid) { const data = result.discloseOutput; console.log(data.nationality); // "USA" (if requested) console.log(data.gender); // "M" or "F" (if requested) console.log(data.olderThan); // "18" (if minimumAge set) console.log(data.name); // undefined (if not requested) } ``` ## Frontend & Backend Alignment :::warning **Critical**: The verification rules in your frontend `disclosures` object **must exactly match** the configuration in your backend `SelfBackendVerifier` or smart contract. A mismatch — even a stricter value — will cause verification to fail. ::: For example, if the backend requires `minimumAge: 18` but the frontend specifies `minimumAge: 21`, verification will fail. The values must be identical, not just compatible. :::tip **Best practice**: Centralize your disclosure config in a shared constants file and import it into both frontend and backend to avoid drift. ::: :::note Data disclosures (`nationality`, `gender`, `name`, etc.) are **not** enforced by your backend or contracts — they only control what data the user reveals. Only verification rules (`minimumAge`, `excludedCountries`, `ofac`) need to match. ::: ## Privacy Best Practices * **Request only what you need**: Each disclosure reveals personal information * **Avoid sensitive fields**: Be cautious with `passport_number` and `name` * **Consider alternatives**: Use `minimumAge` instead of `date_of_birth` for age verification * **Store carefully**: Implement proper data protection for disclosed information ## Common Use Cases **Age verification only:** ```javascript disclosures: { minimumAge: 18, // No personal data revealed } ``` **Basic identity with nationality:** ```javascript disclosures: { minimumAge: 18, nationality: true, gender: true, } ``` **Complete identity verification:** ```javascript disclosures: { minimumAge: 21, ofac: true, nationality: true, name: true, date_of_birth: true, } ```

Disclosures control what information users reveal during identity verification. You configure them in the frontend disclosures object, which contains two types of settings:

Verification Requirements - conditions that must be met (must match backend)
Disclosure Requests - information users will reveal (frontend only)

Verification Requirements

These settings define verification conditions and must match your backend verification_config:

`minimumAge`

Verifies user is at least this age without revealing exact age or date of birth.

disclosures: {
  minimumAge: 18, // User must be 18 or older
}

`excludedCountries`

Blocks users from specific countries using ISO 3-letter country codes.

disclosures: {
  excludedCountries: ['IRN', 'PRK'], // Block Iran and North Korea
}

`ofac`

Enables OFAC (sanctions) checking against official watchlists.

disclosures: {
  ofac: true, // Enable sanctions checking
}

Disclosure Requests

These settings specify what information users will reveal. Configure only in frontend - backend receives this data automatically.

Personal Information

name: User’s full name from the verified document
nationality: User’s nationality
gender: User’s gender (M/F)
date_of_birth: Full date of birth

Document Information

passport_number: Document number (use carefully for privacy)
expiry_date: Document expiry date
issuing_state: Country that issued the document

Example Configuration

disclosures: {
  // Verification requirements (must match backend)
  minimumAge: 21,
  excludedCountries: ['IRN'],
  ofac: true,

  // Disclosure requests (frontend only)
  nationality: true,
  gender: true,
  name: false,           // Don't request name
  date_of_birth: true,
  passport_number: false, // Don't request for privacy
}

Verification Result

When verification succeeds, disclosed information is available in result.discloseOutput:

const result = await selfBackendVerifier.verify(/*...*/);
if (result.isValidDetails.isValid) {
  const data = result.discloseOutput;

  console.log(data.nationality);    // "USA" (if requested)
  console.log(data.gender);         // "M" or "F" (if requested)
  console.log(data.olderThan);      // "18" (if minimumAge set)
  console.log(data.name);           // undefined (if not requested)
}

Frontend & Backend Alignment

For example, if the backend requires minimumAge: 18 but the frontend specifies minimumAge: 21, verification will fail. The values must be identical, not just compatible.

Privacy Best Practices

Request only what you need: Each disclosure reveals personal information
Avoid sensitive fields: Be cautious with passport_number and name
Consider alternatives: Use minimumAge instead of date_of_birth for age verification
Store carefully: Implement proper data protection for disclosed information

Common Use Cases

Age verification only:

disclosures: {
  minimumAge: 18, // No personal data revealed
}

Basic identity with nationality:

disclosures: {
  minimumAge: 18,
  nationality: true,
  gender: true,
}

Complete identity verification:

disclosures: {
  minimumAge: 21,
  ofac: true,
  nationality: true,
  name: true,
  date_of_birth: true,
}