Identity Verification

Seamlessly onboard customers with a verified identity to your platform.

Identity Verification is a feature of Affinidi Vault that allows users to verify their identity using standard identity documents, such as Passports.

Upon successful verification, it creates a verified identity document using the Verifiable Credential (VC) format (verified identity VC) that users can share and reuse for the ID verification process.

With Identity Verification, your application can request the consumer’s verified identity document during the ID verification process to streamline consumer onboarding.

How Identity Verification flow works

The diagram below details how the Identity Verification flow works using the Affinidi Iota Framework.

sequenceDiagram
actor u as User
participant app as Website
participant iota as Affinidi Iota Framework
participant vault as Affinidi Vault
participant acq as Affinidi IDV Service
participant provider as IDV Provider
u ->> app: Subscribe to verified service
app ->> iota: Initialise data-sharing request
Note over iota: Generate request token<br>with IDV provider claim
iota -->> app: Signed request token
app ->> vault: Redirect user to start data-sharing flow with signed request token
Note over vault: Query stored VC
alt verified identity VC not found
vault ->> acq: Trigger Identity Verification flow using<br>signed request token + consumer token
Note over acq: Check request token and project configuration
acq ->> +provider: Initiate session
provider -->> -acq: Session URL
acq -->> vault: Session URL
vault -->> provider: Redirect
u ->> provider: Capture self-photo and identity document
Note over provider: Process verification
provider ->> acq: Verification result webhook
Note over acq: Create verified identity VC
acq->>vault: verified identity VC
Note over vault: Store verified identity VC
end
vault->>+u: Request for consent to share data
u-->>-vault: Allow access to the data
vault -->> iota: Generate and send Verifiable Presentation
iota -->> app: Verifiable Presentation
Note over iota, app: Contains the verified identity VC <br/> shared by the user
app ->> u: Continue journey on the website
Identity Verification flow highlights:
  1. The website initiates user onboarding through Affinidi Iota Framework and requests the user’s verified identity.

  2. The user unlocks their Affinidi Vault, which queries the local storage to see if the verified identity VC satisfying the Presentation Definition is available; otherwise, it triggers the identity verification flow and creates a session with the Identity Verification provider.

  3. The user completes the verification process by providing a screen capture of their face and one of the supported identity documents, such as a Passport.

  4. ID verification provider verifies the provided data and sends the verification result to the Affinidi Service.

  5. Affinidi Vault fetches the generated VC from the identity verification and stores it locally.

  6. Affinidi Vault requests user consent to share the verified identity VC to the website.

  7. Once the user consents to share the data, the Affinidi Vault generates the Verifiable Presentation and sends it to the Affinidi Iota Framework.

  8. The website parses the Verifiable Presentation response from the Affinidi Iota Framework and continues the user’s journey.

Enabling Identity Verification flow

Identity Verification is currently in Closed Beta. To enable this feature in your project, send us a request through Contact Us form and get your Project ID whitelisted.

To request the user’s verified identity, integrate your website with the Affinidi Iota Framework, a consent-driven data-sharing process. Enabling the identity verification flow requires the following changes:

  1. Create or update an Affinidi Iota Framework configuration using this guide.

    Ensure that you select Redirect as the data-sharing mode and check the Enable Identity Verification (IDV) option (which is only available to specific projects).

Enable IDV Flow
  1. After creating the Affinidi Iota Framework configuration with the Identity Verification option enabled, create a Presentation Definition using the following query requesting a Passport document.

    The Affinidi Vault checks the query included in the Affinidi Iota Framework request token to determine if the request for Verifiable Credential (VC) is a verified identity VC and initiates the Identity Verification flow if the VC is not present.

{ "id": "verified_identity", "input_descriptors": [ { "id": "id_document_input", "name": "Passport", "constraints": { "fields": [ { "path": ["$.issuer", "$.vc.issuer", "$.iss"], "purpose": "Only accept credentials issued by Affinidi IDV", "filter": { "type": "string", "pattern": "^did:web:idv.affinidi.com$" } }, { "path": [ "$.type" ], "purpose": "Only accept IDV type VC", "filter": { "type": "array", "contains": { "type": "string", "pattern": "^VerifiedIdentityDocument$" } } }, { "path": [ "$.type" ], "purpose": "Only accept IDV supported document", "filter": { "type": "array", "contains": { "type": "string", "pattern": "^Passport$" } } } ] } } ] }
  1. After setting up the configuration and creating the required query, implement the Affinidi Iota Framework into your website using Redirect mode with this guide.

Supported identity documents

Currently, the Identity Verification flow supports the following type of document that users can present during the ID verification process:

  • Passport - contains information of the user extracted from a Passport document captured during the verification process.

  • Driver’s License - contains information of the user extracted from a driver’s license ID card captured during the verification process.

Learn how to request any supported documents using the Presentation Definitions from the user’s Affinidi Vault using the Affinidi Iota Framework.

  Query the user’s verified identity document using Presentation Definition (PEX Query).

Frequently asked questions

  • What happens if my customer has already been through an ID verification in their Affinidi Vault?

    The verified identity VCs are stored in the consumer’s Affinidi Vault, allowing them to reuse the credential whenever they need to. This reduces the friction of customers going through the same ID verification process multiple times on different apps, enabling a more seamless onboarding to your service.

  • How much does Identity Verification cost?

    We aim to bring down the cost of ID verification through the power of reusability. Talk to our team about your requirements.

  • Who is doing the verification?

    The ID verification process is currently handled by Veriff. Veriff ID Verification solution has a success rate of 95% on the user’s first try.

  • What happens if my user is not verified?

    If the user is not verified due to technical issues within Affinidi services or technical issues at our Partner’s end - you will not be charged for initiating such verification. You are only charged when a user consents to share data. If the user fails the identity verification (due to abandoning the session or using a fraudulent document), you will receive a access_denied response code.

    Metrics on aggregate failure rates and reasons can be tracked in the Affinidi Portal .

  • How to report an issue?

    You may raise the issue using this form or reach out to your assigned POC.

What’s next

  Onboard users with verified identity using Affinidi Iota Framework

  Manage your verified identity VC issued to your Affinidi Vault

  Issue Verifiable Credentials (VCs) to your users