Affinidi Vault User Data

List the available data points your application can request from the Affinidi Vault.

This page shows the available data points you can request from the user’s Vault using the Presentation Exchange (PEX) query.

User Profile Individual Data Points

List of Verifiable Credentials for each field of the User Profile from the Vault. Please note that all these Verifiable Credentials for individual data points are currently self-issued by the user.

TypePathDescription
HITGivenName$.credentialSubject.givenNameGiven name(s) or first name(s) of the holder. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
HITFamilyName$.credentialSubject.familyNameSurname(s) or last name(s) of the holder. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
HITMiddleName$.credentialSubject.middleNameMiddle name(s) of the holder. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
HITNickname$.credentialSubject.nicknameCasual name of the Holder that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.
HITBirthdate$.credentialSubject.birthdateHolders’s birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform’s date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.
HITGender$.credentialSubject.genderHolder’s gender.
HITPhoneNumber$.credentialSubject.phoneNumberHolder’s preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234.
HITPicture$.credentialSubject.pictureURL of the Holder’s profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the Holder suitable for displaying when describing the Holder, rather than an arbitrary photo taken by the Holder.
HITPostalCode$.credentialSubject.postalCodeZip code or postal code component.
HITStreetAddress$.credentialSubject.streetAddressFull street address component, which MAY include house number, street name, Post Office Box, and multi-line extended street address information. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair ("\r\n") or as a single line feed character ("\n").
HITCountry$.credentialSubject.countryCountry name component.
HITLocality$.credentialSubject.localityCity or locality component.

Sample Usage

{
  "id": "vp_token_with_profile_vc",
  "input_descriptors": [
    {
      "id": "profile_vc",
      "name": "GivenName VC",
      "purpose": "Check if data contains necessary fields",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "HITGivenName"
              }
            }
          },
          {
            "path": [
              "$.credentialSubject.givenName"
            ],
            "purpose": "Check if VC contains givenName field",
            "filter": {
              "type": "string"
            }
          }
        ]
      }
    }
  ]
}

User Profile Data Sets

List of Verifiable Credentials that combines related fields to form a data sets from the Vault. Please note that all these Verifiable Credentials for data sets are currently self-issued by the user.

Identity Set

Identity information of the Vault user.

Type: HITIdentity

PathDescription
$.credentialSubject.nicknameCasual name of the Holder that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.
$.credentialSubject.genderHolder’s gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable.
$.credentialSubject.birthdateHolder’s birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform’s date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.

Fullname Set

Full name information of the Vault user.

Type: HITFullName

PathDescription
$.credentialSubject.familyNameSurname(s) or last name(s) of the Holder. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
$.credentialSubject.givenNameGiven name(s) or first name(s) of the Holder. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
$.credentialSubject.middleNameMiddle name(s) of the Holder. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
$.credentialSubject.nameHolder’s full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the Holder’s locale and preferences.

Address Set

Preferred postal address of the Vault user.

Type: HITAddress

PathDescription
$.credentialSubject.formattedFull mailing address, formatted for display or use on a mailing label. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair ("\r\n") or as a single line feed character ("\n").
$.credentialSubject.streetAddressFull street address component, which MAY include house number, street name, Post Office Box, and multi-line extended street address information. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair ("\r\n") or as a single line feed character ("\n").
$.credentialSubject.localityCity or locality component.
$.credentialSubject.regionState, province, prefecture, or region component.
$.credentialSubject.postalCodeZip code or postal code component.
$.credentialSubject.countryCountry name component.

Contacts Set

Contact information of the Vault user.

Type: HITContacts

PathDescription
$.credentialSubject.phoneNumberHolder’s preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234.
$.credentialSubject.emailHolder’s email.

Sample Usage

{
  "id": "vp_token_with_profile_vc",
  "input_descriptors": [
    {
      "id": "profile_vc",
      "name": "Identity VC",
      "purpose": "Check if data contains necessary fields",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "HITIdentity"
              }
            }
          },
          {
            "path": [
              "$.credentialSubject.nickname"
            ],
            "purpose": "Check if VC contains nickname field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": [
              "$.credentialSubject.birthdate"
            ],
            "purpose": "Check if VC contains birthdate field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": [
              "$.credentialSubject.gender"
            ],
            "purpose": "Check if VC contains gender field",
            "filter": {
              "type": "string"
            }
          }
        ]
      }
    }
  ]
}

Liveness Check Data

Information about the Liveness check of the Vault user. This contains either True or False based on the result of the Liveness check. This Verifiable Credential is issued by Affinidi and we recommend to include the Issuer checking in the Presentation Definition if you are requesting this particular VC.

