EUDI interoperability
This page displays the latest results of our interop testing with components of the EUDI Wallet Reference Implementation. The Reference Implementation offers:
- Demo EUDI Wallet for iOS and Android
- Issuer services
- Verifier services
What we test
| Category | Tested |
|---|---|
| Credential formats |
|
| Exchange protocols |
|
| Schemas | All schemas included in the version of the EUDI Issuer being tested. The results for PID and mDL are shared below; results of other schemas are highlighted if notable. |
| Flows | Pre-Authorization Code Grant, issuer-initiated, remote presentation |
| Presentation Query Type | Presentation Exchange |
What we don't test
| Category | Not tested |
|---|---|
| Flows | Authorization Code Grant, wallet-initiated flows, proximity flows |
| Presentation Query Type | DCQL |
Components
| Component | Version |
|---|---|
| EUDI Issuer | 0.7.1 |
| EUDI Verifier | 0.4.0 |
| EUDI iOS Wallet | 2025.04.25-Demo |
| EUDI Android Wallet | 2025.04.25-Demo |
| Procivis One Core | 1.52.4 and associated Wallet and Verifier apps |
Results
The following results were obtained on or before 2025.05.08.
| Color | Meaning |
|---|---|
| Working | |
| Issues related to configuration or integration | |
| Implementation mismatch; high priority fixes in progress |
The external components tested here are maintained by third parties and may be updated without notice. Our test results include compatibility adjustments that may become outdated if upstream changes are deployed. We update these test results periodically but cannot guarantee they reflect the current state of all external dependencies.
Issuance
PID using SD-JWT VC
| Issuer | Holder | Status | Comment |
|---|---|---|---|
| EUDI | Procivis One | ||
| Procivis One | EUDI iOS | ||
| Procivis One | EUDI Android |
PID using mdoc
| Issuer | Holder | Status | Comment |
|---|---|---|---|
| EUDI | Procivis One | ||
| Procivis One | EUDI iOS | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service | |
| Procivis One | EUDI Android |
ISO mDL using mdoc
| Issuer | Holder | Status | Comment |
|---|---|---|---|
| EUDI | Procivis One | ||
| Procivis One | EUDI iOS | Wallet does not trust certificate used; expected to work after integration with relying party registration service. | |
| Procivis One | EUDI Android |
Verification
PID using SD-JWT VC
| Issuer | Holder | Verifier | Status | Comment |
|---|---|---|---|---|
| EUDI | Procivis One | Procivis One | ||
| EUDI | Procivis One | EUDI | ||
| EUDI | EUDI iOS | Procivis One | ||
| EUDI | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | Procivis One | ||
| Procivis One | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | EUDI | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service | |
| Procivis One | Procivis One | EUDI | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service |
PID using mdoc
| Issuer | Holder | Verifier | Status | Comment |
|---|---|---|---|---|
| EUDI | Procivis One | Procivis One | ||
| EUDI | Procivis One | EUDI | ||
| EUDI | EUDI iOS | Procivis One | ||
| EUDI | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | Procivis One | ||
| Procivis One | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | EUDI | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service | |
| Procivis One | Procivis One | EUDI | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service |
ISO mDL using mdoc
| Issuer | Holder | Verifier | Status | Comment |
|---|---|---|---|---|
| EUDI | Procivis One | Procivis One | ||
| EUDI | Procivis One | EUDI | ||
| EUDI | EUDI iOS | Procivis One | ||
| EUDI | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | Procivis One | ||
| Procivis One | EUDI Android | Procivis One | ||
| Procivis One | EUDI iOS | EUDI | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service | |
| Procivis One | Procivis One | EUDI | The certificates used by Procivis One are not part of the EUDI trust infrastructure; working on an integration with EUDI relying party registration service |
Revocation
No EUDI revocation components currently exist to test against.
Set it up yourself
- The following instructions assume you are starting from the default configuration of the one-core. EUDI interop components are not currently available in the Trial environment of the Procivis One Desk.
