Azure-Samples / active-directory-verifiable-credentials

A code sample demonstrating how to use Azure Active Directory's preview functionality to issue and consume verifiable credentials.
108 stars 65 forks source link

Is Attestation Verifiable Credentials Type repo demo available in c#? #67

Open sergiosolorzano opened 1 year ago

sergiosolorzano commented 1 year ago

I have tested successfully idtokenhint demo and I am trying unsucessfully attestation verifiable credentials type , similar to the Woodgrave Employee Onboarding Demo, is this code available in c#?

I can request the issuance of the VC but Authenticator doesn't request the user to Present a verifiable credential in order to issue one, thus the issuance of the VC doesn't get authorized.

Meaning in my case I need the Authenticator to request the VerifiedCredentialExpert VC first but I don't see how to trigger this on Authenticator, I tried this on issuance_request_config.json file, I also tried adding requestedCredentials to type VerifiedCredentialExpert as you see below to suggest to Authenticator to get this first, but didn't change the error behaviour:


     "callback": {
       //In this sample code we will overwrite the callback and use the HOSTNAME dynamicall
       //make sure you use ngrok or something like that when running on a local devbox. 
       //The MS AAD VC Request service needs to be able to reach the callback URI
       "url": "https://YOURPUBLICREACHABLEHOSTNAME/api/issuer/issuanceCallback",
       "state": "STATEWILLBESETINCODE",
       "headers": {
         "api-key": "OPTIONAL API-KEY for ISSUANCE CALLBACK API"
       }
     },
     //The Authority is the DID from your MS AAD Verifiable Credential service, you can copy this from the VC page in azure portal
     "authority": "did:ion: THIS IS YOUR DID FROM THE VC PAGE IN AZURE PORTAL WHICH IS SET IN THE SAMPLE BY COPYING THE VALUE FROM APPSETTINGS.JSON   ",
     "registration": {
       "clientName": "Verifiable Test Register Verifiable Credential"
     },
     //The type needs to be the same as defined in the rules json definitione. The manifest can be copied after the credential has been
     //created in the azure portal
     "type": "VerifiedTestRegistration",
     "manifest": "CREDENTIAL URL IN THIS SAMPLE WILL BE COPIED FROM APPSETTINGS.JSON",
     //Recommendation is to protect issuance payload with a PIN code. 
     //The pincode is set to a random value in code and will be displayed in the UI to the user
     "pin": {
       "value": "123456",
       "length": 4
     },
     //This is an example payload which will be used in the rules file of the credential.
     //The rules files maps information from the ID Token (hint) to the VC
     "claims": {
       "country_of_registry": "",
       "registration_number": "",
     },
     //You can request multiple verifiable credentials at once that's whty the requestCredentials is an array
     "requestedCredentials": [
       {
         "type": "VerifiedCredentialExpert",
         "purpose": "Required presentation of verifiable credentials expert to get Test Registration card.",
         //You can trust multiple issuers who might be issuing the same credential type (for example certifications or diplomas)
         //You need to specify at least 1 trusted issuer DID, for this sample code we copy the IssuerAuthority from appsettings to the request
         //"acceptedIssuers": [ "did:ion: copied from your VC portal in this sample the code copies it from APPSETTINGS.JSON" ]
         "acceptedIssuers": [ "theaccepetedidissuer" ]
       }

     ]
   }

These are the display and rules:

`  Display definition
           {
             "locale": "en-US",
             "card": {
               "title": "Test Verified Credential",
               "issuedBy": "TheIssuer",
               "backgroundColor": "#000000",
               "textColor": "#ffffff",
               "logo": {
                 "uri": "https://domain.com/image.png",
                 "description": "Test  Verified Credential"
               },
               "description": "Use this card to verify."
             },
             "consent": {
               "title": "Do you want to get your Test Verified Credential?",
               "instructions": "Sign in with your Verified Credential Expert Card to get your card."
             },
             "claims": [
               {
                 "claim": "$.vc.country_of_registry",
                 "label": "Country of Registry",
                 "type": "String"
               },
               {
                 "claim": "$.vc.registration_number",
                 "label": "Registration Number",
                 "type": "String"
               }
             ]
           }

           Rules definition
           {
           "attestations": {
             "presentations": [
               {
                 "mapping": [
                   {
                     "outputClaim": "firstName",
                     "required": true,
                     "inputClaim": "$.vc.credentialSubject.given_name",
                     "indexed": false
                   },
                   {
                     "outputClaim": "lastName",
                     "required": true,
                     "inputClaim": "$.vc.credentialSubject.family_name",
                     "indexed": false
                   }
                 ],
                 "required": true,
                 "credentialType": "VerifiedCredentialExpert",
                 "contracts": [
                   "https://verifiedid.did.msidentity.com/v1.0/tenants/id/verifiableCredentials/contracts/abcd/manifest"
                 ],
                 "trustedIssuers": [
                   "did:ion:thedid"
                 ]
               }
             ],
             "idTokenHints": [
               {
                 "mapping": [
                   {
                     "outputClaim": "countryOfRegistry",
                     "required": true,
                     "inputClaim": "$.country_of_registry",
                     "indexed": false
                   },
                   {
                     "outputClaim": "registrationNumber",
                     "required": true,
                     "inputClaim": "$.registration_number",
                     "indexed": true
                   }
                 ],
                 "required": true
               }
             ]
           },
           "validityInterval": 2592000,
           "vc": {
             "type": [
               "VerifiedTestRegistration"
             ]
           }
         }`

I am testing on iphone12 pro latest iOS version installed.

[Question as posted in the git project](https://github.com/Azure-Samples/active-directory-verifiable-credentials-dotnet/issues/41) and [MSFT Community](https://learn.microsoft.com/en-us/answers/questions/1121432/is-attestation-verifiable-credentials-type-repo-de.html) but unfortunately got no help.

Thank you for your help, Sergio