German EUDI Interoperability
The German EUDI Ecosystem offers a sandbox for wallet-relying parties to test against the EUDI Wallet, and a playground for testing wallets against verification scenarios.
What works
| Flow | Status |
|---|---|
| Procivis One Desk verifying an mdoc PID from the EUDI Wallet | ✅ |
| EUDI Wallet Playground issuing to Procivis One Wallet (pre-authorized code) | ✅ |
| EUDI Wallet Playground issuing to Procivis One Wallet (authorization code) | ❌ |
| Procivis One Wallet presenting to the EUDI Wallet Playground verifier | ✅ |
Known limitations
- Authorization code flow: issuance fails when the EUDI Wallet Playground sends
authorization_detailsas a form-encoded JSON string in the PAR request, which is the correct encoding per the OAuth spec. This appears to be an issue on their side. - Certificate trust chain: the EUDI Wallet build doesn't have the EUDI sandbox root certificate available locally, so the full certificate chain (access certificate plus root, retrieved from the sandbox's trust list) must be provided when creating the certificate identifier.
- CRL resolution: the root certificate's CRL entry doesn't resolve correctly. The leaf certificate's CRL entry works as expected.
- No registration certificate validation: the EUDI Wallet doesn't currently validate registration certificates, so relying parties can request any credentials.
- Credential format: the EUDI Wallet currently only provisions mdoc PID credentials; no SD-JWT VC credentials are available to test against.
- Verifier metadata: the EUDI Wallet Playground verifier advertises incorrect
mso_mdocalgorithm metadata (usingalginstead of the spec-definedissuerauth_alg_values/deviceauth_alg_values). Once corrected, the presentation flow works.
Try it yourself
When verifying presentations from the EUDI Wallet:
- Use
OPENID4VCI_FINAL1_HAIP - Use a certificate identifier with the
x509_hashscheme - Create an ECDSA key first in the Desk, then generate an access certificate via the sandbox dashboard using that key's public key (PEM format). Use the resulting full certificate chain (access certificate + sandbox root certificate) to create a certificate identifier, following the same process as creating EUDI-compatible certificate identifiers.
When presenting to the EUDI Wallet Playground verifier:
- Use the pre-authorized code flow
- (how to fix mdoc presentation metadata to get the flow to work??)
Tested versions
| Component | Version | Date tested |
|---|---|---|
| EUDI Wallet and Wallet Playground | ??? | March 2026 |