PID Credential Issuance
The PID Credential Issuance extension enables a government-sanctioned PID provider to issue Person Identification Data (PID) credentials to customers' EUDI Wallets. The credential is issued at high level of assurance and follows EWC RFC003 - Issue Person Identification Data and the attribute definitions in the EUDI Architecture and Reference Framework.
How it works
- The organisation enables the PID Credential Issuance extension from the dashboard.
- An administrator configures the source of identity data (authentic source / civil registry), the attributes to include, and the wallet conformity rules.
- When a customer requests a PID, an OpenID4VCI credential offer is generated (Authorization Code or Pre-Authorized Code flow).
- The customer accepts the offer in their EUDI Wallet, authenticates at the PID provider, and the wallet submits a Wallet Unit Attestation (WUA) and a proof-of-possession JWT.
- The system verifies wallet conformity and authenticity, then issues the PID credential cryptographically bound to the wallet key (in-time or deferred).
Configuration
Issuance flow
Choose the OpenID4VCI flow the issuer will support:
| Flow | Description |
|---|---|
| Authorization Code | Traditional OAuth flow with user authentication at the PID provider |
| Pre-Authorized Code | Issuer provides a pre-authorised code with an optional transaction code (PIN delivered out-of-band) |
Credential attributes
Select which attributes to include in the issued PID:
| Attribute group | Examples |
|---|---|
| Mandatory (ARF) | given_name, family_name, birth_date, gender, nationality, country_of_residence, address (street, locality, region, postal code, country) |
| Age indicators | age_equal_or_over, age_in_years, age_birth_year |
| Place of birth | birth_country, birth_state, birth_city |
| Issuer lifecycle | issuing_authority, issue_date, expiry_date, credential status reference |
Issuance settings
| Setting | Description |
|---|---|
| Credential formats | vc+sd-jwt and/or mso_mdoc (ISO/IEC 18013-5) |
| Validity period | Lifetime of the issued PID |
| Wallet conformity | CAB certificate validation before issuance |
| Authentic source | Connection to the civil registry or equivalent data source |
Integration
Once configured, the system exposes the standard OpenID4VCI endpoints for discovery and issuance.
API endpoints:
- GET
/v3/config/extension/pid-issuance- Retrieve current configuration
Caution: Disabling the PID Credential Issuance extension deletes its configuration. Previously issued PIDs remain valid until their expiry but cannot be refreshed from this issuer. This action is not reversible.