iGrant.io: Issuer for the France Identitรฉ Playground¶
๐ธ๐ช iGrant.io is a Stockholm-based digital identity wallet SW provider that designs, builds, and operates eIDAS 2.0-aligned software for issuers, holders and verifiers in regulated workflows, with active deployments across the EWC, WE BUILD and CRANE EUDI Large-Scale Pilots.
We are honoured to contribute to ๐ซ๐ท France Identitรฉ's EUDIW Unfold Playground, which we consider one of the most welcoming and technically rigorous environments in Europe for cross-border interoperability testing. This page is the marketplace listing for our Issuer endpoint and the demonstration scenarios it supports.
First time here? The fastest path is Issue Test PID, about five minutes from QR scan to credential. The PID you receive can then be presented in our verifier playground right after. Otherwise, jump to the demo catalogue, the playground specifics, or reach out to the team.
Playground base URL: https://api.playground.france-identite.gouv.fr/igrantio/issuer/
Administration interface: https://api.playground.france-identite.gouv.fr/igrantio/issuer/admin/
At a glance¶
| Field | Value |
|---|---|
| Profile | HAIP 1.0 (eIDAS High Assurance Interoperability Profile) |
| Protocol | OpenID4VCI 1.0 with OAuth 2.0, PKCE, PAR and DPoP |
| Formats | SD-JWT VC (dc+sd-jwt), ISO/IEC 18013-5 mdoc (mso_mdoc) |
| Trust | On the EU Trust List; ISO 27001 certified; active in EWC, WE BUILD and CRANE |
| Status | Sandbox, suitable for integration testing |
Why iGrant.io¶
Three roles, one platform. Our Organisation Wallet Suite covers the Issuer, Holder (Or Wallet Unit) and Verifier (Relying Party) roles within a single coherent product, with HSM-protected cloud storage and role-based delegation for legal-entity holders. The Issuer endpoint exposed in this Playground is the same software stack we deploy in our Large-Scale Pilot work, not a separate demo build.
A testable mobile EUDI Wallet. Alongside the Organisation Wallet Suite, iGrant.io ships the Data Wallet, a mobile EUDI Wallet for Natural Persons, available both as a stand-alone app and as a white-label SDK for organisations that wish to offer a branded wallet to their citizens or customers. It is aligned with eIDAS 2.0 and the EU Implementing Acts, supports SD-JWT VC and ISO mdoc, and can be used to exercise every demo scenario on this page.
eIDAS 2.0, end-to-end. We support PID, LPID, QESAC document signing, Payment Attestations (TS12, Digital Payment Credentials, etc.) and (Q)EAAs, with revocation via Token Status List, Wallet Attestation, Key Attestation, batch issuance and deferred issuance. Our Qualified Electronic Signature flow integrates with QTSPs to deliver eIDAS 2.0 QES on documents signed inside the wallet.
Open and standards-aligned. iGrant.io has been a contributor to OpenID4VC standards work and the EUDI Architecture Reference Framework since the early drafts. Our software is in deployment with the EWC, WE BUILD, and CRANE consortia, and we work closely with QTSPs such as Intesi Group on regulated trust services. We are aligned with ETSI EAA Issuance standards.
Playground specifics¶
The Playground exposes a HAIP-conformant OpenID4VCI 1.0 issuer with discovery endpoints, an administration interface and a catalogue of demonstration credential types covering identity, payments, healthcare and qualified electronic signatures.
Supported drafts: OpenID4VCI 1.0 (final). Earlier drafts of OpenID4VCI are not exposed on this endpoint. If your wallet implements only draft 13 or 15, please contact us before testing.
Core protocol stack:
- OpenID for Verifiable Credential Issuance 1.0
- OAuth 2.0 (RFC 6749) with PKCE (RFC 7636)
- Pushed Authorization Requests (RFC 9126)
- DPoP (RFC 9449), ES256
Grant types: Pre-Authorized Code (with optional transaction code) and Authorization Code (with PKCE and PAR).
Proof type: jwt with typ: openid4vci-proof+jwt. The holder's key may be delivered via jwk, x5c, or key_attestation in the JOSE header.
Extensions: Wallet Attestation (Appendix E), Key Attestation (Appendix D), batch credential issuance, Token Status List for revocation and suspension, and Deferred Credential Issuance.
Trust setup for visiting wallets:
- For SD-JWT VC, our issuer signs with an X.509 chain. The issuer metadata, leaf and intermediate certificates and the root CA are published under
/.well-known/jwt-vc-issuer/of the base URL above, and the chain is delivered viax5cin the issued credentials. - For ISO mdoc, our IACA is included in the latest France Identitรฉ Vical and is also available on request. If you need us to add your wallet's IACA so that we can verify your wallet attestations during test flows, please get in touch.
