Claimed Credentials
The Claimed Credentials page in Affinidi Vault allows consumers to view all the credentials they have accepted from trusted issuers.
Affinidi Vault users can share these claimed credentials with their consent when requested to comply with the requirements or in exchange for a particular value (e.g., a Personalised experience or offer).
For example, when you complete a course from an educational institution, you can request a certificate of completion, and the institution can issue a Verifiable Credential that contains details about the course and the completion date.
How Claim Credential Works
The Affinidi Vault user receives the Credential Offer through a link redirecting them to the Affinidi Vault’s claim credential page. The Affinidi Vault exchanges the pre-authorisation code and transaction code (if required) to get the access token needed to retrieve the credential details and present them to the user.
When retrieving the credential details, the Credential Issuance Service validates the proof of the credential to verify that the user claiming the credential matches the Holder’s DID set in the Credential Offer if the claim mode is FIXED_HOLDER
or if the Holder DID is present in the TX_CODE
claim mode. It throws an error if the proof does not match.
Below is the illustration of the claim credential flow:
sequenceDiagram actor User participant Affinidi Vault participant Credential Issuance Service User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential Credential Issuance Service->>Credential Issuance Service: Validate credential proof Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential Affinidi Vault->>User: Presented the Verifiable Credential User->>Affinidi Vault: Accepts the Verifiable Credential Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential User->>Affinidi Vault: View the credential in Claimed credentials page
Claiming a Credential Offer
If the Credential Offer’s claim mode is TX_CODE
, the issuer will send the user the claim link with the Offer URI and the transaction code using an email securely.
If the Holder DID (holderDid
) is provided when creating the Credential Offer regardless of the claim mode, the Credential Issuance Service will validate the credential proof if the current user’s DID claiming the credential matches the DID set in the Credential Offer.
The claim link will be in the following format with the URL encoded <CREDENTIAL_OFFER_URI>
value:
https://vault.affinidi.com/claim?credential_offer_uri=<CREDENTIAL_OFFER_URI>
Clicking the link will redirect the user to the Affinidi Vault’s claim page to retrieve and claim the credential.
The credential’s name is based on the Credential Configuration ID
configured on the Supported Schemas of the Credential Issuance Configuration. In our example, it is set as Membership
.
Accepting the credential stores it in the user’s Affinidi Vault, making it viewable on the Claimed credentials page.
Note
The Credential Offer is only valid for claims based on theLifetime of the Credential Offer
configured in the Issuance Configuration. If the user fails to claim the credential by this time, the issuer should create another credential offer.Requesting Claimed Credentials
To request the claimed credentials stored in the Affinidi Vault, we will also use the Presentation Definition to query and ask for the user’s consent to share data.
Let’s take the Credential Issuance Configuration we configured previously here to do this.
In the Credential Issuance configuration, we have added the Membership
as a supported schema. We are using this schema to create a Credential Offer that is accepted and stored in the user’s Affinidi Vault.
Once these Verifiable Credentials are available in the user’s Affinidi Vault, we can request the same credential using the Affinidi Iota Framework and define the following Presentation Definition in its configuration.
{
"id": "membership_vc",
"input_descriptors": [
{
"id": "membership_vc",
"name": "Membership VC",
"purpose": "Check if Vault contains the required VC.",
"constraints": {
"fields": [
{
"path": [
"$.type"
],
"purpose": "Check if VC type is correct",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^Membership$"
}
}
}
]
}
}
]
}
In the above Presentation Definition, we are querying the credentials stored in the Affinidi Vault with the type Membership
, which is the same Credential Type ID
we configured in the Credential Issuance Configuration.
Glad to hear it! Please tell us how we can improve more.
Sorry to hear that. Please tell us how we can improve.
Thank you for sharing your feedback so we can improve your experience.