Domain Verification

Verify your domain ownership for enhanced security and increased user trust.

Domain Verification service is a security feature of Affinidi Trust Network that enables developers to verify the domain ownership displayed in the Affinidi Vault’s consent screen. It empowers users to decide whether to share their data with the requesting domain.

Benefits of Domain Verification

Enhanced Security: Domain Verification provides proof of control over the domain. It adds the Verified by Affinidi checkmark on the consent page, which informs users that they are securely sharing their data to the correct website.
Increased User Trust: Domain Verification strengthens user confidence in the website as Affinidi verifies the developer’s domain ownership, leading to better user engagement and data sharing.

How Domain Verification Works

sequenceDiagram
    actor Developer
    participant Affinidi Portal
    participant Domain Verification
    participant Website

    Developer->>Affinidi Portal: Verify Domain
    Affinidi Portal->>Domain Verification: Configured domain value
    Domain Verification->>Domain Verification: Generates a did:web document based on configured domain
    Domain Verification->>Affinidi Portal: Respond with the did:web document
    Affinidi Portal->>Developer: Downloads the did:web document
    Developer-->>Website: Upload the did:web document to the specified location
    Developer->>Affinidi Portal: Clicked on "I've hosted it"
    Affinidi Portal->>Domain Verification: Initiate verification of the did:web document
    Domain Verification->>Website: Parse the did:web document on the specified path
    Domain Verification->>Domain Verification: Verifies that the did:web document is valid
    Domain Verification->>Affinidi Portal: Respond with the verification status
    Affinidi Portal->>Affinidi Portal: Update the Login Configuration with verified domain

Using the Domain Verification service in the Affinidi Portal, the service will generate a did:web document that developers must upload to the hosting server in the following path - https://[DOMAIN]/.well-known/did.json. After the file is hosted on the specified location, the service will parse the did:web document to validate the content and update the domain as verified if successful.

Once the configured domain is verified, users will see a checkmark on the Consent flow when sharing their data to ensure they share it with the verified domain.

To verify the domain configured on the Login Configuration, go to the Affinidi Login page of Affinidi Portal.

Note

The domain must be secured by a TLS/SSL certificate (e.g. HTTPS) to successfully verify it.

Open the Login Configuration if you would like to have the domain verified.
Click on the Verify button in the Configuration Details section.

Confirm that the domain value is correct and click on Continue button.

If you need to update the value, click on the Login Configuration Detail link and update the Origin URL field.

The service will generate the required did:web document (as an example below). Download the did:web document.

{
  "id": "did:web:mywebsite.com",
  "@context": "https://w3id.org/security/v2",
  "publicKey": [
    {
      "id": "did:web:mywebsite.com#primary",
      "type": "Secp256k1VerificationKey2018",
      "publicKeyHex": "0338e112f1ebefb3114e7b8d41d6f5068e063b0a86345a455af952285987hyfr69",
      "controller": "did:web:mywebsite.com"
    }
  ],
  "verificationMethod": [
    {
      "id": "did:web:mywebsite.com#primary",
      "controller": "did:web:mywebsite.com",
      "type": "Secp256k1VerificationKey2018",
      "publicKeyHex": "0338e112f1ebefb3114e7b8d41d6f5068e063b0a86345a455af952285987hyfr69"
    }
  ],
  "authentication": [
    "did:web:mywebsite.com#primary"
  ],
  "assertionMethod": [
    "did:web:mywebsite.com#primary"
  ]
}

Upload the downloaded did:web document in the .well-known directory of your website and ensure the file name is did.json.

For example, if you specified the domain as https://mywebsite.com, you must upload the did:web document in the location https://mywebsite.com/.well-known/did.json.

Once you upload the did.json file, go back to the Affinidi Portal - Domain Verification page and click on I’ve hosted it button to start the verification.

Once successful, the Login Configuration will be updated with a verified domain, and the same verified tag will be reflected on Affinidi Vault’s consent page when users share their data.

If the verification fails, ensure that you have uploaded the did.json file to the correct path - https://[DOMAIN]/.well-known/did.json and the path is publicly accessible, then click on the Retry button.

Once Affinidi verifies the domain, users will see a verified checkmark on the Consent screen of the Affinidi Vault when sharing their data, increasing user trust and providing better user experience.

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.

Domain Verification

Benefits of Domain Verification

How Domain Verification Works

How to Verify the Domain on Affinidi Login

Note

Verified Domain on Consent Screen