- user_rejected |
+ user_rejected |
User cancelled in World App. |
Treat as user cancellation, allow retry. |
- verification_rejected |
+ verification_rejected |
Legacy rejection code (older bridge/app behavior). |
Handle same as user_rejected. |
- credential_unavailable |
+ credential_unavailable |
Requested credential type is not available for that user. |
Offer fallback credential policy or explain requirement. |
- world_id_4_not_available |
+ world_id_4_not_available |
World ID 4.0 credential is not available for that user. |
Use a compatible fallback request or explain the World ID 4.0 requirement. |
- world_id_3_not_available |
+ world_id_3_not_available |
World ID 3.0 credential is not available for that user. |
Use a compatible fallback request or explain the World ID 3.0 requirement. |
- malformed_request |
+ malformed_request |
Payload or configuration is invalid. |
Check app_id, rp_context, and request shape. |
- invalid_network |
+ invalid_network |
Environment mismatch between app config and World App context. |
Align staging/production settings. |
- inclusion_proof_pending |
+ inclusion_proof_pending |
Credential inclusion data is not ready yet. |
Retry later. |
- inclusion_proof_failed |
+ inclusion_proof_failed |
Inclusion proof retrieval failed. |
Retry; if repeated, treat as operational incident. |
- unexpected_response |
+ unexpected_response |
Malformed or unsupported bridge/app response. |
Log diagnostics and retry once. |
- connection_failed |
+ connection_failed |
Could not establish/maintain bridge communication. |
Check connectivity and bridge reachability. |
- max_verifications_reached |
+ max_verifications_reached |
Action already verified the maximum allowed number of times. |
Treat as terminal business-rule outcome. |
- failed_by_host_app |
+ failed_by_host_app |
Host app callback failed while processing a successful proof. |
Fix host callback/backend logic and retry. |
- invalid_rp_signature |
+ invalid_rp_signature |
RP signature could not be verified. |
Check the RP signing key, nonce, timestamps, action, and signed message. |
- nullifier_replayed |
+ nullifier_replayed |
Nullifier was already used for this action. |
Treat as an already-verified outcome; do not retry the same action as a new verification. |
- duplicate_nonce |
+ duplicate_nonce |
RP reused a signature nonce. |
Generate a fresh nonce and signed RP context for each request. |
- unknown_rp |
+ unknown_rp |
RP is not known to the registry. |
Check the registered RP ID and app configuration. |
- inactive_rp |
+ inactive_rp |
RP is registered but inactive. |
Reactivate or reconfigure the RP before retrying. |
- timestamp_too_old |
+ timestamp_too_old |
RP request timestamp is too old. |
Generate a new signed RP context with a current timestamp. |
- timestamp_too_far_in_future |
+ timestamp_too_far_in_future |
RP request timestamp is too far in the future. |
Fix server clock skew and generate a new signed RP context. |
- invalid_timestamp |
+ invalid_timestamp |
RP request timestamp is invalid. |
Check timestamp format and regenerate the signed RP context. |
- rp_signature_expired |
+ rp_signature_expired |
RP signature has expired. |
Request a fresh RP signature before starting verification. |
- user_presence_failed |
+ user_presence_failed |
Required user-presence check was not completed. |
Let the user retry the request. |
- identity_attributes_not_matched |
+ identity_attributes_not_matched |
User identity attributes did not match the requested constraints. |
Show an eligibility fallback or adjust the requested attribute constraints. |
- generic_error |
+ generic_error |
Catch-all unknown failure. |
Log details and retry with backoff. |
- invalid_rp_id_format |
+ invalid_rp_id_format |
RP ID is malformed. |
Use the registered rp_... ID from your app configuration. |
- timeout |
+ timeout |
Client-side polling timeout. |
Extend timeout or let the user retry. |
- cancelled |
+ cancelled |
Client-side cancellation (abort/task cancel/user close). |
Treat as neutral cancellation path. |
From 8fd4714ccb87817ee63efdd9379087c3e3ce0fe3 Mon Sep 17 00:00:00 2001
From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com>
Date: Thu, 28 May 2026 13:10:16 +0300
Subject: [PATCH 4/5] update copy
---
world-id/idkit/credentials.mdx | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/world-id/idkit/credentials.mdx b/world-id/idkit/credentials.mdx
index 4203a28..e360829 100644
--- a/world-id/idkit/credentials.mdx
+++ b/world-id/idkit/credentials.mdx
@@ -142,21 +142,20 @@ const preset = selfieCheckLegacy({ signal: "user-123" });
```
-## Identity Check
+## Identity Check (Preview)
-Identity Check is for attesting properties about a user from document-backed credentials. You can request attributes such as:
+
+Identity Check lets your app ask the user to attest that document-backed attributes match your policy, without asking you to handle the underlying document data. Use it for eligibility checks such as minimum age, document type, issuing country, or nationality. You can request attributes such as:
| Attribute | Value type |
| --- | --- |
-| `document_type` | `"passport"` or `"eid"` |
+| `document_type` | `"passport"`, `"eid"` or `"mnc"` |
| `document_number` | `string` |
| `issuing_country` | ISO 3166-1 alpha-3 country code |
| `full_name` | `string` |
| `minimum_age` | `number` |
| `nationality` | ISO 3166-1 alpha-3 country code |
-Set `require_proof_of_humanity: true` when the identity attestation should also require Proof of Human.
-
```typescript title="JavaScript"
import { IDKit, identityCheck } from "@worldcoin/idkit-core";
@@ -166,7 +165,6 @@ const preset = identityCheck({
{ type: "document_type", value: "passport" },
{ type: "minimum_age", value: 18 },
],
- require_proof_of_humanity: true,
});
const request = await IDKit.request({
@@ -185,7 +183,6 @@ const preset = identityCheck({
{ type: "document_type", value: "passport" },
{ type: "minimum_age", value: 18 },
],
- require_proof_of_humanity: true,
});
```typescript title="JavaScript"
@@ -243,8 +242,6 @@ const preset = proofOfHuman({ signal: "user-123" });
```
-If the user does not complete the liveness step, the request fails with `user_presence_failed`.
-
## Other legacy presets
These presets only return World ID 3.0 proofs. Keep them for existing integrations or when you specifically need the older verification level.
From 2c7e47af65b0eb077c09af741da1d510bd7ad2aa Mon Sep 17 00:00:00 2001
From: Takis Kakalis <80459599+Takaros999@users.noreply.github.com>
Date: Thu, 28 May 2026 13:12:07 +0300
Subject: [PATCH 5/5] disclaimer
---
world-id/idkit/credentials.mdx | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/world-id/idkit/credentials.mdx b/world-id/idkit/credentials.mdx
index e360829..b18ea07 100644
--- a/world-id/idkit/credentials.mdx
+++ b/world-id/idkit/credentials.mdx
@@ -144,6 +144,10 @@ const preset = selfieCheckLegacy({ signal: "user-123" });
## Identity Check (Preview)
+
+ Identity Check is currently in preview. If you're interested in using or learning more about Identity Check, please contact us.
+
+
Identity Check lets your app ask the user to attest that document-backed attributes match your policy, without asking you to handle the underlying document data. Use it for eligibility checks such as minimum age, document type, issuing country, or nationality. You can request attributes such as: