Feature Showcase #1: Connectionless issuance and verification, new invitation page, and more

November 23, 2023

The new invitation page that is shown when opening an invitation URL in Paradym.

At Paradym, we're constantly working on improving the Paradym platform. In the last two weeks, we have added a lot of new features to the platform that focus on expanding functionality and usability. This article will showcase some big features that were recently added like connectionless issuance and verification, as well as smaller features like showing the workflow ID in the workflow builder.

Connectionless issuance and verification

You can now issue and verify credentials in your Paradym workflow without having to create a connection first using two new actions. These connectionless exchanges are still secure and encrypted, but they won't give you a connection that you can use to communicate in the future. Additionally, a person's digital identity wallet will usually not show a connection in the wallet UI.

Going connectionless is especially useful when you want to do one-off verifications and have no need for long-term reuse. For example, when showing your ID card at a bar, you don't necessarily need people to create a long-lived connection with the bar.

To use the new connectionless issuance and verification features, use the new didcomm/createCredentialIssuanceInvitation and didcomm/createPresentationRequestInvitation actions.

Here is an example workflow leveraging the new connectionless issuance and verification features. Note that two QR codes have to be scanned, one for the issuance and one for the verification. If a connection were to be created in the issuance flow (by setting createConnection to true), the verification would be able to be done without scanning a QR code at all by leveraging the didcomm/requestPresentation action.

name: Connectionless issuance and verification

trigger:
  type: api

actions:
  # Issue credential
  - id: createCredentialIssuanceInvitation
    name: didcomm/createCredentialIssuanceInvitation@v1
    attributes:
      invitation:
        # pass false to not create a connection
        createConnection: false
      anoncreds:
        attributes:
          Name: John Doe
          Date of Birth: 19911112 # yyyymmdd
        # Make sure to replace the credentialDefinitionId when using this workflow
        credentialDefinitionId: did:cheqd:testnet:fb8a3467-a72d-41d7-bde0-50c85febbef4/resources/4d339284-1d62-4c3b-b25d-2e1e7a40b14a

  # Request presentation
  - id: createPresentationRequestInvitation
    name: didcomm/createPresentationRequestInvitation@v1
    attributes:
      invitation:
        # same as with issuance action, pass false to not create a connection
        createConnection: false
      anoncreds:
        name: Age verification
        version: '1.0'
        predicates:
          - name: Date of Birth
            predicateType: lessThanOrEqualTo
            predicateValue: 20000101 # must be born before january 1st 2000
            restrictions:
              # Make sure to replace the credentialDefinitionId when using this workflow
              - credentialDefinitionId: did:cheqd:testnet:fb8a3467-a72d-41d7-bde0-50c85febbef4/resources/4d339284-1d62-4c3b-b25d-2e1e7a40b14a

New invitation page and shortened invitation URLs

When creating invitations for connections, credentials, or presentations, Paradym now has a new page that is shown to users when they directly open the invitation URL instead of scanning the URL with their identity wallet.

Previously when directly clicking on the URL of an invitation you'd be met with a page showing Cannot GET /didcomm. Not very user friendly, and not very helpful.

The new invitation page shows a QR code that can be scanned by a wallet with a button that can be clicked to open the invitation in a wallet. If the user doesn't have a wallet installed, they can easily install the Paradym Wallet from the Apple App Store or Google Play Store.

An additional advantage of this new invitation page, is that users can scan the QR code with any QR scanner, and the user will be prompted to install the Paradym Wallet if they don't have it installed yet. We've noticed in the past that users are sometimes confused when they scan an invitation QR code with their QR scanner of choice, while they actually had to scan the QR with the scanner in their identity wallet.

We're working on additional improvements where users with the Paradym Wallet installed will be automatically redirected to the wallet when opening an invitation URL, and users without the Paradym Wallet installed will be shown the new invitation page. This will make the invitation flow even more seamless.

Paradym now also uses a new shorter URL for invitations (https://paradym.id/invitation), this makes . The new invitation URLs are now used by default in the invitationUrl output of an invitation, and are automatically supported in the Paradym Wallet. If you are integrating Paradym with a Custom Wallet, make sure that your wallet supports shortened invitation URLs (You can read more on the technical in the Out of Band Aries RFC). The older, full invitation URL can still be found in the fullInvitationUrl property in the output of an action that creates an invitation, but we recommend to use the shortened URL going forward.

Workflow ID now visible in the workflow builder

A small improvement, but the Paradym platform now shows the workflow ID in the workflow builder. With the new builder flow that was recently released, the only place to find the workflow ID was by manually extracting it from the URL.

You can now find the workflow ID on the Workflow tab in the builder, and easily copy it by clicking on the copy icon next to the workflow ID.

Workflow ID being shown in the workflow tab

OpenAPI specification for the Paradym API

Pardym already exposes an interactive API reference for the Paradym API on paradym.id, but now also exposes the OpenAPI definitions for the Paradym API.

The OpenAPI specifications allow you to quickly import the Paradym API definitions into tools such as Postman or generate a client to interact with the Paradym API.

You can access the OpenAPI specification at https://api.paradym.id/openapi.json.

New actions to combine connection creation and issuance or verification

In the past we supported issuing and verifying credentials by first creating a DIDComm connection (using the didcomm/createConnection action), and then using the connection to issue or verify a credential (using the didcomm/issueCredential and didcomm/requestPresentation actions).

We've introduced two new actions didcomm/createCredentialIssuanceInvitation and didcomm/createPresentationRequestInvitation that allow you to combine the creation of a connection and the issuance or verification of a credential in a single action. We already covered these actions in the connectionless issuance and verification section of this feature showcase, but you can also use this action when you do want to create a connection.

There's two main benefits to using the new actions, over the existing actions:

  • Creating a connection and issuing or verifying a credential is now a single action, which makes the workflow easier to understand, and means you get more value for a single action execution.
  • The new action includes the credential offer or proof request in the invitation, and mean the wallet can directly show the credential offer or proof request to the user, instead of having to create a connection first, only then to find out why the connection was created. We've found this leads to better user experience in mobile wallets.

Below is the same example workflow as used in the connectionless issuance and verification section above, but we've now tweaked it to create a connection in the didcomm/createCredentialIssuanceInvitation action, and reuse it for the presentation request. The didcomm/createPresentationRequestInvitation action has been replaced by the didcomm/requestPresentation action, to which we pass the connectionId from the output of the didcomm/createCredentialIssuanceInvitation action.

name: Issuance and verification

trigger:
  type: api

actions:
  # Issue credential
  - id: createCredentialIssuanceInvitation
    name: didcomm/createCredentialIssuanceInvitation@v1
    attributes:
      invitation:
        # we now do want to create a connection
        createConnection: true
      anoncreds:
        attributes:
          Name: John Doe
          Date of Birth: 19911112 # yyyymmdd
        # Make sure to replace the credentialDefinitionId when using this workflow
        credentialDefinitionId: did:cheqd:testnet:fb8a3467-a72d-41d7-bde0-50c85febbef4/resources/4d339284-1d62-4c3b-b25d-2e1e7a40b14a

  # Request presentation, now using the connection created in the previous action and the didcomm/requestPresentation action
  - id: requestPresentation
    name: didcomm/requestPresentation@v1
    attributes:
      connectionId: $.actions.createCredentialIssuanceInvitation.output.credentialExchange.connectionId
      anoncreds:
        name: Age verification
        version: '1.0'
        predicates:
          - name: Date of Birth
            predicateType: lessThanOrEqualTo
            predicateValue: 20000101 # must be born before january 1st 2000
            restrictions:
              # Make sure to replace the credentialDefinitionId when using this workflow
              - credentialDefinitionId: did:cheqd:testnet:fb8a3467-a72d-41d7-bde0-50c85febbef4/resources/4d339284-1d62-4c3b-b25d-2e1e7a40b14a

Let us know what features you want to see next

That's it for this feature showcase! We hope you enjoy the new features in Paradym. If you have any questions or suggestions on how we can improve Paradym, let us know in the Paradym Community Slack.

The Paradym rocket