- Make sure you test against pinned versions of the components as they are regularly updated. We hope to have deployments of the EUDI components available soon so you can test with them directly.
Configuration
You can use OPENID4VCI_DRAFT13 out-of-the-box to issue EUDI credentials.
Just be sure to provide the needed encryption keys, described in the
configuration override docs.
For either holding or verifying EUDI-issued credentials you need the EUDI
certificate in order to verify the signature on the credential. You will
provide the certificate to the Core in three places, as well as the EUDI
URL scheme for OID4VP. You can obtain the latest EUDI certificates from the
wallet repository;
use the certificate with the "ut" country extension, for example
pidissuerca02_ut.der.
If you are running multiple instances of the Core— for instance, a server instance configured for issuing and verifying and a mobile instance configured only for holding — remember to change each instance as necessary.
For example, if you want to receive EUDI mdocs in a Procivis One wallet and verify them with a Procivis One Desk, be sure to complete all instructions for both the mobile and server instances.
Create an entry of OID4VP specifically for EUDI, using their issuing certificate and URL scheme. Use the example below, or check out the one-core repo, making sure to input the current EUDI certificate:
verificationProtocol:
OPENID4VP_DRAFT25_EUDI:
display:
en: "OpenID4VP draft 25 (EUDI)"
order: 8
type: "OPENID4VP_DRAFT25"
params:
public:
useRequestUri: true
urlScheme: eudi-openid4vp // Set the URL scheme
x509CaCertificate: {{EUDI-ISSUER-CERTIFICATE}} // Put the EUDI issuer certificate here
verifier: // Needed for verifiers
supportedClientIdSchemes: [redirect_uri, verifier_attestation, did, x509_san_dns]
defaultClientIdScheme: x509_san_dns
holder:
supportedClientIdSchemes: [redirect_uri, verifier_attestation, did, x509_san_dns] // Needed for wallets
redirectUri:
enabled: true
allowedSchemes: ["https"]
When you create a proof request for EUDI credentials you will use this verification protocol. The URL scheme is used to parse the request and the certificate is used to verify the signature on the request. The wallet will automatically choose the EUDI protocol based on the URL scheme in the configuration.
Related guide: Configure OID4VC
Create two DID method entries, one for mDL and one for SD-JWT VC. Use the example below, making sure to input the current EUDI certificate:
did:
MDL:
type: "MDL"
display: "did.mdl"
order: 5
params:
private:
iacaCertificate: {{EUDI-ISSUER-CERTIFICATE}} // Put the EUDI issuer certificate here
SD_JWT_VC_ISSUER_METADATA:
type: "SD_JWT_VC_ISSUER_METADATA"
display: "did.sd_jwt_vc_issuer_metadata"
order: 20
params:
private:
iacaCertificate: {{EUDI-ISSUER-CERTIFICATE}} // Put the EUDI issuer certificate here
The did:mdl is used to verify signatures on ISO mdoc credentials and the
did:sd_jwt_vc_issuer_metadata is used to verify signatures on SD-JWT VC
credentials that were signed by a certificate.
Schemas
The EUDI Issuer provides several predefined schemas including PID and mDL. In order to issue, hold, or verify these credentials you need to provide the system with the schemas. These need to be recreated using the usual credential schema creation workflow.
If you are using the Procivis One Wallet or Verifier apps, the schemas are already loaded and you do not need to import them.
Issuance
When issuing with the Core:
- Make sure you use the right schema
When issuing with the EUDI Issuer:
- Select "Pre-Authorization Code Grant" in the "Grants" selector.
Verification
When verifying with the EUDI Verifier:
-
Select "Presentation Exchange" in the "Presentation Query Type"
-
Select "Get" in the "Request URI Method"
Roadmap
- We are making significant changes to the way the system handles
certificates. This will eliminate the need for
did:mdland other workarounds, and simplify the certificates workflow. - The EUDI trust management concept is rapidly evolving. We are following developments closely.