Hi,
I'm curious to know what and how the APIs and communications between apps are being invoked in the sample app. I suppose the following sequence of calls between apps are being taken place for issuing VC:
- Click Get Credential button -> QR Code is generated -> "issue-request" (in app.js) is invoked.
- Scan QR Code in Microsoft Authenticator -> Authenticator "GET" "issue-request.jwt" in "app.js"
- Authenticator access the Verifiable Credentials "rules" and "display" -> Prompt for "Sign-in" according to the "attestations.idTokens.configuration" specified in the rules file.
- Sign in -> return "SUCCESS" or "FAILURE" to Microsoft Authenticator per the authentication service specified in "configuration". (Is it done through OAuth 2.0?)
- Display the "Add" button in Microsoft Authenticator if "SUCCESS".
- Click "Add" -> Verifiable Credential added to the Wallet.
Here are my questions:
- What type of service is required for Sign In by Microsoft Authenticator for issuing with Verifiable Credential? Any OAuth 2.0?
- Is there a DID generated by AD Verifiable Credentials and written to ION for the requester? If so, when and how is the DID of the requester being written to the ION network?
- When and how the Verifiable Credential of the requester is being generated and written to the ION network?
- Will a new Verifiable Credential generated for each request from the same requester? I suppose not. If not, how the previously generated VC is retrieved and passed to Authenticator? If yes, why?
Could you please help?
Cheers,
Jason
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 33%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)