Links

Problem

Every hire in the UK needs a right to work check, where their ID documents are checked.

This is currently a manual, tedious process for both the employer and the employee.

With COVID-19, performing document checks securely is more difficult.

What it does

checkr uses the Santander Digital Trust API to share verified data with the user's consent to automate the process of right to work checks.

This makes it:

  • Cheaper, as doesn’t require a person to manually repeat checks
  • Faster, as it doesn’t require finding physical documents
  • Easier, as can be completed at the new joiners’ convenience
  • Online, so not disrupted by COVID-19

How I built it

The front-end is an Angular web-app, which guides the user through the flow of verifying their right to work. It talks to a Node.js Express back-end to get the authorization URL and the user profile data. This back-end in turn communicates with the Santander Digital Trust servers using the DT TypeScript SDK.

Challenges I ran into

I initially struggled to register my application with the server. This was because I was submitting multiple redirect URIs which is not supported without using the sector_identifier_uri.

Additionally, getting the authorization callback redirect to return to the correct URL was difficult. As I am using static hosting without redirects, the callback URI must be exact. However, the Digital Trust implementation appears to append an extra forward slash to the url which results in a different path. (i.e. instead of callback.html we get callback.html/). To work around this, I used a folder with an index.html file so an extra / did not disrupt the location (callback -> callback/).

Accomplishments that I'm proud of

Getting the Digital Trust flow working took some time to get right but was very satisfying once it all worked. The digital-trust-example-journey sample came in very useful for seeing how the flow can be implemented.

Additionally, I spent time improving the error-handling on both the front and back-end to better handle cases where the flow is interrupted or the user decides not to share certain data. While still not perfect, it does significantly improve the user experience for users straying off the happy path.

Lastly, I'm proud of the security on the system - at least for a hackathon project. All communications are encrypted with HTTPS (generating my own certificates with Let's Encrypt), with the necessary reverse proxies on the back-end and the AWS resources hosting the project are set up following security best practices.

What I learned

I learnt how to use Angular for this project, having never previously used it before. Additionally, this is the first time I've tried using Santander's Digital Trust protocol and OpenID. I've found similarities between both of these with other technologies I've used before - Angular is similar in some ways to React, and OpenID is similar in some ways to OAuth 2.0.

What's next for checkr: Right to Work Checks using Digital Trust

checkr would next need to be extended with a portal for employers to request and see the result of checks. Additionally, user testing should be performed to ensure the system is easy-to-use and accessible for everyone.

About me

I'm Adam, a computer science student at the University of Warwick. I've done right to work checks before, and was surprised at how manual the process was - and seeing this Hackathon I thought the Santander Digital Trust Protocol was perfect for this!

Built With

Share this project:

Updates