Identity Verification
Identity Verification is a feature of Affinidi Vault that lets users verify their identity using standard documents, such as passports.
After successful verification, Affinidi Vault creates a verified identity document in the Verifiable Credential (VC) format. Users can share and reuse this credential for identity checks.
Your app can request the user’s verified identity document during onboarding to streamline the process.
How Identity Verification Flow Works
The diagram below shows the Identity Verification flow using the Affinidi Iota Framework.
sequenceDiagram actor u as User participant app as Website participant iota as Affinidi Iota Framework participant vault as Affinidi Vault participant acq as Affinidi IDV Service participant provider as IDV Provider u ->> app: Subscribe to verified service app ->> iota: Initialise data-sharing request Note over iota: Generate request token<br>with IDV provider claim iota -->> app: Signed request token app ->> vault: Redirect user to start data-sharing flow with signed request token Note over vault: Query stored VC alt verified identity VC not found vault ->> acq: Trigger Identity Verification flow using<br>signed request token + consumer token Note over acq: Check request token and project configuration acq ->> +provider: Initiate session provider -->> -acq: Session URL acq -->> vault: Session URL vault -->> provider: Redirect u ->> provider: Capture self-photo and identity document Note over provider: Process verification provider ->> acq: Verification result webhook Note over acq: Create verified identity VC acq->>vault: verified identity VC Note over vault: Store verified identity VC end vault->>+u: Request for consent to share data u-->>-vault: Allow access to the data vault -->> iota: Generate and send Verifiable Presentation iota -->> app: Verifiable Presentation Note over iota, app: Contains the verified identity VC <br/> shared by the user app ->> u: Continue journey on the website
Identity Verification Flow Highlights:
The website starts onboarding through Affinidi Iota Framework and requests the user’s verified identity.
The user unlocks Affinidi Vault. It checks local storage for a verified identity VC that meets the Presentation Definition. If not found, it triggers the verification flow and creates a session with the Identity Verification provider.
The user completes verification by providing a face capture and a supported document, such as a passport.
The verification provider checks the data and sends the result to Affinidi Service.
Affinidi Vault retrieves the generated VC and stores it locally.
Affinidi Vault asks for user consent to share the verified identity VC with the website.
After consent, Affinidi Vault creates a Verifiable Presentation and sends it to Affinidi Iota Framework.
The website parses the Verifiable Presentation and continues the user journey.
Note
If verification fails or is incomplete, your website receives anaccess_denied response code.Enabling Identity Verification Flow
Identity Verification is in Closed Beta. To enable:
Send a request via the Contact Us form to whitelist your Project ID.
Integrate your website with Affinidi Iota Framework, a consent-driven data-sharing process.
Steps to Enable:
Create or update Affinidi Iota Framework configuration using this guide.
- Select Redirect as the data-sharing mode.
- Enable Identity Verification (IDV) (available only for specific projects).
Note
Identity Verification works only in Redirect mode.After enabling IDV, create a Presentation Definition query requesting a passport document.
- Affinidi Vault checks the query in the request token to confirm if the VC is a verified identity VC.
- If not present, it starts the Identity Verification flow.
{
"id": "verified_identity",
"input_descriptors": [
{
"id": "id_document_input",
"name": "Passport",
"constraints": {
"fields": [
{
"path": ["$.issuer", "$.vc.issuer", "$.iss"],
"purpose": "Only accept credentials issued by Affinidi IDV",
"filter": {
"type": "string",
"pattern": "^did:web:idv.affinidi.com$"
}
},
{
"path": [
"$.type"
],
"purpose": "Only accept IDV type VC",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^VerifiedIdentityDocument$"
}
}
},
{
"path": [
"$.type"
],
"purpose": "Only accept IDV supported document",
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^Passport$"
}
}
}
]
}
}
]
}Important Note
The verified identity VC is signed and issued by Affinidi’s DID (did:web:idv.affinidi.com) using the did:web method. Follow the Presentation Definition template to request the VC correctly.- Implement Affinidi Iota Framework in your website using Redirect mode with this guide.
Supported Identity Documents
Identity Verification supports:
Passport - Extracts user details from a captured passport.
Driver’s License - Extracts user details from a captured licence.
Learn how to request supported documents from a user’s Affinidi Vault using the Affinidi Iota Framework and Presentation Definitions.
Frequently Asked Questions
What if my customer has already verified their identity in Affinidi Vault?
Verified identity VCs are stored in the user’s Vault. They can reuse them across apps, reducing friction and improving onboarding.
How much does Identity Verification cost?
We aim to lower costs through credential reusability. Contact our team for details.
Who performs the verification?
Verification is handled by Veriff, which has a 95% success rate on the first attempt.
What if the user is not verified?
If technical issues occur on Affinidi or partner systems, you will not be charged. Charges apply only when the user consents to share data. If the user fails verification (e.g., abandons the session or uses fraudulent documents), you receive an
access_deniedresponse code.Track failure metrics in Affinidi Portal .
How to report an issue?
Raise it via this form or contact your assigned POC.
What’s Next
Glad to hear it! Please tell us how we can improve more.
Sorry to hear that. Please tell us how we can improve.
Thank you for sharing your feedback so we can improve your experience.