Claimed Credentials

Manage the Verifiable Credentials (VCs) you have claimed in Affinidi Vault.

The Claimed Credentials page shows all VCs you accepted from trusted third-party issuers.

When requested by your app, these credentials are shared with user consent. They contain attested data that can simplify onboarding or streamline workflows.

Example:

If a user completes a course, the training provider can issue a VC certifying completion. Your app can request this VC to verify and onboard the user.

How Claimed Credential Works

When an issuer wants to attest a claim (e.g., course completion), they create a credential offer.

The offer includes details about the claim and a link for the user to claim the credential in Affinidi Vault.

When the user visits the link:

They are redirected to Affinidi Vault’s Claim Credential page.
Affinidi Vault exchanges pre-authorisation and transaction code (if TX_CODE mode is selected) to get the access token required to retrieve the credential.

Important Note

The claim process validates the user’s DID if holderDid is present in the credential offer. If the DID does not match, an error occurs.

Below is the diagram of the claimed credential flow:

sequenceDiagram
    actor User
    participant Affinidi Vault
    participant Credential Issuance Service

    User->>Affinidi Vault: Enters the Transaction Code to view the Credential Offer
    Affinidi Vault->>Credential Issuance Service: Resolves Offer URI and get the Credential Offer with Access Token
    Note over Affinidi Vault, Credential Issuance Service: Affinidi Vault will exchange Trx Code and Pre-Auth Code <br /> for the Access Token to Get the Credential
    Credential Issuance Service->>Credential Issuance Service: Validate credential proof
    Credential Issuance Service->>Credential Issuance Service: Update Credential Offer as Claimed
    Credential Issuance Service->>Affinidi Vault: Return the Verifiable Credential
    Affinidi Vault->>User: Presented the Verifiable Credential
    User->>Affinidi Vault: Accepts the Verifiable Credential
    Affinidi Vault->>Affinidi Vault: Securely Stores the Verifiable Credential
    User->>Affinidi Vault: View the credential in Claimed credentials page

How a User Can Claim a Credential Offer

After creating the credential offer:

It returns an offer_uri that the issuer must securely send to the user.
The issuer can share the link via email or embed it in a QR code.

If TX_CODE mode is selected: The issuer must also send the transaction code securely.

If FIXED_HOLDER mode is used: Affinidi Vault validates the user’s DID against the holderDid in the offer.

The claim link format includes the URL encoded <OFFER_URI> value.


        

https://vault.affinidi.com/claim?credential_offer_uri=<OFFER_URI>

When the user visits the link:

They are redirected to Affinidi Vault.
The credential is retrieved and stored in Affinidi Vault.
It becomes viewable on the Claimed Credentials page.

The Credential Configuration ID from the supported schema is used as the credential’s title in Affinidi Vault (e.g., Membership).

GIF

Note

Credential Offer are valid only for the lifetime configured in Credential Issuance.

If the user does not claim within this time, the issuer must create a new offer.

How to Request Claimed Credentials from the User

To request claimed credentials:

Define a Presentation Definition to query and ask for user consent.

Example:

If the Membership is added in Credential Issuance configuration:

You can use it to create a credential offer.
Users claim and store it in their Affinidi Vault.

Once VCs are available in the user’s Vault:

Request them using Affinidi Iota Framework
Define a Presentation Definition specifying the credential type (e.g., Membership).


        

{
  "id": "membership_vc",
  "input_descriptors": [
    {
      "id": "membership_vc",
      "name": "Membership VC",
      "purpose": "Check if Vault contains the required VC.",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.type"
            ],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^Membership$"
              }
            }
          }
        ]
      }
    }
  ]
}

In this Presentation Definition, you query the Membership VC stored in the user’s Affinidi Vault by specifying the credential type Membership in the filter. This type matches the Credential Type ID configured in the Credential Issuance configuration.

When the user consents:

Affinidi Vault generates a Verifiable Presentation (vp_token) containing the VC.
The vp_token is shared with your application.

What’s Next

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.