bankroll.identity() resolves a signed identity token — a JWT scoped to
your app. Use it to know who the user is: their stable id, their Bankroll
handle, region, and verified age. Send it to your server and verify it there
before trusting anything in it.
identity() as often as
you like.
The promise rejects with a BankrollError —
consent_declined if the user declines the consent prompt, unavailable /
update_required outside a current Bankroll host.
Send it to your server
The token travels in thex-bankroll-token header. Decorate fetch once and
every request carries it:
'unavailable') requests go out bare and your server
responds 401. Any other failure — including a consent decline — propagates; it
is never silently downgraded to a bare request.
Verify it on your server
Never trust an identity token that hasn’t been verified. In Node,verifyToken
is the entire route guard:
null/undefined and returns null on any failure, so one if (!verified)
covers missing, forged, expired, and wrong-app tokens alike.
On other stacks, verify the JWT directly:
| What | Value |
|---|---|
| Algorithm | RS256 |
| Public keys (JWKS) | https://joinbankroll.com/.well-known/jwks.json |
Issuer (iss) | https://joinbankroll.com |
Audience (aud) | Your app’s origin (e.g. https://acme.example) |
Claims
A verified token gives you:| Claim | Always present | Meaning |
|---|---|---|
sub | Yes | The user’s stable id. Use it as the primary key for the user on your platform. |
iss | Yes | Always https://joinbankroll.com. |
aud | Yes | Your app’s origin. |
iat / exp | Yes | Issued-at and expiry. Tokens are short-lived (~15 minutes); the SDK re-mints automatically. |
username | No | The user’s Bankroll handle. Omitted if they haven’t set one. |
geo | No | The user’s region as an ISO 3166-2 code (e.g. US-NY), or a bare country code (US) when only the country is known. Omitted if unresolvable. |
identity | No | Identity-verification result — three states. Absent: the user has never been through verification. false: verification was rejected. Object: verified — { "age": <number> }, with age omitted if their date of birth isn’t on file. |
Wire name: in the raw JWT this claim is delivered as
kyc. The SDK’s
verifyToken reads either name and always exposes it as identity; if you
verify raw JWTs on another stack, read identity ?? kyc.Optional claims are omitted, never set to
null — test for presence.Gating eligibility
For real-money play, compute eligibility on your server from the verified token — never from an unverified client value:typeof verified.identity === "object"— the user has cleared identity verification. Don’t gate on mere presence: a rejected user’s value isfalse, which is present too. Absent means they haven’t verified yet.verified.identity.age— the user’s verified age, for age-restricted play.verified.geo— the user’s region, for where-you-can-play rules.
Handling a decline
A user declining the consent prompt is a normal choice, not an error.identity() rejects with a BankrollError whose code is consent_declined —
catch it and show your own “connect to continue” state rather than surfacing an
error.