Draft
Conversation
Signed-off-by: Ana Goessens <ana@animo.id>
TimoGlastra
approved these changes
Feb 3, 2026
Member
TimoGlastra
left a comment
TimoGlastra
left a comment
There was a problem hiding this comment.
I started reviewing the integration with a wallet. But it's better I just edit this locally. For most things we can just point to HAIP now.
You can apply my suggestions, but I will do the other work in a follow up PR
Comment on lines
+6
to
+16
| | | Supports | Notes | | ||
| | :------------ | :---------: | ----------: | | ||
| | EUDI Credential formats | SD-JWT VC | | | ||
| | | ISO 18013-5 mDoc | | | ||
| | OpenID4VCI | 1.0 | | | ||
| | OpenID4VCP | 1.0 | | | ||
| | Authorization code flows | Presentation during issuance | | | ||
| | | Sign in | | | ||
| | | Transaction code | | | ||
| | Deferred Issuance| ✔️ | | | ||
| | Digital Credentials API| ✔️ | Only using OpenID4VP on Android | |
Member
There was a problem hiding this comment.
Suggested change
| | | Supports | Notes | | |
| | :------------ | :---------: | ----------: | | |
| | EUDI Credential formats | SD-JWT VC | | | |
| | | ISO 18013-5 mDoc | | | |
| | OpenID4VCI | 1.0 | | | |
| | OpenID4VCP | 1.0 | | | |
| | Authorization code flows | Presentation during issuance | | | |
| | | Sign in | | | |
| | | Transaction code | | | |
| | Deferred Issuance| ✔️ | | | |
| | Digital Credentials API| ✔️ | Only using OpenID4VP on Android | | |
| | | Supports | Notes | | |
| |--:-----------------------|--:-:-------------------------|--:----------------------------------| | |
| | EUDI Credential formats | SD-JWT VC | | | |
| | | ISO 18013-5 mDoc | | | |
| | OpenID4VCI | 1.0 | | | |
| | OpenID4VCP | 1.0 | | | |
| | Authorization code flows | Presentation during issuance | Legacy flow based on SPRIN-D design | | |
| | | Sign in | | | |
| | | Transaction code | | | |
| | Deferred Issuance | ✔️ | | | |
| | Digital Credentials API | ✔️ | Only using OpenID4VP on Android | | |
Member
There was a problem hiding this comment.
I'd also add a section to this page that can track e.g. ETSI/ARF standards. But we can add this later as well
|
|
||
| # Install the wallet | ||
|
|
||
| This page describes how to integrate with and use the **[Public Beta](todo:add)** of the Paradym Wallet, which supports experimental features and is used in several EU Pilots. The public, stable, version of the Paradym Wallet can be found in [app stores](https://paradym.id/products/paradym-mobile-wallet). |
Member
There was a problem hiding this comment.
Why todo:add, you add the link below?
|
|
||
| This is your guide to the Paradym EUDI Wallet 🇪🇺. | ||
|
|
||
| The Paradym Wallet is the identity wallet companion to the [Paradym](https://paradym.id/) digital identity platform, which handles issuance, verification and trust management for Relying Parties. This site describes how to integrate with and use the **[Public Beta](todo:add)** of the Paradym Wallet, which supports experimental features and is used in several EU Pilots. |
Member
There was a problem hiding this comment.
I'd link to the install page here for the todo:add
| This page features a collection of video's to demonstrate EUDI flows. | ||
|
|
||
| - [Paradym Wallet Feature Playlist](https://www.youtube.com/watch?v=koetZfHSvKY&list=PLopHpZBbk8wN5xHgqSCncUZ4wy7cblu4A) | ||
| - [Paradym Wallet & French National Playground ](https://youtu.be/BkWGGCjuW4U?si=09a-1jq711NBbiTR). Demo showing the Paradym wallet working with the web verifier from the French National playground. |
Member
There was a problem hiding this comment.
Suggested change
| - [Paradym Wallet & French National Playground ](https://youtu.be/BkWGGCjuW4U?si=09a-1jq711NBbiTR). Demo showing the Paradym wallet working with the web verifier from the French National playground. | |
| - [Paradym Wallet & French National Playground](https://youtu.be/BkWGGCjuW4U?si=09a-1jq711NBbiTR). Demo showing the Paradym wallet working with the web verifier from the French National playground. |
Member
There was a problem hiding this comment.
