Offer a credential to a wallet holder

Introduction

The following guide will show you how to take a credential created directly using the Create credential endpoint and offer it to someone using a digital wallet to hold.

This method assumes you have a secure way to obtain the subject identifier (for example using DID Auth for a new interaction or by using a previously issued credential) and are able to authenticate the user separately from the issuance flow, for example logging into a session on a website/portal or in a physical setting.

Another example use-case is re-issuing previously issued credentials, by using the information held about the user. This may start by first revoking the previous credential, then issuing a new credential before sending in a secure DID message to the wallet. As these messages are pushed it does not require the user to go to a website or perform any action other than choosing to store the new credential.

Offering an issued credential to a wallet holder requires the following steps to be performed, which this guide will take you through:

  1. Create a credential using a subject DID from the user's wallet

  2. Construct a secure DID message & encrypt using the subject DID as the recipient

  3. Send using either secure DID messaging (with push notification) or make it available through QR code/deep-link.

Pre-requisites

You need access to the MATTR VII APIs. If you’re experiencing any difficulties, contact us.

In order to offer a credential, you will need to have created one with a subject identifier, for example by using one of the previous tutorials:

Highly recommend you use the sample application to help to obtain a subject DID, create basic credentials and orchestrate the sending of DID messages.

Have an understanding of the messaging capabilities of the MATTR VII platform.

Sample App

Head over to the MATTR Global Sample Apps repo if you want to step through this guide using the Sample Direct Credential Issuance ExpressJS app. It's a simple application with a UI that you can run in your local environment to orchestrate a number of calls on your MATTR VII tenant.

https://www.datocms-assets.com/38428/1628082944-sample-app-obtain-creds-directly.png?auto=format

Get started

Once you have issued your credential, you will have a payload that is similar to this example:

Note this is just the credential body from the response of the Create credential endpoint, the full API response contains additional meta-data.

json
Copy to clipboard.
1{
2    "@context": [
3      "https://www.w3.org/2018/credentials/v1",
4      {
5        "@vocab": "https://w3id.org/security/undefinedTerm#"
6      },
7      "https://schema.org"
8    ],
9    "type": [
10      "VerifiableCredential",
11      "CourseCredential"
12    ],
13    "issuer": {
14      "id": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj",
15      "name": "tenant"
16    },
17    "issuanceDate": "2021-07-26T01:05:05.152Z",
18    "credentialSubject": {
19      "id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
20      "givenName": "Chris",
21      "familyName": "Shin",
22      "educationalCredentialAwarded": "Certificate Name"
23    },
24    "proof": {
25      "type": "Ed25519Signature2018",
26      "created": "2021-07-26T01:05:06Z",
27      "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..o6hnrrWpArG8LQz2Ex_u66_BtuPdp3Hkz18nhNdNhJ7J1k_2lmCCwsNdmo-kNFirZdSIMzqO-V3wEjMDphVEAA",
28      "proofPurpose": "assertionMethod",
29      "verificationMethod": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj#z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj"
30    }
31  }

The credentialSubject.id is required to ensure that the credential is subject-bound to the wallet that generated the DID. This same DID can be used to construct a secure DID message intended only for that recipient.

Construct the message

By using a secure DID message in the JWM format, you are able to package the credential into a payload that can be understood by the MATTR mobile wallet and other wallets.

Message template

json
Copy to clipboard.
1{
2  "id": "{{uuid}}",
3  "type": "https://mattr.global/schemas/verifiable-credential/offer/Direct",
4  "to": [
5    "{{subjectDid}}"
6  ],
7  "from": "{{issuerDid}}",
8  "created_time": 1624509675690,
9  "body": {
10    "credentials": [{{credential}}],
11    "domain": "YOUR_TENANT_SUBDOMAIN.vii.mattr.global"
12  }
13}

The payload of the message consists of the parameters:

  • The id can be any unique value, likely a uuid.

  • Use the type of https://mattr.global/schemas/verifiable-credential/offer/Direct this will be read by the wallet to determine how to action the message.

