Following the Verifiable Credentials B2C Sample here https://github.com/Azure-Samples/active-directory-verifiable-credentials/blob/main/B2C/README.md
I have updated the selfasserted.html file with the path (in Azure Storage) of qrcode.min.js. But none of the following B2C policies render the QRCode when the user journey is run. This means a verifiable credential can neither be issued nor verified.
B2C_1A_SIGNINMFA_VC B2C_1A_SIGNIN_VC B2C_1A_SIGNUP_SIGNIN_VC B2C_1A_VC_SUSIQ B2C_1A_VC_SUSI_ISSUEVC However, there are no issues loading the QR code when hitting the app endpoint directly via localhost or using ngrok. Only seems to happen when going via Azure B2C.
UPDATE 1
After updating the sample to use the claim resolver everywhere VCStateId is used as an input claim as well as adding the metadata key I notice the following
The request url now has an id parameter, except that it is exactly "{Context:CorrelationId}" and not resolving to the actual correlation id. I see the following under headers in dev tools (sanitized) "Request URL: https://xxxx-xxxx.ngrok-free.app/api/verifier/presentation-response-status?id={Context:CorrelationId}"
I see the script for the initial page you see when using ngrok, that warns you about proceeding only of you trust the site
UPDATE 2
I now consistently see an 'id' getting added to the request url. I was missing one more spot to add the metadata key IncludeClaimResolvingInClaimsHandling => true. But still, no qrcode.
UPDATE 3
I went a step further and made a bit of progress. I added an header in ngrok to skip the warning page and was able to get rid of the error: "Uncaught (in promise) SyntaxError: Unexpected token '<', "<!DOCTYPE "... is not valid JSON". Now here is what I see in console:
Generating QR code encoded with openid://vc/?request_uri=https ://xxx.ngrok-free. app/api/verifier/presentation-request-proxy?id=xxxx-xxxx-xxxx-xxxx-xxxx
QRCode is not defined
Also in the B2C sign in page, instead of the QR code I see the screenshot
UPDATE 4
It appears like the sample has been updated on the sign-up/sign-in quick flow but not the others.
On the SignupOrSigninVCQ policy, the technical profile that is executed sets the
VCStateId
to the Correlation ID of the journey.Compare this to the SigninVC policies technical profile, you can see that the input claim
VCStateId
is never given a default value.A few changes to make this work are:
Any input claims for
VCStateId
should be updated to have a default value:You will also need to add the Claims Resolver metadata to each of the technical profiles you change:
The presentation request should now include the
id
in the query string.Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.