We should record some new flows for the french wallet integration, and the payments
Comment on lines
+5
to
+10
| | For | Go to | | ||
| | :------------ | :---------: | | ||
| | Talking to the team | Join our [weekly open call](#weekly-open-call). | | ||
| | Raising a public issue or technical discussion | Create an issue on the [GitHub repository](https://github.com/animo/paradym-wallet). Issues are public, enabling anyone to see current issues and their status. | | ||
| | Raising a private issue | [Email us](mailto:ana@animo.id). Please put 'EUDI Wallet' and other helpful information like your pilot project and/or working group in subject email. | | ||
| | Discussing your project | Post in the #paradym-wallet channel in the [Paradym Community Slack](https://join.slack.com/t/paradymgroup/shared_invite/zt-225avbgsm-LXzkDdLV59cJ5v76Xu9y5A) | |
Member
There was a problem hiding this comment.
very hard to read unformatted tables
Suggested change
| | For | Go to | | |
| | :------------ | :---------: | | |
| | Talking to the team | Join our [weekly open call](#weekly-open-call). | | |
| | Raising a public issue or technical discussion | Create an issue on the [GitHub repository](https://github.com/animo/paradym-wallet). Issues are public, enabling anyone to see current issues and their status. | | |
| | Raising a private issue | [Email us](mailto:ana@animo.id). Please put 'EUDI Wallet' and other helpful information like your pilot project and/or working group in subject email. | | |
| | Discussing your project | Post in the #paradym-wallet channel in the [Paradym Community Slack](https://join.slack.com/t/paradymgroup/shared_invite/zt-225avbgsm-LXzkDdLV59cJ5v76Xu9y5A) | | |
| | For | Go to | | |
| |-:----------------------------------------------|-:-:-------------------------------------------------------------------------------------------------------------------------------------------------------------| | |
| | Talking to the team | Join our [weekly open call](#weekly-open-call). | | |
| | Raising a public issue or technical discussion | Create an issue on the [GitHub repository](https://github.com/animo/paradym-wallet). Issues are public, enabling anyone to see current issues and their status. | | |
| | Raising a private issue | [Email us](mailto:ana@animo.id). Please put 'EUDI Wallet' and other helpful information like your pilot project and/or working group in subject email. | | |
| | Discussing your project | Post in the #paradym-wallet channel in the [Paradym Community Slack](https://join.slack.com/t/paradymgroup/shared_invite/zt-225avbgsm-LXzkDdLV59cJ5v76Xu9y5A) | |
|
|
||
|
|
||
|
|
||
| When using DCQL, the request should include a DCQL Query (dcql_query) property. The response will include only a vp_token. The gist linked above contains example structures for different possible queries. |
Member
There was a problem hiding this comment.
Suggested change
| When using DCQL, the request should include a DCQL Query (dcql_query) property. The response will include only a vp_token. The gist linked above contains example structures for different possible queries. | |
| When using DCQL, the request should include a DCQL Query (dcql_query) property. |
|
|
||
| When using DCQL, the request should include a DCQL Query (dcql_query) property. The response will include only a vp_token. The gist linked above contains example structures for different possible queries. | ||
|
|
||
| DCQL is an alternative to presentation definition and newer method to specify which credentials to request from the wallet. DCQL generally provides a simpler structure, and will probably fully replace presentation definition. You should use either DCQL or presentation definition, not both. |
Member
There was a problem hiding this comment.
Suggested change
| DCQL is an alternative to presentation definition and newer method to specify which credentials to request from the wallet. DCQL generally provides a simpler structure, and will probably fully replace presentation definition. You should use either DCQL or presentation definition, not both. |
Comment on lines
+77
to
+107
| { | ||
| "id": "pid_sd_jwt", | ||
| "format": "vc+sd-jwt", | ||
| "meta": { | ||
| "vct_values": [ | ||
| "https://demo.pid-issuer.bundesdruckerei.de/credentials/pid/1.0", | ||
| "https://example.bmi.bund.de/credential/pid/1.0", | ||
| "urn:eu.europa.ec.eudi:pid:1" | ||
| ] | ||
| }, | ||
| "claims": [ | ||
| { | ||
| "path": ["given_name"] | ||
| }, | ||
| { | ||
| "path": ["family_name"] | ||
| }, | ||
| { | ||
| "path": ["age_equal_or_over", "21"], | ||
| "values": [true] | ||
| }, | ||
| { | ||
| "path": ["iss"], | ||
| "values": [ | ||
| "https://demo.pid-issuer.bundesdruckerei.de/c", | ||
| "https://demo.pid-issuer.bundesdruckerei.de/c1", | ||
| "https://demo.pid-issuer.bundesdruckerei.de/b1" | ||
| ] | ||
| } | ||
| ] | ||
| } |
Member
There was a problem hiding this comment.
