Claimed Credentials

View all the credentials you claimed in your Affinidi Vault.

The Claimed Credentials page in Affinidi Vault allows consumers to view all the credentials they have accepted from trusted issuers.

Affinidi Vault users can share these claimed credentials with their consent when requested to comply with the requirements or in exchange for a particular value (e.g., a Personalised experience or offer).

For example, when you complete a course from an educational institution, you can request a certificate of completion, and the institution can issue a Verifiable Credential that contains details about the course and the completion date.

Affinidi Vault - Claimed Credentials

How Claim Credential Works

The Affinidi Vault user receives the Credential Offer in the form of a link that redirects them to the Affinidi Vault’s claim credential page. The Affinidi Vault exchanges the pre-authorisation code and transaction code (if required) to get the access token required to retrieve the credential details and present them to the user.

When retrieving the credential details, the Credential Issuance service validates the proof of the credential to verify that the user claiming the credential matches the Holder’s DID set in the Credential Offer. It throws an error if the proof does not match.

Below is the illustration of the claim credential flow:

sequenceDiagram
    actor User
    participant Affinidi Vault
    participant Credential Issuance Service

    User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer
    Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token
    Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential
    Credential Issuance Service->>Credential Issuance Service: Validate credential proof
    Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed
    Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential
    Affinidi Vault->>User: Presented the Verifiable Credential
    User->>Affinidi Vault: Accepts the Verifiable Credential
    Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential
    User->>Affinidi Vault: View the credential in Claimed credentials page

Claiming a Credential Offer

The issuer should first send a Credential Offer to your Decentralised Identifier (DID) value to claim a credential. The DID value can be found on the Profile page of the Affinidi Vault, or the application can extract this information when you log in to their application through Affinidi Login as an authentication option.

Once the issuer creates a Credential Offer for your Affinidi Vault account, the issuer will send the user the claim link with the Offer URI and the transaction code (if required) using an email, for example.

The claim link will be in the following format with the URL encoded <CREDENTIAL_OFFER_URI> value:


https://vault.affinidi.com/claim?credential_offer_uri=<CREDENTIAL_OFFER_URI>

Clicking the link will redirect the user to the Affinidi Vault’s claim page to retrieve and claim the credential.

The credential’s name is based on the Credential Type ID configured on the Supported Schemas of the Credential Issuance Configuration. In our example, it is set as UniversityDegre2024.

Affinidi Vault - Claim Credential

Accepting the credential stores it in the user’s Affinidi Vault, making it viewable on the Claimed credentials page.

Requesting Claimed Credentials

To request the claimed credentials stored in the Affinidi Vault, we will also use the Presentation Definition to query and ask for the user’s consent to share data.

Let’s take the Credential Issuance Configuration we configured previously here to do this.

In the Credential Issuance configuration, we have added the UniversityDegre2024 as a supported schema. We are using this schema to create a Credential Offer that is accepted and stored in the user’s Affinidi Vault.

Create Credential Issuance

Once these Verifiable Credentials are available in the Affinidi Vault, we can request the same credential using the following Presentation Definition.


{
  "id": "university_degree",
  "input_descriptors": [
    {
      "id": "university_degree",
      "name": "UniversityDegree VC",
      "purpose": "Check if Vault contains the required VC.",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^UniversityDegre2024$"
              }
            }
          }
        ]
      }
    }
  ]
}

In the above Presentation Definition, we are querying the credentials stored in the Affinidi Vault with the type UniversityDegree2024, which is the same Credential Type ID we configured in the Credential Issuance Configuration.