This project is currently being moved to Microsoft Entra Verified Id Wallet Library. Feel free to browse the code, but we will not support this library moving forward.

This SDK is used in the Microsoft Authenticator app in order to interact with verifiable credentials and Decentralized Identifiers (DIDs) on the ION network. It can be integrated with any app to provide interactions using verifiable credentials.

Verifiable Credentials

Verifiable credentials is a W3C standard that can be used to validate information about people, organizations, and more. Verifiable credentials put people in control of their personal information, enabling more trustworthy digital experiences while respecting people's privacy.

To learn more about verifiable credentials, please review our documentation.

How to use SDK

Initializing SDK

VerifiableCredentialSDK - this class is used to initialize the SDK. You may want to call during your dependency injection initialization:

/// Both parameters are optional:
/// - logConsumer: conforms to the VCLogConsumer to inject logging into the SDK.
/// - accessGroupIdentifier: String to tell the SDK where to save keys in KeyChain. If nil, will use the default access group.
/// Returns: Result<VCSDKStatus, Error>
let result = VerifiableCredentialSDK.initialize(logConsumer: sdkLogConsumer, accessGroupIdentifier: accessGroupIdentifier);

switch result {
    case .success(let status):
        print("\(status) will equal success or new master identifier created")
    case .failure(let error):
        print("Initialization failed because of specific error")
}

We currently support the following services:

IssuanceService()
PresentationService()

APIs

Our APIs use PromiseKit. Read more about promises here.

All our public APIs return Promise<T> objects. This forces explicit error handling.

You can unpack and handle these promises easily in Swift with the done and catch statements

functionThatReturnPromise().done { objectReturned in
    handleRequestSuccess(objectReturned) // will be smartcasted into <T>
}.catch { error in
    handleRequestFailure(error)
}

Receive a Verifiable Credential (IssuanceService)

To receive a verifiable credential you need a service endpoint providing an issuance contract. You can either get it from someone or create your own. See How to customize your credentials for more information or use an existing provider. In the future, we plan to support the DIF standard Credential Manifest.

    func issuanceSample() {
        /// set up issuance service through dependency injection if you like.
        let issuanceService = IssuanceService()
        
        issuanceService.getRequest(usingUrl: "<issuance request url>").done { issuanceRequest in
            self.handle(successfulRequest: issuanceRequest, with: issuanceService)
        }.catch { error in
            self.handle(failedRequest: error)
        }
    }
    
    private func handle(successfulRequest request: IssuanceRequest, with service: IssuanceService) {
        
        let response: IssuanceResponseContainer
        
        do {
            response = try IssuanceResponseContainer(from: request.content, contractUri: "<issuance request url>")
        } catch {
            VCSDKLog.sharedInstance.logError(message: "Unable to create IssuanceResponseContainer.")
            return
        }
        
        service.send(response: response).done { verifiableCredential in
            self.handle(successfulResponse: verifiableCredential)
        }.catch { error in
            self.handle(failedResponse: error)
        }
    }

Most issuance requests will ask you for attestations that the user might need to provide. Provide them by filling the values for the existing keys in the three available maps for self attested claims, idtokens and vcs.

private func addRequestedData(response: IssuanceResponseContainer) {
    response.requestedSelfAttestedClaimMap["key string found in contract"] = "user specified values"
    response.requestedIdTokenMap["configuration uri"] = "your idToken"
    response.requestedVCMap["credential type"] = yourVc
}

See the full sample.

Present Verifiable Credentials (PresentationService)

A presentation request can ask for multiple VCs and follows the Presentation Exchange of the Decentralized Identity Foundation. In code, presenting follows an almost identical pattern as issuance.

   
    func presentationSample() {
        /// set up presentation service through dependency injection if you like.
        let presentationService = PresentationService()
        
        presentationService.getRequest(usingUrl: "<presentation request url>").done { presentationRequest in
            self.handle(successfulRequest: presentationRequest, with: presentationService)
        }.catch { error in
            self.handle(failedRequest: error)
        }
    }
    
    private func handle(successfulRequest request: PresentationRequest, with service: PresentationService) {
        
        let response: PresentationResponseContainer
        
        do {
            response = try PresentationResponseContainer(from: request)
        } catch {
            VCSDKLog.sharedInstance.logError(message: "Unable to create PresentationResponseContainer.")
            return
        }
        
        service.send(response: response).done { _ in
            self.handleSuccessfulResponse()
        }.catch { error in
            self.handle(failedResponse: error)
        }
    }

You can only present VCs in a presentation request. Add the requested VCs:

private func addRequestedData(response: PresentationResponseContainer) {
    response.requestedVCMap["credential type"] = yourVc
}

See the full sample.

Pairwise Identifiers

By default every relationship to relying parties (RP) will use a different DID per Relying Party such that they can not correlate users actions. The client will automatically fetch exchanged VCs from the original issuer. This behavior can be disabled on a per call basis with the isPairwise flag in send.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

ACTION REQUIRED: Microsoft needs this private repository to complete compliance info

There are open compliance tasks that need to be reviewed for your VerifiableCredential-SDK-iOS repo.

Action required: 4 compliance tasks

To bring this repository to the standard required for 2021, we require administrators of this and all Microsoft GitHub repositories to complete a small set of tasks within the next 60 days. This is critical work to ensure the compliance and security of your microsoft GitHub organization.

Please take a few minutes to complete the tasks at: https://repos.opensource.microsoft.com/orgs/microsoft/repos/VerifiableCredential-SDK-iOS/compliance

The GitHub AE (GitHub inside Microsoft) migration survey has not been completed for this private repository
No Service Tree mapping has been set for this repo. If this team does not use Service Tree, they can also opt-out of providing Service Tree data in the Compliance tab.
No repository maintainers are set. The Open Source Maintainers are the decision-makers and actionable owners of the repository, irrespective of administrator permission grants on GitHub.
Classification of the repository as production/non-production is missing in the Compliance tab.

You can close this work item once you have completed the compliance tasks, or it will automatically close within a day of taking action.

If you no longer need this repository, it might be quickest to delete the repo, too.

GitHub inside Microsoft program information

More information about GitHub inside Microsoft and the new GitHub AE product can be found at https://aka.ms/gim or by contacting [email protected]

FYI: current admins at Microsoft include @mahoekst, @mauesrog, @dstrockis, @thehenrytsai, @isaacJChen, @dangodb, @csuwildcat, @AndiMiko, @esgoode, @logangirvin, @timcappalli, @beejones, @Lokicity

microsoft / verifiablecredential-sdk-ios Goto Github PK