Skip to content

Instantly share code, notes, and snippets.

@rbrayb
Created June 12, 2023 02:07
Show Gist options
  • Save rbrayb/488ffee04b88b11f7bdd15b19ec48a18 to your computer and use it in GitHub Desktop.
Save rbrayb/488ffee04b88b11f7bdd15b19ec48a18 to your computer and use it in GitHub Desktop.
Getting the Verifiable Credentials .NET sample 3 working (Part 2)
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com"
PolicyId="B2C_1A_VC_susiq"
PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_VC_susiq"
DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
>
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensionsVC</PolicyId>
</BasePolicy>
<UserJourneys>
<!-- add VC as a Claims Provider -->
<UserJourney Id="SignUpOrSignIn">
<OrchestrationSteps>
<!--
modify step 1 & 2 to include signin with VC
api.signuporsignin.quick will load the html that helps produce the QR code
-->
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin.quick">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="VCExchange" />
</ClaimsProviderSelections>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<!--
if the QR code was scanned, this step will be executed to pick up the
result of the presentation and read the user's profile
-->
<ClaimsExchange Id="VCExchange" TechnicalProfileReferenceId="SelfAsserted-VCSigninQuick" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- If it's a new user, pass the claims to the VC sample to prepare for issuing a VC -->
<OrchestrationStep Order="9" Type="ClaimsExchange"> <!-- change 7 to 9 for SocialAndLocalAccountsWithMfa -->
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>newUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="PostVCIssuanceClaims" TechnicalProfileReferenceId="REST-VC-PostIssuanceClaims" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- If it's a new user, show the QR code to the user in order to issue the VC -->
<OrchestrationStep Order="10" Type="ClaimsExchange"> <!-- change 8 to 10 for SocialAndLocalAccountsWithMfa -->
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>newUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="UXVCIssuanceClaims" TechnicalProfileReferenceId="SelfAsserted-VCIssuance" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- NOTE! If you are using the starter pack SocialAndLocalAccountsWithMfa, change 9 to 11 -->
<OrchestrationStep Order="11" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignIn" />
<UserJourneyBehaviors>
<!-- Uncomment the below line if you want events traced to AppInsights. You need to update your key -->
<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="19...5b" DeveloperMode="true" ClientEnabled="true" ServerEnabled="true" TelemetryVersion="1.0.0" />
<ScriptExecution>Allow</ScriptExecution>
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="signInName" /> <!-- LocalAccount: whatever used to sign in with-->
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="email" /> <!-- LocalAccount: email -->
<OutputClaim ClaimTypeReferenceId="email" /> <!-- Other IDP: email -->
<OutputClaim ClaimTypeReferenceId="identityProvider" />
<OutputClaim ClaimTypeReferenceId="VCCredentialType" />
<OutputClaim ClaimTypeReferenceId="VCSubject" />
<OutputClaim ClaimTypeReferenceId="VCIssuer" />
<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com"
PolicyId="B2C_1A_TrustFrameworkExtensionsVC"
PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_TrustFrameworkExtensionsVC"
>
<!-- This policy file inherits from an already deployed version of trustFrameworkExtensions in the Starter Pack -->
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensionsMFAVC</PolicyId>
</BasePolicy>
<BuildingBlocks>
<ClaimsSchema>
<!-- VCServiceUrl - we send the url to the browser in this claim so that the browser knows how to contact the app -->
<ClaimType Id="VCServiceUrl">
<DisplayName>VCServiceUrl</DisplayName>
<DataType>string</DataType>
<UserHelpText>VC Service Url</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<!-- State Id between backend and Authenticator app. We use it to pull the auth result-->
<ClaimType Id="VCStateId">
<DisplayName>VCStateId</DisplayName>
<DataType>string</DataType>
<UserHelpText>Verifiable Credentials State Id</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<!-- Claims that we get from the VC Verifier -->
<ClaimType Id="vcCredentialType">
<DisplayName>vcCredentialType</DisplayName>
<DataType>string</DataType>