Suggested change
| { | |
| "id": "pid_sd_jwt", | |
| "format": "vc+sd-jwt", | |
| "meta": { | |
| "vct_values": [ | |
| "https://demo.pid-issuer.bundesdruckerei.de/credentials/pid/1.0", | |
| "https://example.bmi.bund.de/credential/pid/1.0", | |
| "urn:eu.europa.ec.eudi:pid:1" | |
| ] | |
| }, | |
| "claims": [ | |
| { | |
| "path": ["given_name"] | |
| }, | |
| { | |
| "path": ["family_name"] | |
| }, | |
| { | |
| "path": ["age_equal_or_over", "21"], | |
| "values": [true] | |
| }, | |
| { | |
| "path": ["iss"], | |
| "values": [ | |
| "https://demo.pid-issuer.bundesdruckerei.de/c", | |
| "https://demo.pid-issuer.bundesdruckerei.de/c1", | |
| "https://demo.pid-issuer.bundesdruckerei.de/b1" | |
| ] | |
| } | |
| ] | |
| } | |
| { | |
| "id": "pid_sd_jwt", | |
| "format": "dc+sd-jwt", | |
| "meta": { | |
| "vct_values": [ | |
| "urn:eu.europa.ec.eudi:pid:1" | |
| ] | |
| }, | |
| "claims": [ | |
| { | |
| "path": ["given_name"] | |
| }, | |
| { | |
| "path": ["family_name"] | |
| } | |
| ] | |
| } |
|
|
||
| ## Response encryption | ||
|
|
||
| The wallet requires response encryption, which means the wallet will encrypt the authorization response before sending it to the verifier. Encryption is performed based on [JWT-Secured Authorization Response Mode (JARM)(https://openid.net/specs/oauth-v2-jarm.html). It is important to distinguish that the request must be signed, while the response must be encrypted. |
Member
There was a problem hiding this comment.
Suggested change
| The wallet requires response encryption, which means the wallet will encrypt the authorization response before sending it to the verifier. Encryption is performed based on [JWT-Secured Authorization Response Mode (JARM)(https://openid.net/specs/oauth-v2-jarm.html). It is important to distinguish that the request must be signed, while the response must be encrypted. | |
| The Paradym wallet optionally supports response encryption, which means the wallet will encrypt the authorization response before sending it to the verifier. It is important to distinguish that the request is usually signed, while the response is usually encrypted. |
Comment on lines
+116
to
+121
| For the wallet to encrypt the response some parameters need to be included in the authorization request: | ||
| - response_mode should be direct_post.jwt | ||
| - client_metadata should contain a jwks set containing a key where the use is set to enc and the crv is P-256 | ||
| - The key in the client_metadata should contain authorization_encrypted_response_alg with value ECDH-ES and authorization_encrypted_response_enc with value A256GCM | ||
|
|
||
| The structure of the response can be found in [6.3.1. Response Mode "direct_post.jwt"](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-response-mode-direct_postjw). |
Member
There was a problem hiding this comment.
Suggested change
| For the wallet to encrypt the response some parameters need to be included in the authorization request: | |
| - response_mode should be direct_post.jwt | |
| - client_metadata should contain a jwks set containing a key where the use is set to enc and the crv is P-256 | |
| - The key in the client_metadata should contain authorization_encrypted_response_alg with value ECDH-ES and authorization_encrypted_response_enc with value A256GCM | |
| The structure of the response can be found in [6.3.1. Response Mode "direct_post.jwt"](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-response-mode-direct_postjw). | |
| For the wallet to encrypt the response some parameters need to be included in the authorization request: | |
| - `response_mode` must be `direct_post.jwt` | |
| - `client_metadata` should contain a jwks set containing a key where the use is set to `enc` and the `crv` is `P-256` | |
| - If another encryption algorithm than A128GCM is used, the `client_metadata` must contain `encrypted_response_enc_values_supported`. Supported algorithms are `A256GCM` and `A128GCM`. | |
| The structure of the response can be found in [Response Mode "direct_post.jwt"](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-response-mode-direct_post). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The PR contains an error in
types>validator.tsSome of the content is not final yet, this PR is intended to enable @TimoGlastra to start giving feedback while I finish the PR.