iGrant.io: Verifier for the France Identité Playground¶
🇸🇪 iGrant.io is a Stockholm-based digital identity wallet SW provider that designs, builds, and operates eIDAS 2.0-aligned software for issuers, holders and verifiers in regulated workflows, with active deployments across the EWC, WE BUILD and CRANE EUDI Large-Scale Pilots.
We are honoured to contribute to 🇫🇷 France Identité's EUDIW Unfold Playground. Of the marketplace listings, this is the Verifier entry, covering DCQL-based queries, payment confirmations, passwordless login and W3C Digital Credentials API flows against the France Identité ecosystem and the iGrant.io Data Wallet.
First time here? The fastest path is DCQL Credential Query, about five minutes to exercise the full OpenID4VP 1.0 flow. If you do not yet have a credential to present, our issuer playground can issue a Test PID first. Otherwise, jump to the demo catalogue, the playground specifics, or reach out to the team.
Playground base URL: https://api.playground.france-identite.gouv.fr/igrantio/verifier/
Administration interface: https://api.playground.france-identite.gouv.fr/igrantio/verifier/admin/
At a glance¶
| Field | Value |
|---|---|
| Profile | HAIP 1.0 (eIDAS High Assurance Interoperability Profile) |
| Protocol | OpenID4VP 1.0, with W3C Digital Credentials API support |
| Query language | DCQL (Digital Credentials Query Language) |
| Formats | SD-JWT VC (dc+sd-jwt), ISO/IEC 18013-5 mdoc (mso_mdoc) |
| Trust | On the EU Trust List; ISO 27001 certified; active in EWC, WE BUILD and CRANE |
| Operator | iGrant.io (LCubed AB), Stockholm, Sweden |
| Status | Sandbox, suitable for integration testing |
Why iGrant.io¶
Three roles, one platform. Our Organisation Wallet Suite covers the Issuer, Holder (Or Wallet Unit) and Verifier (Relying Party) roles within a single coherent product, with HSM-protected cloud storage and role-based delegation for legal-entity holders. The Issuer endpoint exposed in this Playground is the same software stack we deploy in our Large-Scale Pilot work, not a separate demo build.
A testable mobile EUDI Wallet. Alongside the Organisation Wallet Suite, iGrant.io ships the Data Wallet, a mobile EUDI Wallet for Natural Persons, available both as a stand-alone app and as a white-label SDK for organisations that wish to offer a branded wallet to their citizens or customers. It is aligned with eIDAS 2.0 and the EU Implementing Acts, supports SD-JWT VC and ISO mdoc, and can be used to exercise every demo scenario on this page.
DCQL across the catalogue. This Verifier exercises DCQL beyond the basics: trust-anchor-aware queries, credential_sets for alternative-identity proofs, multi-attestation queries for KYC, and claim-set queries for age verification. Each pattern below reflects production work with relying parties on the LSPs.
Open and standards-aligned. iGrant.io has been an active contributor to OpenID4VC standards work and the EUDI Architecture Reference Framework since the early drafts, and we maintain close cooperation with the France Identité team and the wider EUDIW Unfold community on conformance and interoperability.
Playground specifics¶
The Playground exposes a HAIP-conformant OpenID4VP 1.0 verifier with discovery endpoints, an administration interface and a catalogue of demonstration presentation scenarios.
Supported drafts: OpenID4VP 1.0 (final). Earlier drafts (18, 20, 22, 24) are not exposed on this endpoint. If your wallet is on an earlier draft, please contact us before testing.
Core protocol stack:
- OpenID for Verifiable Presentations 1.0
- W3C Digital Credentials API for browser-native flows
- DCQL for credential queries
- JAR (RFC 9101) signed request objects
Response modes: direct_post (plain form submission), direct_post.jwt (JARM with JWE encryption), and dc_api.jwt (Digital Credentials API with JWE).
Client ID schemes: redirect_uri (default fallback), x509_san_dns (DNS SAN from signing certificate), and x509_hash (SHA-256 hash of signing certificate).
Encryption: ECDH-ES key agreement with A256GCM or A128GCM content encryption.
Trust setup for visiting wallets:
- Our Verifier signing certificate's DNS SAN, hash and PEM are exposed in the discovery metadata at
/.well-known/jar-issuer/of the base URL above. Use these to configure your wallet's trust to accept presentation requests originating from this Verifier. - For ISO mdoc presentations, the Verifier accepts wallet credentials whose IACA is in the most recent France Identité Vical. If your wallet's IACA is not yet listed, please contact us so we can add it before testing.
Wallet compatibility: The endpoint has been actively tested against the iGrant.io Data Wallet, the France Identité wallet and reference wallets used in the EWC, WE BUILD and CRANE pilots. Any wallet implementing OpenID4VP 1.0 with dc+sd-jwt or mso_mdoc should interoperate.
Demo scenarios¶
Each scenario requests and verifies presentations end-to-end. Open the link, scan the QR code with your wallet, and complete the flow. The catalogue is grouped by theme.
DCQL and identity¶
DCQL Credential Query. A clean introduction to DCQL with trust-anchor awareness. The verifier expresses precisely which credential types, claims and trusted issuers it accepts in a single structured query, and the wallet matches a held credential to that query before presenting. Try it →
Alternative Identity Proofs. A DCQL credential_sets clause requests identity via Passport, PID, or PhotoID, whichever the holder has in their wallet. The verifier expresses three acceptable alternatives and the wallet selects the best match, demonstrating credential portability across attestation types. Try it →
KYC with Photo ID and Address Proof. A KYC-light flow that requests Photo ID and an address proof in a single DCQL query and verifies them in one step. A useful template for regulated onboarding scenarios where multiple attestations must be combined to satisfy AML and KYC requirements. Try it →
Banking and payments¶
Confirm Payments, Bank-Led. A bank-led payment transaction: the bank's relying party verifies a Payment Wallet Attestation (PSD2 SCA factor) together with the PID before authorising the transfer. Models the flow defined by the EUDI Wallet Implementing Acts for payment confirmation. Try it →
Confirm Payments, Merchant-Led. A merchant-led payment transaction in which the merchant requests payment authorisation directly via OpenID4VP and the wallet authenticates the holder against the connected bank account. Shows how a merchant-side verifier can replace traditional 3DS flows. Try it →
Log into Bank Account. Passwordless login to an existing bank account using the EUDI Wallet. The verifier requests a PID presentation and binds it to the customer record; no password or OTP is required. Pairs with our EUDI Passwordless Login workflow. Try it →
Browser-native and complementary¶
W3C Digital Credentials API. Use the W3C Digital Credentials API and the EUDI Wallet to instantly present a PID, confirm payments, or share passport details directly from the browser, without scanning a QR code. The scenario wraps OpenID4VP 1.0 over the dc_api.jwt response mode. Available on Android today; we are tracking iOS support and will update this listing as soon as the iOS Digital Credentials API is exercised end-to-end against this endpoint. Try it →
Data for Forms. A complementary capability: read NFC-enabled passport data into the wallet as a self-attested credential and reuse it to fill any web form, for example at hotels, government services or rental agencies. The flow uses ICAO Passport DGs alongside our OpenID4VP stack to broaden coverage where a wallet-native attestation is not yet available. Try it →
Videos¶
Verification flows are demonstrated on the iGrant.io YouTube channel:
- Request and share alternative IDs with DCQL and OpenID4VP, a walkthrough of the alternative-identity proofs scenario.
- EUDI Wallet age-based discount in real life: Buda Castle, age verification in the wild.
- EUDI Wallet for hotel check-in, EWC LSP pilot.
- The role of the European Digital Identity Wallet in banking, webinar.
- The EUDI Wallets Large-Scale Pilots playlist covering EWC, WE BUILD and CRANE.
Developer guides¶
End-to-end OpenID4VC integration guides are published on docs.igrant.io.
Verify credentials:
- Send and Verify Credential, defining presentation requirements, initiating verification and validating responses.
- Receive and Present Credential, the holder-side counterpart with selective disclosure.
DCQL deep dives:
- DCQL Reference, an overview of the query language.
- DCQL: Basic Credential Query with Trusted Authority, restricting accepted issuers per query.
- DCQL: Claim Set (Age Verification), a single age-over-N claim set.
Cross-cutting and use cases:
- EUDI Passwordless Login, authenticating with the PID instead of a password.
- Payment Data Confirmation, confirming payment intent via the wallet.
- European Business Wallet Owner ID (EBWOID), legal-person identification.
- Webhook Events, real-time notifications at key verification stages.
Developer tooling: QR Decoder, QR Generator, JWT Decoder, JSON Schema Validator and X.509 Certificate Viewer at docs.igrant.io/docs/developer-apis.
Developer APis: iGrant.io Verfier APIs are published at https://docs.igrant.io/docs/category/openid4vc-api/verifier.
Get in touch¶
For testing assistance, integration questions, or to request a credential type that is not yet listed, our team would be glad to help.
- Engineering support: support@igrant.io
- Walkthrough of the Organisation Wallet Suite: Book a 30-minute session.
- Web: www.grant.io
- Developer documentation: docs.igrant.io
With thanks to the France Identité team and the EUDIW Unfold initiative for the opportunity to participate in the marketplace and to contribute to Europe's shared digital identity infrastructure.