Claimed Credentials

Manage the Verifiable Credentials (VCs) you claimed in your Affinidi Vault.

The claimed credentials page in Affinidi Vault allows you to view all the Verifiable Credentials (VCs) you have accepted from trusted 3rd-party issuers.

When requested by your application, the claimed credentials are shared with the user’s consent. They contain the attested data that you can use to simplify the onboarding process or your application workflow.

For example, if the user has completed a course from a training provider, they can issue a Verifiable Credential (VC) that contains details about the course and certifies their completion. You can request this VC to verify and onboard your users.

How claimed credential works

If an issuer wishes to issue a Verifiable Credential (VC) attesting a particular claim about you, for example, a course completion certificate, they create a credential offer. The credential offer contains information about the course, and a credential offer link will be sent to you so you can claim the credential from your Affinidi Vault.

As a user, if you visit the link to the credential offer, it redirects you to Affinidi Vault’s claim credential page. The Affinidi Vault exchanges the pre-authorisation and transaction code (if TX_CODE mode is selected) to get the access token needed to retrieve the credential offer.

Important Note

The claim process validates the DID of the current user’s Affinidi Vault if the holderDid value is present in the credential offer regardless of the claim mode. It throws an error if the DID does not match.

Below is the illustration of the claimed credential flow:

sequenceDiagram
    actor User
    participant Affinidi Vault
    participant Credential Issuance Service

    User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer
    Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token
    Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential
    Credential Issuance Service->>Credential Issuance Service: Validate credential proof
    Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed
    Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential
    Affinidi Vault->>User: Presented the Verifiable Credential
    User->>Affinidi Vault: Accepts the Verifiable Credential
    Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential
    User->>Affinidi Vault: View the credential in Claimed credentials page

How a user can claim a credential offer

After creating the credential offer, it returns the offer_uri that the issuer must securely send to the user to allow them to claim the credential in their Affinidi Vault. The issuer can email the claim link or embed it in a QR code.

If the claim mode selected is TX_CODE, the issuer must securely send the transaction code to the user with the claim link. If it is FIXED_HOLDER claim mode, the Decentralised Identifier (DID) associated with the user’s Affinidi Vault is validated if it matches the holderDid value provided in the credential offer.

The claim link will be in the following format with the URL encoded <OFFER_URI> value:


        

https://vault.affinidi.com/claim?credential_offer_uri=<OFFER_URI>

As a user, once you visit the link, it will redirect you to the Affinidi Vault to retrieve and store the credential into your Affinidi Vault, making it viewable on the Claimed credentials page.

The Credential Configuration ID configured on the Supported Schemas is the credential’s title in the Affinidi Vault. In our example, it is Membership.

GIF

Note

The credential offer is only valid for claims based on the Lifetime of the Credential Offer configured in the Credential Issuance configuration. If the user fails to claim the credential by this time, the issuer must create another credential offer.

How to request claimed credentials from the user

To request the claimed credentials stored in the user’s Affinidi Vault, you have to define a presentation definition to query and ask for the user’s consent to share the data.

For example, in the Credential Issuance configuration shown below, the Membership schema is added as one of the supported schema. You can use this schema to create a credential offer that users claim and store in one of the profiles available in their Affinidi Vault.

Once these Verifiable Credentials (VCs) are available in the user’s Affinidi Vault, you can request the same credential using the Affinidi Iota Framework and define the following presentation definition to query it.


        

{
  "id": "membership_vc",
  "input_descriptors": [
    {
      "id": "membership_vc",
      "name": "Membership VC",
      "purpose": "Check if Vault contains the required VC.",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^Membership$"
              }
            }
          }
        ]
      }
    }
  ]
}

In the above presentation definition, we are querying the Membership VC stored in the user’s Affinidi Vault by specifying the credential type Membership in the filter, which is the same Credential Type ID configured in the Credential Issuance configuration.

Once the user consents to share the data from their Affinidi Vault, the Affinidi Vault generates the Verifiable Presentation token (vp_token) containing the VC and shares it with your application.

What’s next

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.