Experience Verifiable Credentials: The Curity Demo Wallet
Verifiable credentials are pieces of information that users can store in a digital wallet and use independently from the issuer. This is not possible in common authentication protocols such as SAML or OpenID Connect, where the issuer is always present and can trace the user's activities. The wallet not only provides secure storage for, sometimes, sensitive data in verifiable credentials, but it also supports the necessary protocols to retrieve and present credentials without involving the issuer. Consequently, wallets are an important component in the user experience of verifiable credentials.
Benefits of Verifiable Credentials
Verifiable credentials enable a decentralized identity system that allows users to control their (identity) data in a way they commonly cannot with other solutions. How, when, and which verifiable credential you use to reveal specific identity data (such as your name) is up to you, and the issuer has no control over it. Consequently, an issuer cannot track your activities or limit how you use your credentials, which gives you more control and power over your data.
The wallet is the application that connects the issuance and presentation of verifiable credentials. It is the central component in the user experience that allows you to retrieve and use a verifiable credential. If you want to see the benefits that verifiable credentials provide, you need a wallet to demonstrate them.
The Curity Demo Wallet
Curity has discussed verifiable credentials before and explained the concept of decentralized identities. We've also added support for verifiable credentials in the Curity Identity Server. The recent 9.0 release includes an OpenID Wallet authenticator that allows users to authenticate with a verifiable credential. This means that the Curity Identity Server supports both issuance and presentation of verifiable credentials. With the Curity Demo Wallet, we can now demonstrate the user experience.
The Curity Demo Wallet is a free online tool that you can run to get, manage, and use verifiable credentials. You can request, list, and delete credentials with the wallet and use a verifiable credential as part of an authentication process. In other words, the wallet allows you to fully experience verifiable credentials.
An Overview of the Demo Wallet UI
The Curity Demo Wallet has four main views:
The content of the wallet
The list of credential issuers
The info page with basic information about the wallet
The settings
In the content view, you can select and inspect a credential. You can also delete the selected credential if you want to.
In the issuer view, you see the credential issuers that the wallet can request credentials from. By default, the wallet has a pre-configured issuer that you can experiment with. If you want to, you can add other credential issuers that support the OpenID4VCI protocol as well. For example, you may add your own instance of the Curity Identity Server.
The settings view is for advanced users. Curity provides some defaults that work with the pre-configured issuer and Curity’s demo instance at demo-login.curity.io. However, we do not limit your possibilities. If you want, you can change the settings for the underlying protocols, OpenID4VCI and OpenID4VP, respectively, to integrate with your own systems and study your setup of verifiable credentials.
When requesting credentials, the wallet acts as the OAuth client towards the credential issuer, and you can set its client credential here. When presenting credentials, the wallet receives a presentation request from a verifier. The wallet needs to be able to identify trusted verifiers, and for that purpose, you can pre-register verifiers with the wallet. Configure the client_id and JWKS_uri of a verifier you want the wallet to trust. You do not have to change anything if you just want to test flows.
Requesting Credentials
When you open the wallet for the first time, it is empty. It does not have any credentials in its store yet. You can simply get your first credential by clicking the button “Get your first credential” to navigate to the list of issuers. Curity's Demo Wallet has a pre-configured credential issuer where you can authenticate and get a credential from. You can list all the supported credentials from the credential issuer in the wallet.
After you request one of the supported credentials and authenticate, the credential issuer returns your credential. You can then store it in the wallet. Give it a descriptive name so that you can easily identify the credential again. Getting and storing verifiable credentials is just half of the story. To actually benefit from verifiable credentials, you have to use them.
Presenting Credentials
As mentioned above, we’ve set up the demo wallet to work out of the box with Curity’s demo instance. This means you can use OAuth tools to trigger an authentication flow and use a credential from the wallet. When you select “wallet” as the login method, you can either scan the QR code with the wallet or start the wallet on the same device. To scan a QR code, open the demo wallet in the browser of your mobile device, make sure you have a credential, and then click the pink QR code symbol in the right-hand corner. The wallet opens the camera to scan the QR code and gets the instructions to present the credential. You can then select an appropriate credential from the drop-down menu.
Full Experience
The demo wallet is free for everyone. It allows you to experiment with verifiable credentials and run end-to-end flows where you first request a credential and then present it. You can use it with the demo system or test your own setup. In this way, you can see the full experience of using verifiable credentials. The wallet guides you through the steps for getting your first credential and when presenting it. For detailed guidance, check out our wallet tutorial and get acquainted with using verifiable credentials.