❗ Important! Before you proceed, please read the EUDI Wallet Reference Implementation project description
- Overview
- Disclaimer
- Important things to know
- How to contribute
- Demo videos
- How to use the application
- Application configuration
- License
The EUDI Wallet Reference Implementation is built based on the Architecture Reference Framework and aims to showcase a robust and interoperable platform for digital identification, authentication, and electronic signatures based on common standards across the European Union. The EUDI Wallet Reference Implementation is based on a modular architecture composed of business-agnostic, reusable components that will evolve in incremental steps and can be re-used across multiple projects.
The EUDI Wallet Reference Implementation is the application that allows users to:
- To obtain, store, and, present PID and mDL.
- Verify presentations.
- Share data on proximity scenarios.
- Support remote QES and more use cases with the modules included.
The EUDIW project provides through this repository an iOS app. Please refer to the repositories listed in the following sections for more detailed information on how to get started, contribute, and engage with the EUDI Wallet Reference Implementation.
The app consumes the SDK called EUDIW Wallet core Wallet kit and a list of available libraries to facilitate remote presentation, proximity, and issuing test/demo functionality following specification of the ARF including:
-
OpenID4VP - draft 19 (remote presentation), presentation exchange v2.0,
-
ISO18013-5 (proximity presentation),
-
OpenID4VCI draft 13 (issuing)
-
Issuer functionality, to support development and testing, one can access an OID4VCI test/demo service for issuing at:
Relying Party functionality:
To support development and testing, one can access a test/demo service for remote presentation at:
To support proximity an Android Proximity Verifier is available as an app that can request PID and mDL with reader authentication available here
The issuer, verifier service, and verifier app authentication are based on the EUDIW development IACA
The released software is an initial development release version:
- The initial development release is an early endeavor reflecting the efforts of a short time-boxed period, and by no means can it be considered as the final product.
- The initial development release may be changed substantially over time, might introduce new features but also may change or remove existing ones, potentially breaking compatibility with your existing code.
- The initial development release is limited in functional scope.
- The initial development release may contain errors or design flaws and other problems that could cause system or other failures and data loss.
- The initial development release has reduced security, privacy, availability, and reliability standards relative to future releases. This could make the software slower, less reliable, or more vulnerable to attacks than mature software.
- The initial development release is not yet comprehensively documented.
- Users of the software must perform sufficient engineering and additional testing to properly evaluate their application and determine whether any of the open-sourced components is suitable for use in that application.
- We strongly recommend not to put this version of the software into production use.
- Only the latest version of the software will be supported
The main purpose of the reference implementation is to showcase the ecosystem and act as a technical example of how to integrate and use all of the available components.
If you're planning to use this application in production, we recommend reviewing the following steps:
- Configure the application properly by following the guide here
- Ensure the Pin storage configuration matches your security requirements or provide your own by following this guide Pin Storage Configuration
- Ensure the application meets the OWASP MASVS industry standard. Please refer to the following links for further information on the controls you must implement to ensure maximum compliance:
We welcome contributions to this project. To ensure that the process is smooth for everyone involved, follow the guidelines found in CONTRIBUTING.md.
(NOTE: These videos are from the Android version)
Issuance
issuance.mp4
Presentation
presentation.mp4
Proximity
proximity.mp4
Minimum device requirements
- Any device that supports iOS 15.0
Prerequisites
To complete the flows described below you need to build and run the application with xcode. Alternatively, you can directly download the Android app onto your device.
App center download method (Android app)
In addition to building the app from the source, you can also use the Android app which you can download here
Run the app from the source (xcode build)
Clone this repo and make sure you have access to the dependencies below:
You will also need to download the Android Verifier app here
App launch
- Launch the application
- You will be presented with a welcome screen where you will be asked to create a PIN for future logins.
Issuance flow (Scoped)
- Open the "Add document" screen or if it's the first time you open the app, you will be redirected there after you enter or set up your PIN.
- Pick "National ID".
- From the web view that appears select the "FormEU" option and tap submit.
- Fill in the form. Any data will do.