Type: HITLivenessCheck

PathDescription
$.credentialSubject.livenessCheckPassedA boolean field. Indicates whether holder passed liveness check.

Sample Usage

{
  "id": "vp_token_with_profile_vc",
  "input_descriptors": [
    {
      "id": "profile_vc",
      "name": "Liveness VC",
      "purpose": "Check if data contains necessary fields",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "HITLivenessCheck"
              }
            }
          },
          {
            "path": [
              "$.credentialSubject.livenessCheckPassed"
            ],
            "purpose": "Check if VC contains liveness field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": [
              "$.issuer"
            ],
            "purpose": "Check if VC Issuer is Trusted",
            "filter": {
              "type": "string",
              "pattern": "^did:key:zQ3shtMGCU89kb2RMknNZcYGUcHW8P6Cq3CoQyvoDs7Qqh33N"
            }
          }
        ]
      }
    }
  ]
}

Verified Email Data

Verified Email of the Vault user after successful registration. This Verifiable Credential is issued by Affinidi and we recommend to include the Issuer checking in the Presentation Definition if you are requesting this particular VC.

Type: Email

PathDescription
$.credentialSubject.emailVerified email address after successful registration to the Vault.

Sample Usage

{
  "id": "vp_token_with_email_vc",
  "input_descriptors": [
    {
      "id": "email_vc",
      "name": "Email VC",
      "purpose": "Check if data contains necessary fields",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "Email"
              }
            }
          },
          {
            "path": [
              "$.credentialSubject.email"
            ],
            "purpose": "Check if VC contains email field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": [
              "$.issuer"
            ],
            "purpose": "Check if VC Issuer is Trusted",
            "filter": {
              "type": "string",
              "pattern": "^did:key:zQ3shtMGCU89kb2RMknNZcYGUcHW8P6Cq3CoQyvoDs7Qqh33N"
            }
          }
        ]
      }
    }
  ]
}

Full User Profile Data

Full user profile data from the Vault. Please note that this Verifiable Credential is currently self-issued by the user.

Type: UserProfile

PathDescription
$.credentialSubject.givenNameGiven name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the words being separated by space characters.
$.credentialSubject.familyNameSurname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple or no family names; all can be present, with the words separated by space characters.
$.credentialSubject.middleNameMiddle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the words separated by space characters. Also, in some cultures, middle names are not used.
$.credentialSubject.nicknameCasual name of the End-User may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a givenName value of Michael.
$.credentialSubject.pictureURL of the End-User’s profile picture. This URL must refer to an image file (for example, a PNG, JPEG, or GIF image file) rather than to a Web page containing an image. Note that this URL should reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.
$.credentialSubject.birthdateEnd-User’s birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed.
$.credentialSubject.genderEnd-User’s gender. Values defined by this specification are female and male. Other values MAY be usable when neither of the specified values are applicable.
$.credentialSubject.phoneNumberEnd-User’s preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234.
$.credentialSubject.addressObject type data. End-User’s preferred postal address. The value of the address member is a JSON [RFC4627] structure containing some or all of the members defined in Section 5.1.1.
$.credentialSubject.address.streetAddressPart of the address object. Complete street address component, which MAY include house number, street name, Post Office Box, and multi-line extended street address information. This field MAY contain multiple lines, separated by newlines. Newlines can be represented either as a carriage return/line feed pair ("\r\n") or as a single line feed character ("\n").
$.credentialSubject.address.postalCodePart of the address object. Zip code or postal code component.
$.credentialSubject.address.localityPart of the address object. City or locality component.
$.credentialSubject.address.countryPart of the address object. Country name component.
$.credentialSubject.updatedAtTime the End-User’s information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

Sample Usage

{
  "id": "vp_token_with_profile_vc",
  "input_descriptors": [
    {
      "id": "email_vc",
      "name": "Profile VC",
      "purpose": "Check if data contains necessary fields",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "UserProfile"
              }
            }
          },
          {
            "path": [
              "$.credentialSubject.familyName"
            ],
            "purpose": "Check if VC contains familyName field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": [
              "$.credentialSubject.givenName"
            ],
            "purpose": "Check if VC contains givenName field",
            "filter": {
              "type": "string"
            }
          }
        ]
      }
    }
  ]
}

Learn more on how to request data from Affinidi Vault with the user’s consent and explore how to customise the Presentation Definition and ID Token Mapping for Affinidi Login implementation.