  • The to and from fields are optional, but should be provided as the subject DID and issuer DID

  • created_time as a unix timestamp in ms

  • In the body provide;

    • One or more credentials as an array, if multiple credentials are sent in the message then each one must be from the same issuer

    • The domain of the tenant you are issuing the credential from, on reciept the MATTR mobile wallet will perform a check to ensure the credentials have been issued using a DID that is available at the well known DID configuration endpoint on the specified tenant.

Encrypt the message

Once the message payload has been constructed, it can be used as the payload value in the Encrypt a message endpoint.

Encrypt request template

json
Copy to clipboard.
1{
2  "senderDidUrl": "{{messagingDidUrl}}",
3  "recipientDidUrls": [ "{{subjectDid}}"],
4  "payload": {
5    "id": "{{uuid}}",
6    "type": "https://mattr.global/schemas/verifiable-credential/offer/Direct",
7    "to": [
8      "{{subjectDid}}"
9    ],
10    "from": "{{issuerDid}}",
11    "created_time": 1624509675690,
12    "body": {
13      "credentials": [{{credential}}],
14      "domain": "YOUR_TENANT_SUBDOMAIN.vii.mattr.global"
15      }
16  }
17}

The Encrypt a message endpoint requires these parameters;

  • The senderDidUrl must be a valid DID URL (that includes a #ref to a specific key in the DID document) available on your tenant and a key that supports keyAgreement.

The DID used in messaging may need to be different to the DID used to issue the credential, for example BLS key DIDs used to issue ZKP-enabled credential cannot be used for messaging because they have no key valid for keyAgreement.

  • The recipientDid will be the subject DID used in the credential you have issued, it is important that the holder of the credential is in control of this DID as once it is encrypted only that recipient is able to view the message.

  • The payload of the message

Full example

This is what the entire payload would look like;

To keep it simple we have used a single credential and kept the same DID for issuer and messaging (senderDidUrl)

http
Copy to clipboard.
1POST https://YOUR_TENANT_SUBDOMAIN.vii.mattr.global/core/v1/messaging/encrypt

Request

json
Copy to clipboard.
1{
2  "senderDidUrl": "did:key:z6MkreuqFq6WrwozTeGKuUDz8bniTFRNAg8f3ZB862YdLp7v#z6LShWb1DVC2gkxoQ91VwHmNhci2A4NdVH4srFvLiTP6ETBK",
3  "recipientDidUrls": [ "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi"
4],
5  "payload": {
6  "id": "c80cf529-1449-42b0-a972-ee975720859d",
7  "type": "https://mattr.global/schemas/verifiable-credential/offer/Direct",
8  "to": [
9    "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi"
10  ],
11  "from": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj",
12  "created_time": 1624509675690,
13  "body": {
14    "credentials": [{
15    "@context": [
16      "https://www.w3.org/2018/credentials/v1",
17      "https://schema.org"
18    ],
19    "type": [
20      "VerifiableCredential",
21      "CourseCredential"
22    ],
23    "issuer": {
24      "id": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj",
25      "name": "tenant"
26    },
27    "issuanceDate": "2021-07-26T01:05:05.152Z",
28    "credentialSubject": {
29      "id": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
30      "givenName": "Chris",
31      "familyName": "Shin",
32      "educationalCredentialAwarded": "Certificate Name"
33    },
34    "proof": {
35      "type": "Ed25519Signature2018",
36      "created": "2021-07-26T01:05:06Z",
37      "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..o6hnrrWpArG8LQz2Ex_u66_BtuPdp3Hkz18nhNdNhJ7J1k_2lmCCwsNdmo-kNFirZdSIMzqO-V3wEjMDphVEAA",
38      "proofPurpose": "assertionMethod",
39      "verificationMethod": "did:key:z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj#z6MkndAHigYrXNpape7jgaC7jHiWwxzB3chuKUGXJg2b5RSj"
40    }
41  }],
42    "domain": "tenant.vii.mattr.global"
43  }
44}
45}

