Credential Verification

Verify Verifiable Credentials and Verifiable Presentations to ensure it is well formatted, tamper-evident, and authentic.

When receiving a credential in a form of Verifiable Credential and Verifiable Presentation, it is recommended that you verify the content to ensure that the data being shared is valid and authentic. Use the Credential Verification by Affinidi to do this.

Benefits of Credential Verification

  • Format Validation: Validates if the data shared adheres to the expected format and structure.
  • Authenticity Verification: Cryptographically verify the shared data to ensure it is tamper-evident and authentic.

How Credential Verification Works

The Credential Verification service verifies the Verifiable Credentials and Verifiable Presentations to validate and cryptographically verify the credentials’ conformance to the standard format and authenticity based on the proof provided in the credential.

sequenceDiagram
    actor User
    participant Website
    participant Credential Verification Service

    User->>Website: Shared a credential from Affinidi Vault
    Website->>Credential Verification Service: Verify the shared credential
    Note over Website, Credential Verification Service:  Verifiable Credential [JSON]
    Credential Verification Service->>Credential Verification Service: Cryptographically verify the credential
    Credential Verification Service->>Website: Response isValid
    Note over Credential Verification Service, Website:  returns false with list of errors if invalid
    Website->>Website: Process shared credentials
    Website->>User: Provide access

Verify Credentials using Affinidi Portal

To use the Credential Verification, go to the Credential Verification on the  Affinidi Portal under Services.

Credential Verification

The Credential Verifications requires two input:

  1. The type of Credentials you want to verify:

    • Verifiable Credentials
    • Verifiable Presentations
  2. The credential data that you want to verify, for example, the Verifiable Presentations sent by Affinidi Login:

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://schema.affinidi.com/EmailV1-0.jsonld"
  ],
  "id": "claimId:63b5d11c0d1b5566",
  "type": [
    "VerifiableCredential",
    "Email"
  ],
  "holder": {
    "id": "did:key:randomdid"
  },
  "credentialSubject": {
    "email": "non-existant-email@non-existant.com"
  },
  "credentialSchema": {
    "id": "https://schema.affinidi.com/EmailV1-0.json",
    "type": "JsonSchemaValidator2018"
  },
  "issuanceDate": "2024-05-29T14:11:46.408Z",
  "expirationDate": "2025-05-29T14:11:46.408Z",
  "issuer": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
  "proof": {
    "type": "EcdsaSecp256k1Signature2019",
    "created": "2024-05-29T14:11:46Z",
    "verificationMethod": "did:key:zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du#zQ3shiEH16wHAfbQSSuYB1Lc3KSQC31W4gkaXKa8PgCSz83du",
    "proofPurpose": "assertionMethod",
    "jws": "eyJhbGciOiJFUzI1NksiLCJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdfQ..qjCyJh3FgDkPNyh19NIICW8OR0w_OShLPqeORbAyOu88WOJWeQPbyFIHxCiQ9q3eaUvK0u4Rhd3oGrYkrqYcCQ"
  }
}

After providing the credential type and credential data, click on Submit button.

The service will respond with success if the credential is valid. If failed, the service will list the errors.

Credential Verification Result

Verify Credentials using Affinidi TDK

If you want to validate Verifiable Credentials or Verifiable Presentations shared by the users from your application, use the Credential Verification Client of the Affinidi TDK to call the Credential Verification service.

Follow the sample code below to validate a credential.

  1. Install the required libraries (in our example, we will use Credential Verification Service).
npm install -S @affinidi-tdk/auth-provider @affinidi-tdk/credential-verification-client
pip install affinidi_tdk_auth_provider affinidi_tdk_credential_verification_client
  1. Import the libraries into the code. We are importing the Credential Verification client (Credential Verification Service) to validate a credential and the Auth Provider to generate the Project Scoped Token for the Authorisation header.
import { DefaultApi, Configuration as AuthConfiguration, VerifyCredentialInput } from '@affinidi-tdk/credential-verification-client'
import { AuthProvider } from '@affinidi-tdk/auth-provider'
import affinidi_tdk_auth_provider
import affinidi_tdk_credential_verification_client
  1. Generate an Authorisation token to call the client using the Personal Access Token for the specific project.
// NOTE: set your variables for PAT
const privateKey = "<PAT_PRIVATE_KEY_STRING>"
const passphrase = "<PAT_KEY_PAIR_PASSPHRASE>"
const tokenId = "<PAT_ID>"
const projectId = "<PROJECT_ID>"

const authProvider = new AuthProvider({
    privateKey,
    passphrase,
    tokenId,
    projectId
})

const authConfiguration = new AuthConfiguration({
  apiKey: authProvider.fetchProjectScopedToken.bind(authProvider)
})
stats = {
  "privateKey": "<PAT_PRIVATE_KEY_STRING>",
  "passphrase": "<PAT_KEY_PAIR_PASSPHRASE>",
  "tokenId": "<PAT_ID>",
  "projectId": "<PROJECT_ID>"
}

authProvider = affinidi_tdk_auth_provider.AuthProvider(stats)

projectScopedToken = authProvider.fetch_project_scoped_token()

configuration = affinidi_tdk_credential_verification_client.Configuration()

# Configure API key authorization: ProjectTokenAuth
configuration.api_key['ProjectTokenAuth'] = projectScopedToken
  1. Initiate the Credential Verification module with the authorisation header and call the client method with the credential data.
const api = new DefaultApi(authConfiguration)

const request: VerifyCredentialInput = {
        "verifiableCredentials": [
            {
                ...
            }
        ]
    }

const { data } = await api.verifyCredentials(request)
with affinidi_tdk_credential_verification_client.ApiClient(configuration) as api_client:
    api_instance = affinidi_tdk_credential_verification_client.DefaultApi(api_client)

    request_json = {
        "verifiableCredentials": [
            {
                ...
            }
        ]
    }

    verify_credentials_input = affinidi_tdk_credential_verification_client.VerifyCredentialInput.from_dict(request_json)

    api_response = api_instance.verify_credentials(verify_credentials_input=verify_credentials_input)

The Credential Verification client will return TRUE if the the credential is valid or FALSE if it fails, include the list of errors.

{
  "isValid": true,
  "errors": []
}