❗ Important! Before you proceed, please read the EUDI Wallet Reference Implementation project description
- Overview
- Disclaimer
- Important things to know
- How to contribute
- Demo videos
- How to use the application
- How to build - Quick start guide
- Application configuration
- License
The EUDI Wallet Reference Implementation is built based on the Architecture Reference Framework and aims to showcase a robust and interoperable platform for digital identification, authentication, and electronic signatures based on common standards across the European Union. The EUDI Wallet Reference Implementation is based on a modular architecture composed of business-agnostic, reusable components that will evolve in incremental steps and can be re-used across multiple projects.
The EUDI Wallet Reference Implementation is the application that allows users to:
- To obtain, store, and, present PID and mDL.
- Verify presentations.
- Share data on proximity scenarios.
- Support remote QES and more use cases with the modules included.
The EUDIW project provides through this repository an Android app. Please refer to the repositories listed in the following sections for more detailed information on how to get started, contribute, and engage with the EUDI Wallet Reference Implementation.
The app consumes the SDK called EUDIW Wallet core Wallet core and a list of available libraries to facilitate remote presentation, proximity, and issuing test/demo functionality following specification of the ARF including:
-
OpenID4VP - draft 19 (remote presentation), presentation exchange v2.0,
-
ISO18013-5 (proximity presentation),
-
OpenID4VCI draft 13 (issuing)
-
Issuer functionality, to support development and testing, one can access an OID4VCI test/demo service for issuing at:
Relying Party functionality:
To support development and testing, one can access a test/demo service for remote presentation at:
To support proximity an Android Proximity Verifier is available as an app that can request PID and mDL with reader authentication available here
The issuer, verifier service, and verifier app authentication are based on the EUDIW development IACA
The main purpose of the reference implementation is to showcase the ecosystem and act as a technical example of how to integrate and use all of the available components.
If you're planning to use this application in production, we recommend reviewing the following steps:
- Configure the application properly by following the guide here
- Ensure the Pin storage configuration matches your security requirements or provide your own by following this guide Pin Storage Configuration
- Ensure the application meets the OWASP MASVS industry standard. Please refer to the following links for further information on the controls you must implement to ensure maximum compliance:
We welcome contributions to this project. To ensure that the process is smooth for everyone involved, follow the guidelines found in CONTRIBUTING.md.
Issuance
issuance.mp4
Presentation
presentation.mp4
Proximity
proximity.mp4
- API level 26.
You can download the application here
You will also need to download the Android Verifier app. More information can be found here
- Launch the application
- You will be presented with a welcome screen where you will be asked to create a PIN for future logins.
- Open the "Add document" screen or if it's the first time you open the app, you will be redirected there after you enter or set up your PIN.
- Pick "National ID".
- From the web view that appears select the "FormEU" option and tap submit.
- Fill in the form. Any data will do.
- You will be shown a success screen. Tap next.
- Your "National ID" is displayed. Tap "Continue".
- You are now on the "Dashboard" screen.
- Open the "Add document" screen or if it's the first time you open the app, you will be redirected there after you enter or set up your PIN.
- Tap "SCAN QR".
- Scan The QR Code from the issuer's website EUDI Issuer
- Review the documents contained in the credential offer and tap "Issue".
- You will be shown a success screen. Tap "Continue".
- You are now on the "Dashboard" screen.
While on the "Dashboard" screen you can tap "Add doc" and issue a new document, e.g. "Driving License".
If you want to re-issue a document, you must delete it first by tapping on it in the "Dashboard" screen and tapping the delete icon in the "Document details" view.
- Go to the browser application on your device and enter "https://verifier.eudiw.dev"
- Select scenario "PID Authentication"
- Expand the Person Identification Data (PID) card and select "attributes by" -> "Specific attributes" and "format" -> the format of your choice.
- Press next and then "Select Attributes"
- Pick the fields you want to share (e.g. "Family Name" and "Given Name")
- Review your presentation request and then click next.
- When asked to open the wallet app tap "Open".
- You will be returned to the app's "Request" screen. Tap "Share."
- Enter the PIN you added in the initial steps.
- On success tap "Continue".
- A browser will open showing that the Verifier has accepted your request.
- Return to the app. You are back on the "Dashboard" screen, and the flow is complete.
-
The user logs in successfully to the EUDI Wallet app and views the dashboard.
-
The user clicks the 'SHOW QR/TAP' button to display the QR code.
-
The Relying Party scans the presented QR code.
-
EUDI Wallet User can view the requested data set from the relying party.
- The distinction between mandatory and optional data elements is depicted.
- The requestor (i.e. relying party) of the data is depicted.
- EUDI Wallet User may select additional optional attributes to be shared.
-
EUDI Wallet User selects the option to share the attributes.
-
EUDI Wallet authenticates to share data (quick PIN).
-
User authorization is accepted - a corresponding message is displayed to the EUDI Wallet User.
This document describes how you can build the application and deploy the issuing and verification services locally.
You can find instructions on how to configure the application here
The released software is an initial development release version:
- The initial development release is an early endeavor reflecting the efforts of a short time-boxed period, and by no means can be considered as the final product.
- The initial development release may be changed substantially over time, might introduce new features but also may change or remove existing ones, potentially breaking compatibility with your existing code.
- The initial development release is limited in functional scope.
- The initial development release may contain errors or design flaws and other problems that could cause system or other failures and data loss.
- The initial development release has reduced security, privacy, availability, and reliability standards relative to future releases. This could make the software slower, less reliable, or more vulnerable to attacks than mature software.
- The initial development release is not yet comprehensively documented.
- Users of the software must perform sufficient engineering and additional testing to properly evaluate their application and determine whether any of the open-sourced components are suitable for use in that application.
- We strongly recommend not putting this version of the software into production use.
- Only the latest version of the software will be supported
assembly-logic: App dependencies.
build-logic: Application gradle plugins.
resources-logic: All app resources reside here (images, etc.)
analytics-logic: Access to analytics providers. Capabilities for test monitoring analytics (i.e. crashes) can be added here (no functionality right now)
business-logic: App business logic.
core-logic: Wallet core logic.
authentication-logic: Pin/Biometry Storage and System Biometrics Logic.
ui-logic: Common UI components.
common-feature: Code that is common to all features.
login-feature: Login feature.
dashboard-feature: The application main screen.
startup-feature: The initial screen of the app.
presentation-feature: Online authentication feature.
issuance-feature: Document issuance feature.
proximity-feature: Proximity scenarios feature.
graph TD;
startup-feature --> assembly-logic
login-feature --> assembly-logic
dashboard-feature --> assembly-logic
presentation-feature --> assembly-logic
proximity-feature --> assembly-logic
issuance-feature --> assembly-logic
common-feature --> startup-feature
common-feature --> login-feature
common-feature --> dashboard-feature
common-feature --> presentation-feature
common-feature --> proximity-feature
common-feature --> issuance-feature
business-logic -->common-feature
ui-logic -->common-feature
network-logic -->common-feature
resources-logic -->common-feature
analytics-logic -->common-feature
authentication-logic -->common-feature
core-logic -->common-feature
business-logic -->core-logic
resources-logic -->core-logic
authentication-logic -->core-logic
business-logic -->ui-logic
resources-logic -->ui-logic
analytics-logic -->ui-logic
business-logic -->network-logic
resources-logic -->business-logic
resources-logic --> authentication-logic
business-logic --> authentication-logic
Copyright (c) 2023 European Commission
Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance with the Licence.
You may obtain a copy of the Licence at: https://joinup.ec.europa.eu/software/page/eupl
Unless required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and limitations under the Licence.