<UserHelpText>Verifiable Credentials Credential Type</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<!-- Claim from the VC Verifier - did of the user -->
<ClaimType Id="vcSubject">
<DisplayName>vcSubject</DisplayName>
<DataType>string</DataType>
<UserHelpText>Verifiable Credentials sub</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<!-- Claim from the VC Verifier - did of the issuer -->
<ClaimType Id="vcIssuer">
<DisplayName>vcIssuer</DisplayName>
<DataType>string</DataType>
<UserHelpText>Verifiable Credentials iss</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<!-- Claim from the VC Verifier - shortform did of the user but with colons replaced (did:ion: ==> did.ion.)-->
<ClaimType Id="vcKey">
<DisplayName>vcKey</DisplayName>
<DataType>string</DataType>
<UserHelpText>Verifiable Credentials key</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<!-- vcKey persisted as a signInName (identities in MS Grap API)-->
<ClaimType Id="signInNames.vckey">
<DisplayName>signInNames.vckey</DisplayName>
<DataType>string</DataType>
</ClaimType>
<!-- status from UX if we managed to issue a VC or not -->
<ClaimType Id="VCIssued">
<DisplayName>VCIssued</DisplayName>
<DataType>string</DataType>
<UserHelpText>If we managed to issue a VC</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<ClaimType Id="correlationId">
<DisplayName>CorrelationId</DisplayName>
<DataType>string</DataType>
<UserHelpText>B2C CorrelationId</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
<ClaimType Id="IPAddress">
<DisplayName>IPAddress</DisplayName>
<DataType>string</DataType>
<UserHelpText>User's ip address</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
</ClaimsSchema>
<ContentDefinitions>
<!-- This content definition is to render an error page that displays unhandled errors. -->
<ContentDefinition Id="api.error">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.0</DataUri>
</ContentDefinition>
<ContentDefinition Id="api.idpselections">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.0</DataUri>
</ContentDefinition>
<ContentDefinition Id="api.idpselections.signup">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.0</DataUri>
</ContentDefinition>
<ContentDefinition Id="api.selfasserted">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
</ContentDefinition>
<ContentDefinition Id="api.selfasserted.profileupdate">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
</ContentDefinition>
<ContentDefinition Id="api.localaccountsignup">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
</ContentDefinition>
<ContentDefinition Id="api.localaccountpasswordreset">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
</ContentDefinition>
<!-- pages uses custom html -->
<ContentDefinition Id="api.selfasserted.vc">
<!-- CHANGE THE BELOW LINES -->
<LoadUri>https://x.blob.core.windows.net/didvcbranding/selfAsserted.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Verifiable Credentials Signin</Item>
</Metadata>
</ContentDefinition>
<ContentDefinition Id="api.signuporsignin">
<LoadUri>https://x.blob.core.windows.net/didvcbranding/unified.html</LoadUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.0</DataUri>
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.signuporsignin.en" />
</LocalizedResourcesReferences>
</ContentDefinition>
<ContentDefinition Id="api.signuporsignin.quick">
<LoadUri>https://x.blob.core.windows.net/didvcbranding/unifiedquick.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.0</DataUri>
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.signuporsigninquick.en" />
</LocalizedResourcesReferences>
</ContentDefinition>
<!-- CHANGE THE ABOVE LINES -->
</ContentDefinitions>
<Localization Enabled="true">
<SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
<LocalizedResources Id="api.signuporsignin.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="local_intro_generic">Sign in to your account</LocalizedString>
<LocalizedString ElementType="UxElement" StringId="social_intro">Other ways to login</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
<LocalizedResources Id="api.signuporsigninquick.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="local_intro_generic">Sign in to your account</LocalizedString>
<LocalizedString ElementType="UxElement" StringId="social_intro">Sign in with your Verifiable Credentials</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<DisplayName>Local Account</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email-Only">
