Created using remix-ide: Realtime Ethereum Contract Compiler and Runtime. Load this file by pasting this gists URL or ID at https://remix.ethereum.org/#version=soljson-v0.8.7+commit.e28d00a7.js&optimize=false&runs=200&gist=

README.txt

See https://github.com/trustfractal/web3-identity/

CredentialVerifier.sol

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.12;

import "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol";
import "@openzeppelin/contracts/utils/Strings.sol";

contract CredentialVerifier {

    modifier requiresCredential(
        string memory expectedCredential,
        bytes calldata proof,
        uint validUntil,
        uint approvedAt,
        uint maxAge
    ) {
        require (
            block.timestamp < validUntil,
            "Credential no longer valid"
        );

        require (
            maxAge == 0 || block.timestamp < approvedAt + maxAge,
            "Approval not recent enough"
        );

        string memory sender = Strings.toHexString(uint256(uint160(msg.sender)), 20);
        
        require(
            SignatureChecker.isValidSignatureNow(
                0x559FfB9C4AB5A552Ed2Ea814A84e74D4CFA21d34,
                ECDSA.toEthSignedMessageHash(abi.encodePacked(Strings.toString(validUntil), ";", Strings.toString(approvedAt), ";", sender, ";", expectedCredential)),
                proof
            ),
            "Signature doesn't match"
        );
        
        _;
    }
}

Main.sol

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.12;

import "./CredentialVerifier.sol";

contract Main is CredentialVerifier {
    function main(
        /* your transaction arguments go here */
        bytes calldata proof,
        uint validUntil,
        uint approvedAt
    ) external requiresCredential("plus;not:ca,de,us", proof, validUntil, approvedAt, 15724800) {
        /* your transaction logic goes here */
    }
}