Changelog

See the most recent changes in Paradym.

Remote verification of mDOC credentials based on ISO 18013-7

March 25, 2025

New featureBug fix
An image showing a presentation template requesting an mDOC credential.

You can now verify mDOC credentials over OpenID4VP based on ISO 18013-7 Annex B. You can now add mDOC credentials to a presentation template, and combine this with SD-JWT VC credentials. mDOC verification is fully integrated with trusted entities, allowing you to configure your trusted issuer X.509 certificates. Issuance of X.509 based credentials for SD-JWT VC and mDOC usign OpenID4VCI will follow soon.

The addition of mDOC verification is a big step towards alignment with European Digital Identity, but also global interoperability.

You can read more in the Presentation Templates docs.

Support for OpenID4VP response encryption

With the addition of support for mDOC verification, we also added support for OpenID4VP response encryption using JWT Secured Authorization Response Mode (JARM). When response encryption is enabled, the response_mode will be set to direct_post.jwt instead of direct_post. For OpenID4VC verification requests including an mDOC credential, response encryption will be enabled by default as it is required based on ISO 18013-7, and an error will be thrown if it is explicitly disabled. For other OpenID4VC verification requests response encryption must be manually enabled (for now) to avoid breaking changes.

Response encryption can be configured using the requireResponseEncryption parameter in the Create OpenID4VC verification request endpoint.

 Bugfixes and improvements
  • The client_id is now included in OpenID4VP authorization request URIs
  • The request_uri for OpenID4VP authorization requests when fetched now correctly returns the application/oauth-authz-req+jwt content type response header

New release of the Paradym SDK for TypeScript.

March 14, 2025

Breaking change

We released v2.0.0 of the Paradym SDK for TypeScript, which can be installed through the @paradym/sdk pacakge on NPM.

There are some breaking changes in the v2.0.0 release, which are described in the release notes. General documentation for the SDK can be found in the SDK docs.


Example payloads for templates are now pre-filled in the API Reference

March 5, 2025

Bug fixEnhancement
An image showing the example payload for a template in the dashboard

Exmple payloads displayed in the dashboard for templates are now pre-filled in the API Reference when you click on the "Use in reference" link. This makes it even easier to issue or request a credential from the dashboard.

 Bugfixes and improvements
  • Fixed an issue where a presentation template requesting attributes with special characters would result in an invalid Presentation Definition being generated
  • Updated the API reference, and grouped the several API endpoints

Verify credentials with X509 certificates and create reusable trusted entities

February 11, 2025

New featureBreaking change
An image showing the X509 certificate card for a trusted entity.

You can now verify SD-JWT credentials based on X509 certificates! To make this possible we introcuded trusted entities, and reworked how you specify trusted issuers for a presentation template.

To get started with verifying credentials based on X509 certificates, create a trusted entity (you can do this directly from the presentation template page) and add a trusted X509 certificate.

Read more about trusted entities in the docs.

Defining issuer dids on presentation template deprecated

With the introduction of trusted entities, which are also integrated with presentation templates, specifying issuer dids directly on a presentation template is deprecated.

Instead, create a trusted entity, including your issuer dids, through the dashboard or the Trusted Entities API and link this to your presentation template.

The current release does not introduce any breaking changes yet, but all issuer dids not migrated to a trusted entity by March 15, 2025 will be migrated automatically. It also won't be possible to specify the issuers field on a credential in a presentation template through the Presentation Templates API after this date.

 Bugfixes and improvements
  • Introduction of the new Trusted Entities API and Trust tab in the dashboard.
  • Support to link trusted entities on a presentation template.
  • Deprecation of directly specifying issuer dids on a presentation template
  • The verification of SD-JWT credentials based on X509 certificates follows the X509 Certificate Key Validation from the SD-JWT VC specification.

Webhooks page moved to the Settings tab

February 10, 2025

Enhancement

The Webhooks page has been moved from the main project tab bar to a page under the Settings tab.


Create multiple AnonCreds templates with the same name

January 30, 2025

New feature

It is now possible to create multiple AnonCreds credential templates with the same name.

Previously when you would create an AnonCreds credential template with a name that already exists under your project (even if the template was archived), this would result in a ConflicError. We've loosened the restrictions and you can now create multiple AnonCreds credential templates with the same name.


Removed the deprecated workflow builder

January 22, 2025

Breaking change

We have removed the deprecated workflow builder from the Paradym platform. It has been disabled for new accounts for several months, and we've worked with every customer to migrate to the new API and dashboard. It is no longer possible to create or edit workflows using the old workflow builder.

All existing data from the workflows has been migrated to the API.

Please refer to the workflow builder deprecation article for more information.


QR image url

December 19, 2024

New feature

When creating an invitation for DIDComm or OpenID4VC we now also provide you with a QR image url. This allows you to easily render a QR for an invitation on your website or application. The QR code will be the same as is rendered on the invitation page, and leverages the custom wallet base URL if configured.

If the user has the configured wallet installed, they will be automatically deeplinked into the wallet, otherwise they will be redirected to the invitation page where they're prompted to install the configured wallet.

You can find the QR image uri in:

  • invitationQrUri for didcomm connection invitations
  • didcommInvitation.invitationQrUri for DIDComm issuance offers or DIDComm verification requests
  • offerQrUri for OpenID4VC issuance offers
  • authorizationRequestQrUri for OpenID4VC verificaton requests

Customize invitation page

December 7, 2024

New featurePro Tier
An image showing the new profile Invitation Page settings.

As a Pro tier user you can now customize the invitation page and link to your custom wallet.

You can configure which wallet the Paradym invitation page will link to, and to make integrating iOS Universal Links and Android App Links even easier you can embed the Paradym invitation page as an iFrame.

To configure the invitation page for your wallet, go to the "Custom Invitation Page" setion under Settings -> Profile of your project. Make sure to read the documentation on configuring your wallet base URL.


OpenID4VCI Draft 13 (Implementers Draft 1) supported

September 25, 2024

New featureBug fix

Paradym now supports OpenID for Verifiable Credential Issuance - Draft 13 (Implementers Draft 1) in addition to OpenID for Verifiable Credential Issuance - Draft 11. The issuer now creates credential offers compliant with both versions, and the client can choose which version to use for requesting issuance of credentials.

Supporting both versions allows for easier migration between versions and ensures existing implementations do not break. In the future, support for Draft 11 will be removed. We recommend upgrading to Draft 13 if you use a custom OpenID4VCI client to interact with Paradym. The date for removing Draft 11 is not determined yet, but will be anounced well in advance to ensure enough time has been given to upgrade.

Resolved issue when presenting multiple SD-JWT credentials

We resolved an issue that arose when presenting or verifying multiple SD-JWT verifiable credentials in one presentation.