<Metadata>
<Item Key="setting.showSignupLink">false</Item>
<Item Key="setting.forgotPasswordLinkLocation">None</Item>
</Metadata>
<IncludeTechnicalProfile ReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</TechnicalProfile>
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
<DisplayName>Local Account Signin</DisplayName>
<InputClaims>
<!-- Q&D hack - pass API URL in signInName claim as B2C is touchy on adding other claims in signin page -->
<InputClaim ClaimTypeReferenceId="signInName" AlwaysUseDefaultValue="true" DefaultValue="https://1c40-122-60-191-57.ngrok-free.app/api/verifier" />
</InputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<!-- Claims Provider for Signin via VC UX -->
<ClaimsProvider>
<DisplayName>Self Asserted</DisplayName>
<TechnicalProfiles>
<!-- Signing in with a VC when VC isn't linked to a B2C account -->
<TechnicalProfile Id="SelfAsserted-VCSigninNoObject">
<DisplayName>Verifiable Credentials</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.vc</Item>
<Item Key="setting.showCancelButton">false</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="VCStateId" />
<!-- if you change this one, you need to change the all ServiceUrl in this file -->
<!-- CHANGE THE BELOW LINE -->
<InputClaim ClaimTypeReferenceId="VCServiceUrl" AlwaysUseDefaultValue="true" DefaultValue="https://1c40-122-60-191-57.ngrok-free.app/api/verifier"/>
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="VCStateId" />
<DisplayClaim ClaimTypeReferenceId="VCServiceUrl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surName" />
<OutputClaim ClaimTypeReferenceId="vcCredentialType" />
<OutputClaim ClaimTypeReferenceId="vcSubject" />
<OutputClaim ClaimTypeReferenceId="vcIssuer" />
<OutputClaim ClaimTypeReferenceId="vcKey" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="DID" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-VC-GetAuthResult" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
<!-- Signing in with a VC when VC references a B2C account -->
<TechnicalProfile Id="SelfAsserted-VCSignin">
<DisplayName>Verifiable Credentials</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.vc</Item>
<Item Key="setting.showCancelButton">false</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="VCStateId" />
<!-- if you change this one, you need to change the all ServiceUrl in this file -->
<!-- CHANGE THE BELOW LINE -->
<InputClaim ClaimTypeReferenceId="VCServiceUrl" AlwaysUseDefaultValue="true" DefaultValue="https://1c40-122-60-191-57.ngrok-free.app/api/verifier"/>
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="VCStateId" />
<DisplayClaim ClaimTypeReferenceId="VCServiceUrl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surName" />
<OutputClaim ClaimTypeReferenceId="vcCredentialType" />
<OutputClaim ClaimTypeReferenceId="vcSubject" />
<OutputClaim ClaimTypeReferenceId="vcIssuer" />
<OutputClaim ClaimTypeReferenceId="vcKey" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="DID" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-VC-GetAuthResult" />
<!-- make sure the user exists in the directory -->
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingObjectId" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
<!-- TP that gets executed after QR code is scanned on signin page -->
<TechnicalProfile Id="SelfAsserted-VCSigninQuick">
<DisplayName>Verifiable Credentials</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.vc</Item>
<Item Key="setting.showCancelButton">false</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="VCStateId" DefaultValue="{Context:CorrelationId}" AlwaysUseDefaultValue="true" />
<!-- if you change this one, you need to change the all ServiceUrl in this file -->
<!-- CHANGE THE BELOW LINE -->
<InputClaim ClaimTypeReferenceId="VCServiceUrl" AlwaysUseDefaultValue="true" DefaultValue="https://1c40-122-60-191-57.ngrok-free.app/api/verifier" />
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="VCStateId" />
<DisplayClaim ClaimTypeReferenceId="VCServiceUrl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="VCStateId" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surName" />
<OutputClaim ClaimTypeReferenceId="VCCredentialType" />
<OutputClaim ClaimTypeReferenceId="VCCredentialType" />
<OutputClaim ClaimTypeReferenceId="VCSubject" />
<OutputClaim ClaimTypeReferenceId="VCIssuer" />
