Hi,
I'm curious to know what and how the APIs and communications between apps are being invoked in the sample app. I suppose the following sequence of calls between apps are being taken place for issuing VC:
- Click Get Credential button -> QR Code is generated -> "issue-request" (in app.js) is invoked.
- Scan QR Code in Microsoft Authenticator -> Authenticator "GET" "issue-request.jwt" in "app.js"
- Authenticator access the Verifiable Credentials "rules" and "display" -> Prompt for "Sign-in" according to the "attestations.idTokens.configuration" specified in the rules file.
- Sign in -> return "SUCCESS" or "FAILURE" to Microsoft Authenticator per the authentication service specified in "configuration". (Is it done through OAuth 2.0?)
- Display the "Add" button in Microsoft Authenticator if "SUCCESS".
- Click "Add" -> Verifiable Credential added to the Wallet.
Here are my questions:
- What type of service is required for Sign In by Microsoft Authenticator for issuing with Verifiable Credential? Any OAuth 2.0?
- Is there a DID generated by AD Verifiable Credentials and written to ION for the requester? If so, when and how is the DID of the requester being written to the ION network?
- When and how the Verifiable Credential of the requester is being generated and written to the ION network?
- Will a new Verifiable Credential generated for each request from the same requester? I suppose not. If not, how the previously generated VC is retrieved and passed to Authenticator? If yes, why?
Could you please help?
Cheers,
Jason