Claimed Credentials

View all the credentials you claimed in your Affinidi Vault.

The Claimed Credentials page in Affinidi Vault allows consumers to view all the credentials they have accepted from trusted issuers.

Affinidi Vault users can share these claimed credentials with their consent when requested to comply with the requirements or in exchange for a particular value (e.g., a Personalised experience or offer).

For example, when you complete a course from an educational institution, you can request a certificate of completion, and the institution can issue a Verifiable Credential that contains details about the course and the completion date.

Affinidi Vault - Claimed Credentials

How Claim Credential Works

The Affinidi Vault user receives the Credential Offer through a link redirecting them to the Affinidi Vault’s claim credential page. The Affinidi Vault exchanges the pre-authorisation code and transaction code (if required) to get the access token needed to retrieve the credential details and present them to the user.

When retrieving the credential details, the Credential Issuance Service validates the proof of the credential to verify that the user claiming the credential matches the Holder’s DID set in the Credential Offer if the claim mode is FIXED_HOLDER or if the Holder DID is present in the TX_CODE claim mode. It throws an error if the proof does not match.

Below is the illustration of the claim credential flow:

sequenceDiagram
    actor User
    participant Affinidi Vault
    participant Credential Issuance Service

    User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer
    Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token
    Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential
    Credential Issuance Service->>Credential Issuance Service: Validate credential proof
    Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed
    Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential
    Affinidi Vault->>User: Presented the Verifiable Credential
    User->>Affinidi Vault: Accepts the Verifiable Credential
    Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential
    User->>Affinidi Vault: View the credential in Claimed credentials page

Claiming a Credential Offer

If the Credential Offer’s claim mode is TX_CODE, the issuer will send the user the claim link with the Offer URI and the transaction code using an email securely.

If the Holder DID (holderDid) is provided when creating the Credential Offer regardless of the claim mode, the Credential Issuance Service will validate the credential proof if the current user’s DID claiming the credential matches the DID set in the Credential Offer.

The claim link will be in the following format with the URL encoded <CREDENTIAL_OFFER_URI> value:


https://vault.affinidi.com/claim?credential_offer_uri=<CREDENTIAL_OFFER_URI>

Clicking the link will redirect the user to the Affinidi Vault’s claim page to retrieve and claim the credential.

The credential’s name is based on the Credential Configuration ID configured on the Supported Schemas of the Credential Issuance Configuration. In our example, it is set as Membership.

Affinidi Vault - Claim Credential

Accepting the credential stores it in the user’s Affinidi Vault, making it viewable on the Claimed credentials page.

Requesting Claimed Credentials

To request the claimed credentials stored in the Affinidi Vault, we will also use the Presentation Definition to query and ask for the user’s consent to share data.

Let’s take the Credential Issuance Configuration we configured previously here to do this.

In the Credential Issuance configuration, we have added the Membership as a supported schema. We are using this schema to create a Credential Offer that is accepted and stored in the user’s Affinidi Vault.

Create Credential Issuance

Once these Verifiable Credentials are available in the user’s Affinidi Vault, we can request the same credential using the Affinidi Iota Framework and define the following Presentation Definition in its configuration.


{
  "id": "membership_vc",
  "input_descriptors": [
    {
      "id": "membership_vc",
      "name": "Membership VC",
      "purpose": "Check if Vault contains the required VC.",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^Membership$"
              }
            }
          }
        ]
      }
    }
  ]
}

In the above Presentation Definition, we are querying the credentials stored in the Affinidi Vault with the type Membership, which is the same Credential Type ID we configured in the Credential Issuance Configuration.