Response

json
Copy to clipboard.
1{
2  "jwe": {
3    "protected": "eyJhbGciOiJYQzIwUCJ9",
4    "recipients": [
5      {
6        "header": {
7          "alg": "ECDH-1PU+A256KW",
8          "kid": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi#z6LSoYqvKWzd8faMroS4WMHRfzeDR22w5nrcGEi9MRV4BEYA",
9          "epk": {
10            "kty": "OKP",
11            "crv": "x25519",
12            "x": "ovKlBgAF969Mpa6XYhV6imLcX4ZyVQQTpU3FkjFKk2Y"
13          },
14          "skid": "did:key:z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx#z6LSkHGWvAejiTJtKte98QAJmeSDaMtJMoupTba471nZRQhc"
15        },
16        "encrypted_key": "pZwsbPa7Vfq6KrKKLEg1jOFFkBRufsTOjrEZX6fwnu6rpQt8G_O42Q"
17      }
18    ],
19    "ciphertext": "wOiJL0zmZSaSdAk3Wn5m_XzeyiVvpJXRX3FTy0ivr3D3DTibge2I7m6DJ3kaDmXi17sy2cL0r3lsddxBcXEPDfrL8o6y5oIyodcQAo4tMY4IOXdsFHN4cTWjOyrsZhT-1GGb0QYyQ7LgCE7WgYdMX-fBetr8fhVxAoVeyYkBxRhXhF47elWlNqoLT7dfsUVYCPBjY0GN0ciQOzBvcplB8hrqVWaTvdbpgoPIGGKxcXl907gnIAX8rzFcRfh66t6M2SlGZ5pCeDvlne-StPxvIxvGJaQq02tWuA2Yykz5Gw6zz5xmPSrj7yyy26ABSM4yjQcu2q-payWQx1lkGaLrPpsbhKzq5KcXNlviz6r3aw3ERt4OO-NxmBu4ZCeK1Uvfo_wXwTawOpdjF6RB7RRjO5TJ1fGEWjpl1p84T0e-n6CE_Kxibklh4bucmx55F1rgQc1280C0k4DNJlplhoNGlFyOfaYBraT-vOJ0Fv-hKpv41npGf_uCr56Cjb4pKvMEngpAA2dglfMO0NBN5hf_FdoC6g17h4PWxcBnuCDRQcDfHvopCuCfU2H4saL07R-YRcokis2tBii7FZKS7F-eQozHzgYl68ZI3Cd5eo-4VUp3e1Xmd-b53mF3bRutV9JcY7KA1AQnwm2yyTFz0ss7a21KsYZHUi-eIhbaEf88BiMrblvp4ztDPuXUmwG4RowoRd5ZSJsdOHrkm2fniyISLGaPgcSeot22_HHsXf8bqhyxNbr