You can now sign your OpenID4VC presentation requests with X509 certificates!

Users can now create a X509 root certificate for the verification use case in the "Trust" page within the dashboard, or using the new Certificates API.

The root certificate will automatically be used to generate signing certificates for the requests.

Resolved several issues with the invitation page showing an error screen after an invitation was successfully scanned.

The invitation page now correctly handles all states and shows whether an invitation is completed, expired, or could not be found.

For privacy reasons we will show the successful completion screen on the invitation page even if the issuance or verification failed. The completion screen is mostly to indicate to the user that the invitation has been processed by the wallet.

You can now filter DIDComm issuance and verification session based on the didcommConnectionId and didcommInvitationId in the API.

Try it out with the Retrieve DIDComm issuance sessions and Retrieve DIDComm verification sessions endpoints.

Users on the Pro or Custom tier can now create new projects, and edit the members of a project directly from within the dashboard!

While this feature has been available through the API for a while, the same functionlity is now also available in the dashboard.

To create a new project from the dashboard, select the project selector in the top-left corner, and click the + icon. Managing project members can be done in the in the Members page of the Settings tab within a project.

Read more about it in the add projects and members documentation.

When revoking Anoncreds credentials using the Batch revoke credentials endpoint, you can now notify the wallet about the revocation based on the Didcomm Revocation Notification V2 protocol.

This feature is only available for Anoncreds credentials issued over Didcomm that have a Didcomm connection linked to it, so it does not work for credentials that were issued without a Didcomm connection.

To send a revocation notification to supported wallets, set the notifyWallet body parameter to true. An example payload for the batch revoke credentials endpoint that notifies the wallet:

{
  "issuedCredentialIds": ["clu921ps300047eghxvhz33m4"],
  "notifyWallet": true,
}

You can read more in the Batch revoke credentials endpoint documentation.

We're excited to extend our SD-JWT VC debugger, with a new ISO 18013-5 mDL/mDOC debugger, a powerful tool designed for developers working with mDOCs and mobile Driving Licenses (mDLs).

This debugger enables you to:

• Decode mDOC IssuerSigned and DeviceResponse base64url encoded credentials into human-readable format.
• Visualize the structure of the mDOC attributes, including the issuer X509 certificate, issuer signed attributes, and device key.
• Preview images in the mDOC attributes by hovering over the attribute in the editor.

Whether you're a developer implementing mDOCs, or simply curious about the technology behind decentralized identity, this debugger helps you understand the workings of mDOC credentials.

Try it out now and let us know what you think!

We've added automatic cleanup of expired sessions and improved session management across DIDComm and OpenID4VC protocols. This ensures better resource management and security for your credential exchanges.

New webhook events

Track session expiration with new webhook events:

• openid4vc.issuance.expired
• openid4vc.verification.expired
• didcomm.invitation.expired
• didcomm.issuance.expired
• didcomm.verification.expired

You can now verify mDOC credentials over OpenID4VP based on ISO 18013-7 Annex B. You can now add mDOC credentials to a presentation template, and combine this with SD-JWT VC credentials. mDOC verification is fully integrated with trusted entities, allowing you to configure your trusted issuer X.509 certificates. Issuance of X.509 based credentials for SD-JWT VC and mDOC usign OpenID4VCI will follow soon.

The addition of mDOC verification is a big step towards alignment with European Digital Identity, but also global interoperability.

You can read more in the Presentation Templates docs.

Support for OpenID4VP response encryption

With the addition of support for mDOC verification, we also added support for OpenID4VP response encryption using JWT Secured Authorization Response Mode (JARM). When response encryption is enabled, the response_mode will be set to direct_post.jwt instead of direct_post. For OpenID4VC verification requests including an mDOC credential, response encryption will be enabled by default as it is required based on ISO 18013-7, and an error will be thrown if it is explicitly disabled. For other OpenID4VC verification requests response encryption must be manually enabled (for now) to avoid breaking changes.

Response encryption can be configured using the requireResponseEncryption parameter in the Create OpenID4VC verification request endpoint.

We released v2.0.0 of the Paradym SDK for TypeScript, which can be installed through the @paradym/sdk pacakge on NPM.

There are some breaking changes in the v2.0.0 release, which are described in the release notes. General documentation for the SDK can be found in the SDK docs.

Exmple payloads displayed in the dashboard for templates are now pre-filled in the API Reference when you click on the "Use in reference" link. This makes it even easier to issue or request a credential from the dashboard.