Wallet compatibility: The endpoint has been actively tested against the iGrant.io Data Wallet, the France Identitรฉ wallet and reference wallets used in the EWC, WE BUILD and CRANE pilots. Any wallet implementing OpenID4VCI 1.0 with dc+sd-jwt or mso_mdoc should interoperate. If you encounter issues, we would be glad to debug them with you.
Demo scenarios¶
Each scenario issues credentials end-to-end. Open the link, scan the QR code with your wallet, and complete the flow. The catalogue is grouped by theme.
Identity and onboarding¶
Issue Test PID. A starting point for any flow that requires identity. Person Identification Data is delivered as both mso_mdoc (eu.europa.ec.eudi.pid.1) and dc+sd-jwt, with claims for name, date of birth, nationality, age-over-18 and resident address. Uses OpenID4VCI 1.0 Pre-Authorized Code with an optional transaction code. Try it โ
Photo ID (QEAA). Issuance of a PhotoID as a Qualified Electronic Attestation of Attributes, delivered together with our QTSP partner Intesi Group. A high-assurance identity attestation suitable for KYC, age verification and onboarding. Try it โ
Open Bank Account. A single QR code triggers PID verification (OpenID4VP) and account-credential issuance (OpenID4VCI) in one combined transaction, supporting paperless onboarding. Try it โ
Signing¶
Issue QESAC. Issuance of a Qualified Electronic Signature Access Credential. The QESAC unlocks a downstream remote-signing flow at a Qualified Trust Service Provider, and is used to authorise a Qualified Electronic Signature on a document such as the insurance policy below. Try it โ
Insurance Policy with QES. Insurance policy issuance with eIDAS 2.0 QES end to end. The flow first verifies the holder's PID over OpenID4VP, collects a Qualified Electronic Signature on the policy document using the QESAC, and finally issues the signed policy as a credential into the wallet. A worked example of how the EUDI Implementing Acts compose into a single citizen-facing transaction. Try it โ
Payments¶
Payment Wallet Attestation. Connect the EUDI Wallet to a bank account and receive a Payment Wallet Attestation (eu.europa.ec.eudi.payment_wallet_attestation.1). The credential acts as a Strong Customer Authentication (PSD2 SCA) factor and can subsequently be presented to authorise payments. Pairs with the bank-led and merchant-led scenarios in our verifier listing. Try it โ
Merchant-led Payment with eReceipt and Boarding Pass. Authorise a payment to a merchant and receive a digital eReceipt and a boarding pass credential, issued directly into the wallet at the moment of purchase. Demonstrates how OpenID4VCI can be chained off a payment confirmation in retail and travel scenarios. Try it โ
Cross-border and specialised¶
ESSPASS-PDA1. Onboarding, issuance and verification of ESSPASS-PDA1, the EU pilot for digital A1 attestations covering posted-worker social security cross-border use cases, ahead of the European Commission's Q3 2026 standardisation milestone. Delivered via EBSI. Try it โ
Videos¶
Issuance flows are demonstrated on the iGrant.io YouTube channel:
- EUDI Wallet boarding pass and e-receipt, a consumer-facing walkthrough of the merchant-led payment scenario.
- EUDI Wallet for hotel check-in, from the EWC LSP pilot.
- The role of the EUDI Wallet in banking, webinar with Intesi Group on QES and payments.
- The Wallet Revolution: EUDI Wallet, Privacy and OpenID4VC, a longer-form thought-leadership talk.
- The EUDI Wallets Large-Scale Pilots playlist covering EWC, WE BUILD and CRANE.
Developer guides¶
End-to-end OpenID4VC integration guides are published on docs.igrant.io.
Issue credentials:
- Issue Credential (In-Time) using Pre-Authorized or Authorization Code flow.
- Issue Credential (Deferred) for batch or invitation-based workflows.
- Dynamic Credential Request when additional proof is required from the holder.
Cross-cutting and use cases:
- Payment Wallet Attestation, the issuance flow for the SCA factor.
- Payment Data Confirmation, confirming payment intent via the wallet.
- European Business Wallet Owner ID (EBWOID), worked example for legal-person identification.
- Webhook Events for real-time notifications at key issuance and verification stages.
Developer tooling: QR Decoder, QR Generator, JWT Decoder, JSON Schema Validator and X.509 Certificate Viewer at https://docs.igrant.io/docs/devtools-overview/.
Developer APis: iGrant.io Issuer APIs are published at https://docs.igrant.io/docs/category/openid4vc-api/issuer.
Get in touch¶
For testing assistance, integration questions, or to request a credential type that is not yet listed, our team would be glad to help.
- Engineering support: support@igrant.io
- Walkthrough of the Organisation Wallet Suite: Book a 30-minute session.
- Web: www.grant.io
- Developer documentation: docs.igrant.io
With thanks to the France Identitรฉ team and the EUDIW Unfold initiative for the opportunity to participate in the marketplace and to contribute to Europe's shared digital identity infrastructure.