6e4ghTuVZgTBBpv15DT2KSj3z3_2TgeD6VpIFwJQm1Dn_hZnSpFx-h57nsEyAAW5C9XoVJ5usnzn7TQJtZM6wsFFGd1Bgs8Xmf0p79J-QXkAWmhDi6mct5unsEnr52hnzGyLfsoH8YUjffkI55U86JZKrcMycV92IN6jF4cMoe8FbfVyu4pNrh4vKIkgVqJO0B50z0OIk8WEYIV1HoWxIzXiH6VLiC5QEZaCFyVUOnr4PFsNICLEedYwE6w0XmR2fpeMz529RPamJPYlBb9dZMGJ2RL-RnJYIH8BbhxN08EFS-4RXl27PjRoam2W6fR3fbyrObfh4H6JwXXi4ATelcBucE4zZUMrjsXMbW4CrduIis0c0f8eOPeGV4uW4W9lg4-DbsUOYY1frBSv6_1krmEvQQLgu087KfLgWMz7wqNO7UuF96ECIi7Z1yPCwx4vmtKOJN5lbFXZkzTCtV4-bltNr9PzLBJF4krqNJkwEgKe3kzrAnABKJQx1aDATk8gUJUu14635hduGBWPrY3b_isVr9tzflkCMFXq5SXV24YYCAjQsTXIRbJyV5756NwiT2L7FqzgzLmd3X6hZ5LCjv9KJwDEVCWTN9v2Zbmi8WFwrDz5LeokLGA4_Km48aJYMGpxPmL0wkEXynkIX0IhJrEu9uxEKHzEia_WjDIw80VwghZpXGVw3jYDs5R7O-zhv2lcR3UXJr_XMroe7jAV5pqWop_-ek1r7Qpt-rudjS3q_zC-uuG0SkXsL47Ni92e3MPyeDjukWAamMx7HqTx_azNL9JeeZ-w_8qd6x4wKo6qB7R0-WDFsOXHYM8HT5Aw6sKX48Dl0VfZaBE4JBXTVWTs4C9n4p3gu11bRB-tj01c3usw0vx3N-EIs5Y6cXcx3UN0O2ykWF3jCpEecUNCIzNKFTDrjALZXFvzlrdeyW5QO6sGdSVIsAZ4MDlTLRen0rzJkmw0cDmvN0OG6TvVgBoIv-Kc35g-4I8FQuUW-pIS9gQONYmCgXkQfxzjJdrcMCtQ1sV9kcg5CCirQ3KYH-5c3GhriDrNZIGJX3XkERFR9CqPFU6RSocReOr0iAx8LtssuiE1X2OeywQaAop8DJ1aQ3xaQwJQGCWSzKu_49ee6RhqSpq0EyPILxwqoHhP38NKlw5F5KGdWo6FqEzIcFVOOO160mv_yeYnIOIUnQEOGxcWSKVCiJmMcXadxtEWk2jqItbJiDxoOWs4d34eaWebVyoNOhcaim7UZQq0tE-GpFi8SZZmOmnIxL0lgZYYkvWH5WVY-n7Be6c9KoMYvQVFQ69EndcqS0zLV6unV0aZ-3CTXU1CvfSKZ1obsEozE1elYZawKiAUXQEoe2hhSmd63b3QSbduLDPs=",
20    "iv": "QKTq99Y9NjnWIDvU1XldP23j5eqXamrf",
21    "tag": "TXfEcE1wFMOOjE0GCCI7BA=="
22  }
23}

