GuidesiOS mDocs Holder SDK🎓 Online presentation

Learn how to build an iOS application that can present an mDoc via an online workflow

Introduction

In this tutorial we will use the iOS native mDoc Holder SDK to build an iOS application that can present a claimed mDoc to a verifier remotely via an online presentation workflow as per ISO/IEC 18013-7:2024 and OID4VP.

This app will support both same-device and cross-device workflows to accommodate flexible user journeys.

Same-device workflow

Tutorial Workflow

  1. The user interacts with a website on their mobile device browser.
  2. The user is asked to present information as part of the interaction.
  3. The user is redirected to the application we will build in this tutorial.
  4. The application authenticates the user.
  5. The user is informed of what information they are about to share and provide their consent.
  6. The user is redirected back to the browser where verification results are displayed, enabling them to continue with the interaction.

The result will look something like this:

Cross-device workflow

Tutorial Workflow

  1. The user interacts with a website on their desktop browser.
  2. The user is asked to present information as part of the interaction.
  3. The user scans a QR code using a mobile device where the tutorial application is installed.
  4. The tutorial application is launched on the mobile device.
  5. The tutorial application authenticates the user.
  6. The user is informed of what information they are about to share and provide their consent.
  7. Verification results are displayed in the user’s desktop browser, enabling them to continue with the interaction.

The result will look something like this:

Prerequisites

Before we get started, let’s make sure you have everything you need.

Prior knowledge

If you need to get a holding solution up and running quickly with minimal development resources and in-house domain expertise, talk to us about our white-label MATTR GO Hold app which might be a good fit for you.

Assets

  • As part of your onboarding process you should have been provided with access to the following assets:
    • ZIP file which includes the required framework: (MobileCredentialHolderSDK-*version*.xcframework.zip).
    • Sample Wallet app: You can use this app for reference as we work through this tutorial.

This tutorial is only meant to be used with the most recent version of the iOS mDocs Holder SDK.

Development environment

  • Xcode setup with either:
    • Local build settings if you are developing locally.
    • iOS developer account if you intend to publish your app.

Prerequisite tutorial

  • You must complete the Claim a credential tutorial and claim the mDoc provided in the tutorial.
  • This application is used as the base for the current tutorial.

Testing devices

  • Supported iOS device to run the built application on, setup with:
    • Biometric authentication (Face ID, Touch ID).
    • Bluetooth access and Bluetooth turned on.
    • Available internet connection.

Tutorial steps

To enable a user to present a stored mDoc to a verifier via an online presentation workflow, you will build the following capabilities into your application:

  1. Register the verifier’s Authorization endpoint.
  2. Create an online presentation session.
  3. Handle a presentation request.
  4. Send a presentation response.

Register the verifier’s Authorization endpoint

The Authorization endpoint is a URI associated with an application identifier in the MATTR VII tenant configuration. It is used to invoke an application that will handle the presentation request. The application then uses the URI to retrieve a request object, which details what information is required for verification.

Online verifiers are recommended to generate this URI as a Universal link, as this enables them to explicitly define and validate applications that can respond to their verification requests.

However, for simplicity reasons in this tutorial our verifier is using the default custom URI scheme defined by the OID4VP specification (mdoc-openid4vp). This means that we need to configure the application to be able to handle this custom URI scheme.

  1. Open the Xcode project with the application built in the Claim a credential tutorial.
  2. Register mdoc-openid4vp as a recognized URL scheme:
    • Open the project view and select your application target.
    • Select the Info tab.
    • Scroll down and expand the URL Types area.
    • Select the plus button.
    • Insert mdoc-openid4vp in both the Identifier and URL Schemes fields.

Create a new project

  1. Run the app and then close it (this updates the app on your testing device) and perform the following instructions:

    • Use a desktop browser to navigate to the MATTR Labs Maggie’s Groceries demo, where you must provide proof for purchasing an age restricted item.
    • In the checkout area, use the dropdown list to select Generic Wallet.
    • Select Share from wallet.
    • Open the camera on your testing mobile device and scan the QR code.
    • Confirm opening the QR code with your tutorial application.
    • The tutorial application should be launched on your testing mobile device.

Create an online presentation session

Now that the application can handle an OID4VP custom URI scheme, the next step is build the capability to use the request URI to retrieve the request object, which includes the following information:

  • What credentials are required.
  • What specific claims are required from these credentials.
  • What MATTR VII tenant to interact with.

  1. In your project’s ContentView file, add the following code under the // Online Presentation - Step 2.1: Create a variable to hold the online presentation session object comment to create a variable that will hold the online presentation session object.

    Swift
    @Published var onlinePresentationSession: OnlinePresentationSession?

  2. Add the following code under the // Online Presentation - Step 2.2: Create createOnlinePresentationSession function to create a function that uses the SDK’s createOnlinePresentationSession method with the authorizationRequestURI parameter (the request URI retrieved from the link/QR code) to create an OnlinePresentationSession instance and assign it to the onlinePresentationSession variable created in the previous step:

    Swift
    func createOnlinePresentationSession(authorizationRequestURI: String) async {
    Task { @MainActor in
        do {
            onlinePresentationSession = try await mobileCredentialHolder.createOnlinePresentationSession(authorisationRequestUri: authorizationRequestURI, requireTrustedVerifier: false)
        } catch {
            print(error.localizedDescription)
        }
    }
}

We chose to set requireTrustedVerifier parameter to false because we want the SDK to trust all verifiers by default. If you require to interact with a limited list of verifiers, you may want to manually add trusted verifier certificates and set the parameter to true. You can learn more about certificate management in our SDK docs.

  1. Add the following code under the // Online Presentation - Step 2.3: Create session from request URI comment to add an onOpenURL modifier that will call the createOnlinePresentationSession when the application is launched following selecting a link (same-device flow) or scanning a QR code (cross-device flow) that includes a registered URI:

    Swift
    .onOpenURL { url in
     Task {
         await viewModel.createOnlinePresentationSession(authorizationRequestURI: url.absoluteString)
     }
     // Online Presentation - Step 3.6: Launch online presentation session view automatically
}

Handle a presentation request

We will now build the capability to use information retrieved by the createOnlinePresentationSession function to handle the presentation request. This includes:

  • Displaying what information is requested.
  • Displaying what existing credentials match the request.
  • Getting user’s consent to sharing the information.
  1. Add the following code under the // Online Presentation - Step 3.1: Create variable to store selected credential comment to create a variable that will store the credential the user will select to share with the verifier:
Swift
@State var selectedCredential: String?
  1. Add the following code under the // Online Presentation - Step 3.2: Create PresentCredentialsView comment to add a new view that will be used for displaying matched credentials and enabling the user to select a credential to share with the verifier:
Swift
var onlinePresentationSessionView: some View {
    VStack {
        if viewModel.onlinePresentationSession?.matchedCredentials != nil {
            List(selection: $selectedCredential) {
                Section(header: Text("Requested Document")) {
                    Text("\(viewModel.onlinePresentationSession!.matchedCredentials![0].request.docType)")
                }
                let matchedCredentials = viewModel.onlinePresentationSession!.matchedCredentials![0].matchedMobileCredentials
                Section(header: Text("Please select matching document to present")) {
                    ForEach(matchedCredentials, id: \.id) { credential in
                        Text(credential.docType)
                    }
                }
            }
            if let selectedCredential {
                Button {
                    // Online Presentation Step 4.2: Call sendResponse function
                } label: {
                    Text("Send Response")
                }
            }
        }
        Spacer()
    }
}
  1. Add the following code under the // Online Presentation - Step 3.3: Add isPresentingOnlinePresentation variable comment to manage navigation to the onlinePresentationSessionView view:
Swift
    @State var isPresentingOnlinePresentation = false
  1. Add the following code under the // Online Presentation - Step 3.4: View Online Presentation Session comment to add add a new button that will enable the user to manually navigate to the onlinePresentationSessionView view if required:
Swift
    if viewModel.onlinePresentationSession != nil {
        Button("View Online Presentation Session") {
            isPresentingOnlinePresentation = true
        }
        .padding()
    }
  1. Add the following code under the // Online Presentation - Step 3.5: Add navigation to onlinePresentationSessionView comment to control navigation to the onlinePresentationSessionView view:
Swift
     .navigationDestination(isPresented: $isPresentingOnlinePresentation) {
        onlinePresentationSessionView
    }
  1. Add the following code under the // Online Presentation - Step 3.6: Launch online presentation session view automatically comment to automatically launch the onlinePresentationSessionView view when the user interacts with an online credential request:
Swift
    isPresentingOnlinePresentation = true

  1. Run the app and then close it (this updates the app on your testing device) and perform the following instructions:

    • Use a desktop browser to navigate to the MATTR Labs Maggie’s Groceries demo, where you must provide proof for purchasing an age restricted item.
    • In the checkout area, use the dropdown list to select Generic Wallet.
    • Select Share from wallet.
    • Open the camera on your testing mobile device and scan the QR code.
    • Confirm opening the QR code with your tutorial application.
    • The tutorial application should be launched on your testing mobile device, displaying the verification request and any matching credentials.

The result will look something like this:

Send response

After displaying matching credentials to the user and enabling them to select what credential to share, the last thing we need to do is build the capability to share the selected credential with the verifier.

  1. Add the following code under the // Online Presentation - Step 4.1: Create send response function comment to create a new function that will call the SDK’s sendResponse method of the onlinePresentationSession object and send the selected credential to the verifier:
Swift
    func sendOnlinePresentationSessionResponse(_ id: String) {
    Task { @MainActor in
        do {
        _ = try await onlinePresentationSession?.sendResponse(credentialIds: [id])
        } catch {
            print(error)
        }
    }
}
  1. Add the following code after the // Online Presentation - Step 4.2: Call sendResponse function so that the sendResponse function is called when the user selects the Send Response button.
Swift
viewModel.sendOnlinePresentationSessionResponse(selectedCredential)
isPresentingOnlinePresentation = false

Test the application

Let’s test that the application is working as expected in both workflows.

Same-device workflow

  1. Run the app and then close it (this updates the app on your testing device).
  2. Use a browser on your testing mobile device to navigate to the MATTR Labs Maggie’s Groceries demo, where you must provide proof for purchasing an age restricted item.
  3. In the checkout area, use the dropdown list to select Generic Wallet.
  4. Select Share from wallet.
  5. Select Allow to open the tutorial application.
  6. The tutorial application should be launched on your testing mobile device.
  7. Select the credential you wish to send to the verifier from the list of matched credentials.
  8. Select Send Response.
  9. You should be redirected back to Maggie’s online store and see a Over 18 years old verified indication.
  10. You can now proceed with the interaction (don’t expect any items to be shipped to you by Maggie’s though).

The result will look something like this:

Cross-device workflow

  1. Run the app and then close it (this updates the app on your testing device).
  2. Use a desktop browser to navigate to the MATTR Labs Maggie’s Groceries demo, where you must provide proof for purchasing an age restricted item.
  3. In the checkout area, use the dropdown list to select Generic Wallet.
  4. Select Share from wallet.
  5. Open the camera on your testing mobile device and scan the QR code.
  6. Confirm opening the QR code with your tutorial application.
  7. The tutorial application should be launched on your testing mobile device.
  8. Select the credential you wish to send to the verifier from the list of matched credentials.
  9. Select Send Response.
  10. Back on your desktop browser, you should see a Over 18 years old verified indication.
  11. You can proceed with the interaction (don’t expect any items to be shipped to you by Maggie’s though).

The result will look something like this:

Summary

You have just used the iOS native mDoc Holder SDK to build an iOS application that can present a claimed mDoc to a verifier remotely via an online presentation workflow as per ISO/IEC 18013-7:2024 and OID4VP.

Tutorial Workflow

This was achieved by building the following capabilities into the application:

  1. Handle an OID4VP request URI.
  2. Create an online presentation session.
  3. Handle a presentation request.
  4. Send a presentation response.

What’s next?

  • You can check out the iOS mDoc holder SDK Docs to learn more about available functions and classes.
🎓 Claim a credential🎓 Proximity presentation