- You will be shown a success screen. Tap next.
- Your "National ID" is displayed. Tap "Continue".
- You are now on the "Dashboard" screen.
Issuance flow (Credential Offer)
- Open the "Add document" screen or if it's the first time you open the app, you will be redirected there after you enter or set up your PIN.
- Tap "SCAN QR".
- Scan The QR Code from the issuer's website EUDI Issuer
- Review the documents contained in the credential offer and tap "Issue".
- You will be shown a success screen. Tap "Continue".
- You are now on the "Dashboard" screen.
While on the "Dashboard" screen you can tap "Add doc" and issue a new document, e.g. "Driving License".
If you want to re-issue a document you must delete it first by tapping on the document in the "Dashboard" screen and tapping the delete icon in the "Document details" view.
Presentation (Online authentication/Same device) flow.
- Go to the browser application on your device and enter "https://verifier.eudiw.dev"
- Tap the first option (selectable) and pick the fields you want to share (e.g. "Family Name" and "Given Name")
- Tap "Next" and then "Authorize".
- When asked to open the wallet app tap "Open".
- You will be returned to the app to the "Request" screen. Tap "Share".
- Enter the PIN you added in the initial steps.
- On success tap "Continue".
- A browser will open showing that the Verifier has accepted your request.
- Return to the app. You are back to the "Dashboard" screen and the flow is complete.
Proximity flow
-
The user logs in successfully to the EUDI Wallet app and views the dashboard.
-
The user clicks the 'SHOW QR' button to display the QR code.
-
The Relying Party scans the presented QR code.
-
EUDI Wallet User can view the requested data set from the relying party.
- The distinction between mandatory and optional data elements is depicted.
- The requestor (i.e. relying party) of the data is depicted.
- EUDI Wallet User may select additional optional attributes to be shared.
-
EUDI Wallet User selects the option to share the attributes.
-
EUDI Wallet authenticates to share data (quick PIN).
-
User authorization is accepted - a corresponding message is displayed to the EUDI Wallet User.
You can find instructions on how to configure the application here
logic-resources: All app resources reside here (images, etc.)
logic-core: Wallet core logic.
logic-analytics: Access to analytics providers. Capabilities for test monitoring analytics (i.e. crashes) can be added here (no functionality right now)
logic-business: App business logic.
logic-authentication: PinStorage and System Biometrics Logic.
logic-ui: Common UI components.
feature-common: Code that is common to all features.
feature-login: Login feature.
feature-dashboard: The application's main screen.
feature-startup: The initial screen of the app.
feature-presentation: Online authentication feature.
feature-issuance: Document issuance feature.
feature-proximity: Proximity scenarios feature.
logic-assembly: This module has access to all the above modules and assembles navigation and DI graphs.
graph TD;
logic-business --> logic-authentication
logic-core --> logic-authentication
logic-analytics --> logic-authentication
logic-resources --> logic-authentication
feature-common --> logic-assembly
feature-startup --> logic-assembly
feature-login --> logic-assembly
feature-dashboard --> logic-assembly
feature-presentation --> logic-assembly
feature-issuance --> logic-assembly
feature-proximity --> logic-assembly
logic-business --> logic-core
logic-resources --> logic-core
logic-business --> logic-analytics
feature-common --> feature-issuance
feature-common --> feature-proximity
feature-common --> feature-presentation
feature-common --> feature-dashboard
feature-common --> feature-login
logic-core --> feature-common
logic-business --> feature-common
logic-analytics --> feature-common
logic-ui --> feature-common
logic-api --> feature-common
logic-authentication --> feature-common
feature-common --> feature-startup
logic-core --> logic-api
logic-business --> logic-api
logic-analytics --> logic-api
logic-resources --> logic-business
logic-business --> logic-ui
logic-analytics --> logic-ui
logic-resources --> logic-ui
logic-core --> logic-ui
Copyright (c) 2023 European Commission
Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance with the Licence.
You may obtain a copy of the Licence at: https://joinup.ec.europa.eu/software/page/eupl
Unless required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and limitations under the Licence.