<OutputClaim ClaimTypeReferenceId="VCKey" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="DID" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-VC-GetAuthResult" />
<!-- make sure the user exists in the directory -->
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingObjectId" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
<!-- VC Issuance during B2C Signup -->
<TechnicalProfile Id="SelfAsserted-VCIssuance">
<DisplayName>Verifiable Credentials</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.vc</Item>
<Item Key="setting.showCancelButton">false</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="VCStateId" DefaultValue="{Context:CorrelationId}" AlwaysUseDefaultValue="true" />
<!-- if you change this one, you need to change the all ServiceUrl in this file -->
<!-- CHANGE THE BELOW LINE -->
<InputClaim ClaimTypeReferenceId="VCServiceUrl" AlwaysUseDefaultValue="true" DefaultValue="https://1c40-122-60-191-57.ngrok-free.app/api/issuer"/>
<InputClaim ClaimTypeReferenceId="VCIssued" DefaultValue="issuance" AlwaysUseDefaultValue="true" />
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="VCStateId" />
<DisplayClaim ClaimTypeReferenceId="VCServiceUrl" />
<DisplayClaim ClaimTypeReferenceId="VCIssued" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="VCIssued" /> <!-- issued/not issued on return-->
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<!-- REST API Claims Provider -->
<ClaimsProvider>
<DisplayName>REST API</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="REST-VC-GetAuthResult">
<DisplayName>Verifiable Credentials Authentication Result</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- CHANGE THE BELOW LINE -->
<Item Key="ServiceUrl">https://1c40-122-60-191-57.ngrok-free.app/api/verifier/presentation-response-b2c</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="SendClaimsIn">Body</Item>
</Metadata>
<InputClaims>
<!-- Key to auth result. Comes from the UX -->
<InputClaim ClaimTypeReferenceId="VCStateId" PartnerClaimType="id" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="vcCredentialType" PartnerClaimType="vcType" />
<OutputClaim ClaimTypeReferenceId="vcSubject" PartnerClaimType="vcSub" />
<OutputClaim ClaimTypeReferenceId="vcIssuer" PartnerClaimType="vcIss" />
<OutputClaim ClaimTypeReferenceId="vcKey" PartnerClaimType="vcKey" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="username" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="lastName" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="DID" AlwaysUseDefaultValue="true" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
<TechnicalProfile Id="REST-VC-PostIssuanceClaims">
<DisplayName>Verifiable Credentials Authentication Result</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!-- CHANGE THE BELOW LINE -->
<Item Key="ServiceUrl">https://1c40-122-60-191-57.ngrok-free.app/api/issuer/issuance-claims-b2c</Item>
<!-- <Item Key="AuthenticationType">ApiKeyHeader</Item> change this to None for dev/debug -->
<Item Key="AuthenticationType">None</Item> <!-- change this to None for dev/debug -->
<Item Key="SendClaimsIn">Body</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<CryptographicKeys>
<Key Id="x-api-key" StorageReferenceId="B2C_1A_RestApiKey" /> <!-- remember to set this in the samples appSettings/etc -->
</CryptographicKeys>
<InputClaims>
<!--
This list must cover what claims we expect to have in the issued VC, ie claims you have in the rules section for claims mapping.
What happens later is that the selfAsserted UX in a subsequent B2C step calls the VC sample REST API to
create an issuance request and specifies the B2C correlationId. The VC sample can then retrieve the
cached claims. The user scans the QR code with the Authenticator and gets a VC card for the B2C user.
-->
<InputClaim ClaimTypeReferenceId="correlationId" PartnerClaimType="id" DefaultValue="{Context:CorrelationId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="IPAddress" DefaultValue="{Context:IPAddress}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" DefaultValue="{Policy:TenantObjectId}" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="username" />
<InputClaim ClaimTypeReferenceId="displayName" />
<InputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
<InputClaim ClaimTypeReferenceId="surName" PartnerClaimType="lastName" />
</InputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
</TrustFrameworkPolicy>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment