TL;DR

• New release - OID4VCI v1 in Community Stack Issuer, transaction data authorization for payment flows, automated status list rollover, and much more.
• New resources – eIDAS 2 guide for financial services, interactive DCQL Builder tool for credential requests.

Community Stack (0.21.0)

Below are the highlights available through 0.21.0 of the identity lib. Check out the full change log for 0.21.0 here. Want to learn more about the identity lib in general? Check out our intro video.

0.21.0

Features

Issuer 2

Issue credentials aligned with the OID4VCI v1 version with our new issuer2 service in the Community Stack. Next to core capabilities such as tx-code support for pre-auth flows and wallet-initiated issuance, the issuer2 also comes with an improved general interface, including a profile system to issue credentials.

Learn more here

Transaction Data Support In the Verifier 2

Bind credential presentations to specific transaction data in the Community Stack Verifier, aligned with the EUDI TS-12 Strong Customer Authentication specification. Enable payment authorizations, account access requests, and custom transaction types. It supports SD-JWT VC and mDL credentials via configurable transaction data profiles.

Learn more here

OpenID4VP 1.0 holder support

Added OpenID4VP 1.0 holder support with draft compatibility, including request_uri POST metadata/nonce validation, unified VP format capabilities, and hardened request object handling

Learn more here

X.509 Certificate Signing Request (CSR) support

Added X.509 Certificate Signing Request (CSR) support in the x509 library for certificate generation workflows

Learn more here

x5c support for W3C Credentials

Added x5c support for W3C Credentials, enabling X.509 certificate chain embedding in credential signatures

Learn more here

Ktor/Gradle Upgrades

Upgraded to Ktor 3.4.3 and Gradle 9 with conformance test improvements, vulnerability fixes, and enhanced error handling

Metadata Resolution

Simplified metadata URL construction and resolution logic. Added path-aware metadata URL resolution for OpenID4VCI wallet. Improved error body logging in IssuerMetadataResolver.

Conformance / Testing

Upgraded conformance tests with Ktor 3.4.3 migration. Added KB IAT check policy for SD-JWT. Updated certificates and trust anchors for conformance tests. Improved presentation verification error messages. Fixed vulnerable transient dependency of Azure library.

Infrastructure / Deployment

Refactored kubeconfig and updated deployment configurations. Updated ingress class from nginx to Traefik across services. Updated storageClass references for cloud deployments. Removed initContainers from wallet-api deployment. Fixed Docker Compose setup.

Fixes

• Fixed typo in codebase (#1780).
• Fixed stale import (#1785).
• Fixed WebDataFetcher JVM hang by moving to companion object.
• Fixed database transaction context for KeysService.list() calls.
• Fixed SD-JWT verification with issuer key set.
• Fixed status list debug logging (thousands of 0s).

Enterprise Stack (0.21.0)

Below are the new feature highlights available through 0.21.0 of the Enterprise Stack. Check out the full change log for 0.21.0 here. Want to learn more about the enterprise stack in general? Check out our intro video.

0.21.0

Features

Transaction Data Support In the Verifier 2

Bind credential presentations to specific transaction data in the Community Stack Verifier, aligned with the EUDI TS-12 Strong Customer Authentication specification. Enable payment authorizations, account access requests, and custom transaction types. It supports SD-JWT VC and mDL credentials via configurable transaction data profiles.

Learn more here

Status List Capacity & Auto-Rollover via the Credential Status Service

Manage credential status at scale with configurable capacity monitoring and automatic rollover for status lists in the Enterprise Stack. Set warning and critical thresholds to track usage, and enable auto-rollover to seamlessly create new status lists when reaching capacity limits—ensuring uninterrupted credential lifecycle management for high-volume issuance scenarios.

Learn more here

Certificate Signing Request (CSR) Workflows

Generate and process PKCS#10 Certificate Signing Requests with the X.509 Certificate Service in the Enterprise Stack. Enable proof-of-possession workflows where requesters prove control of private keys before certificate issuance—supporting both generic certificates and ISO Document Signer certificates.

Learn more here

Improved Issuer2 UI

Streamline credential issuance workflows with improved Enterprise UI for the Issuer2 service.

Database Migration Framework

Deploy schema updates safely across multi-node clusters with our new database migration framework. Featuring cluster-aware coordination, dry-run validation, rollback capabilities, and automatic recovery from node restarts—ensuring zero-downtime migrations and consistent database state across distributed Enterprise Stack deployments.

Resource Timestamps

Track resource lifecycle with automatic timestamps in the Enterprise Stack. All resources now include server-side createdAt and updatedAt timestamps with indexed sorting support. Migration to populate existing data with timestamp fields is also supported.

Fixes an improvements

• Fixed issuerState handling for preauthorized offers.
• Updated token and credential endpoint errors.
• Upgraded to Ktor 3.4 with associated fixes.
• Removed openid metadata endpoint.
• Fixed OIDC metadata compatibility.
• Updated MongoDB connection strings for new infrastructure.
• Updated ingress class from nginx to Traefik.
• Updated kubeconfig secret references.
• Updated helm and k8s deployment workflow references.
• Fixed policy field comparison to avoid timestamp mismatch in tests.
• Fixed Sonar findings and code cleanup.
• Reduced code duplication across services.
• Removed unnecessary try-catch blocks.
• Fixed duplicate imports after merge.

Digital Government Demo: Credential Issuance, Verification & Trust

Our latest demo shows how the walt.id products enable everything from credential issuance and verification to handling the underlying ecosystem trust layer in a digital government portal.

Watch the full demo here

eIDAS 2 for Financial Services

A complete guide for banks navigating wallet acceptance, Strong Customer Authentication, and the 2027 compliance deadline. Understand the three roles banks play under eIDAS 2, how wallet-based SCA works under PSD2 with TS12, reusable KYC for customer onboarding, and qualified e-signatures for contracts.

Learn more

DCQL Builder by walt.id

Define the credentials you want to request and get a valid DCQL query instantly. Our interactive tool generates standards-compliant Digital Credentials Query Language queries for OpenID4VP credential verification—supporting SD-JWT VC, mDL, and W3C VC formats with real-time validation and seamless integration to the walt.id Verifier.

Try the DCQL Builder

PS: If you enjoy working with our tools, make sure to leave us a ⭐ on GitHub