Open in app

Sign in

Write

Sign in

Getting the Verifiable Credentials .NET sample 3 working (Part 2)

Rory Braybrook
The new control plane
Published in
3 min readJun 12, 2023
Image of VC.

First, read part 1.

Part 1 is a website that issues and verifies VC.

Part 2 is a B2C custom policy that uses the API in the website to issue and verify a VC from B2C.

The custom policies and HTML are here.

We will use the SignupOrSigninVCQ policy.

There are three HTML files that you need to download and store in your own blob storage.

In “selfAsserted.html”:

<!-- 
  You should host qrcode.min.js in your own location, like Azure Storage, since using the below link will 
  give you a CORS error in the browser
-->
<script src="https://raw.githubusercontent.com/davidshimjs/qrcodejs/master/qrcode.min.js"></script>

Download “qrcode.min.js”, store this in blob storage and change the link to point to it.

Do the same in “unifiedquick.html”.

As usual, the policies are in a gist for reference.

I used the Github repo. files as the reference for the changes below.

For “TrustFrameworkExtensionsVC.xml”:

Changes all references to “yourstorageaccount.blob” to your blob storage.

Change all references to “https://df4a-158-174-131-118.ngrok.io/api/verifier" to your ngrok address (see part 1).

Set:

<Item Key="AuthenticationType">ApiKeyHeader</Item> <!-- change this to None for dev/debug -->

this to “None”.

In the gist file, I based the policies on the SocialAndLocalAccountsWithMFA starter pack, so I have altered the numbering of the user journey.

MFA is not part of VC, so you can remove this if you want.

Upload these changed files.

Start the website and ngrok (from part 1).

In the portal, run the SignupOrSigninVCQ policy.

It’s called “B2C_1A_VC_susiq”.

Image showing sign up / sign in with VC.

Sign up a new user:

Image showing new user sign-up.

If you left the MFA in, you will have to proof up:

Image showing QR code after sign-up.

Scan the QR code with the Authenticator app.

Add the new VC. (See part 1 for screenshots).

Now run the SignupOrSigninVCQ policy again.

This time, scan the QR code on the login screen with the Authenticator app.

Share the VC that you have just created.

If you left the MFA in, you will have to type in the OTP sent to your phone.

You are now authenticated and B2C will redirect to your app.

Image showing JWT with VC claims e.g. “VCCredentialType”.

You have now signed up and signed in with a VC using Azure AD B2C — no login / no password 😃.

All good!

Azure Active Directory
Azure Ad B2c
Custom Policies
Verifiable Credentials
Distributed Identity

--

--

Rory Braybrook
The new control plane

Written by Rory Braybrook

730 Followers
Editor for

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams