A sample implementation of issuer web application for Microsoft Entra Verified ID.
Working demo is running here
- Basically following steps on Microsoft's official documents. here
- Valid Microsoft Azure Subscription and working Entra Verified ID environment.
- Setup Entra Verified ID tenant and define Verifiable Credential issuance settings. Following information will be required during setting this issuer web.
- Azure AD tenant ID
- client_id
- client_secret
- issuer DID
- VC manifest url
- Setup Entra Verified ID tenant and define Verifiable Credential issuance settings. Following information will be required during setting this issuer web.
- OpenID Provider such as Azure AD B2C, Auth0, etc.
- Create client and get following information.
- issuer uri
- client_id
- client_secret
- Create client and get following information.
git clone https://github.com/did-developer-community/entra-sandbox.git
npm Install
rename .env.sample to .env and fill out required parameters regarding your environments.
# Basic configuration
baseURL='https://d6fb-2.....7-906c.ngrok.io'
cookie_secret_key='cookie_secret_key'
# Entra Verified Id API client application configuration
vcApp_azTenantId='b9a.....6486a'
vcApp_client_id='21b3.....619423a5'
vcApp_client_secret='FqG8.....OdrZ'
vcApp_scope='3db474b9-6a0c-4840-96ac-1fceb342124f/.default' <= do not change this value
# OIDC client configuration for user authentication
oidc_auth_client_id='4230d....005e1f'
oidc_auth_issuerBaseURL='https://xxxx.b2clogin.com/xxxx.onmicrosoft.com/B2C_1A_SUSI/v2.0'
oidc_auth_secret='FqG8.....OdrZ'
# VC Issuer configuration
issuance_requestTemplate='./config/issuance_request_template.json'
issuance_authority='did:web:vc.diddc.co'
issuance_registration_clientName='DID Developer Community Entra Issuer'
issuance_registration_logoUrl='https://didwebstorage.blob.core.windows.net/logo/diddc_logo.png'
issuance_registration_termsOfServiceUrl='https://www.microsoft.com/ja-jp/legal/terms-of-use'
issuance_type='["DIDCMemberCredential"]'
issuance_CredentialManifest='https://verifiedid.did.msidentity.com/v1.0/tenants/b9a84eb8-a888-4f41-bb75-43447e36486a/verifiableCredentials/contracts/YjlhODRlYjgtYTg4OC00ZjQxLWJiNzUtNDM0NDdlMzY0ODZhZGlkZGMgbWVtYmVy/manifest'
note) If you run ths issuer on your local environment, please use ngrok url as baseURL in the .env file.