Send the message

Once you have an encrypted message containing the credential in a format that a wallet can understand, you need to make it available to the holder.

This can be achieved in different ways;

  • Secure DID messaging to the wallet, with push notification

  • Host the message and reference in a QR code or deeplink

Push a Secure DID message to the wallet

By using the MATTR VII platform messaging endpoint, you are able to send messages to recipients and if they have registered their MATTR mobile wallet to accept messages using an inbox, they will receive a push notification or be alerted next time they open the app.

Specify the subject DID as the to value and the jwe body of the encrypted message as the message body to send using the endpoint

json
Copy to clipboard.
1{
2    "to": "{{subjectDid}}",
3    "message": { jwe
4    }
5}
http
Copy to clipboard.
1POST https://YOUR_TENANT_SUBDOMAIN.vii.mattr.global/core/v1/messaging/send

Request

json
Copy to clipboard.
1{
2    "to": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi",
3    "message": {
4    "protected": "eyJhbGciOiJYQzIwUCJ9",
5    "recipients": [
6      {
7        "header": {
8          "alg": "ECDH-1PU+A256KW",
9          "kid": "did:key:z6MkfxQU7dy8eKxyHpG267FV23agZQu9zmokd8BprepfHALi#z6LSoYqvKWzd8faMroS4WMHRfzeDR22w5nrcGEi9MRV4BEYA",
10          "epk": {
11            "kty": "OKP",
12            "crv": "x25519",
13            "x": "ovKlBgAF969Mpa6XYhV6imLcX4ZyVQQTpU3FkjFKk2Y"
14          },
15          "skid": "did:key:z6MksHbxLQoQvsPRezXsJJiKXuaV9frAiuwKfbuHHTRn53jx#z6LSkHGWvAejiTJtKte98QAJmeSDaMtJMoupTba471nZRQhc"
16        },
17        "encrypted_key": "pZwsbPa7Vfq6KrKKLEg1jOFFkBRufsTOjrEZX6fwnu6rpQt8G_O42Q"
18      }
19    ],
20    "ciphertext": "wOiJL0zmZSaSdAk3Wn5m_XzeyiVvpJXRX3FTy0ivr3D3DTibge2I7m6DJ3kaDmXi17sy2cL0r3lsddxBcXEPDfrL8o6y5oIyodcQAo4tMY4IOXdsFHN4cTWjOyrsZhT-1GGb0QYyQ7LgCE7WgYdMX-fBetr8fhVxAoVeyYkBxRhXhF47elWlNqoLT7dfsUVYCPBjY0GN0ciQOzBvcplB8hrqVWaTvdbpgoPIGGKxcXl907gnIAX8rzFcRfh66t6M2SlGZ5pCeDvlne-StPxvIxvGJaQq02tWuA2Yykz5Gw6zz5xmPSrj7yyy26ABSM4yjQcu2q-payWQx1lkGaLrPpsbhKzq5KcXNlviz6r3aw3ERt4OO-NxmBu4ZCeK1Uvfo_wXwTawOpdjF6RB7RRjO5TJ1fGEWjpl1p84T0e-n6CE_Kxibklh4bucmx55F1rgQc1280C0k4DNJlplhoNGlFyOfaYBraT-vOJ0Fv-hKpv41npGf_uCr56Cjb4pKvMEngpAA2dglfMO0NBN5hf_FdoC6g17h4PWxcBnuCDRQcDfHvopCuCfU2H4saL07R-YRcokis2tBii7FZKS7F-eQozHzgYl68ZI3Cd5eo-4VUp3e1Xmd-b53mF3bRutV9JcY7KA1AQnwm2yyTFz0ss7a21KsYZHUi-eIhbaEf88BiMrblvp4ztDPuXUmwG4RowoRd5ZSJsdOHrkm2fniyISLGaPgcSeot22_HHsXf8bqhyxNbr6e4ghTuVZgTBBpv15DT2KSj3z3_2TgeD6VpIFwJQm1Dn_hZnSpFx-h57nsEyAAW5C9XoVJ5usnzn7TQJtZM6wsFFGd1Bgs8Xmf0p79J-QXkAWmhDi6mct5unsEnr52hnzGyLfsoH8YUjffkI55U86JZKrcMycV92IN6jF4cMoe8FbfVyu4pNrh4vKIkgVqJO0B50z0OIk8WEYIV1HoWxIzXiH6VLiC5QEZaCFyVUOnr4PFsNICLEedYwE6w0XmR2fpeMz529RPamJPYlBb9dZMGJ2RL-RnJYIH8BbhxN08EFS-4RXl27PjRoam2W6fR3fbyrObfh4H6JwXXi4ATelcBucE4zZUMrjsXMbW4CrduIis0c0f8eOPeGV4uW4W9lg4-DbsUOYY1frBSv6_1krmEvQQLgu087KfLgWMz7wqNO7UuF96ECIi7Z1yPCwx4vmtKOJN5lbFXZkzTCtV4-bltNr9PzLBJF4krqNJkwEgKe3kzrAnABKJQx1aDATk8gUJUu14635hduGBWPrY3b_isVr9tzflkCMFXq5SXV24YYCAjQsTXIRbJyV5756NwiT2L7FqzgzLmd3X6hZ5LCjv9KJwDEVCWTN9v2Zbmi8WFwrDz5LeokLGA4_Km48aJYMGpxPmL0wkEXynkIX0IhJrEu9uxEKHzEia_WjDIw80VwghZpXGVw3jYDs5R7O-zhv2lcR3UXJr_XMroe7jAV5pqWop_-ek1r7Qpt-rudjS3q_zC-uuG0SkXsL47Ni92e3MPyeDjukWAamMx7HqTx_azNL9JeeZ-w_8qd6x4wKo6qB7R0-WDFsOXHYM8HT5Aw6sKX48Dl0VfZaBE4JBXTVWTs4C9n4p3gu11bRB-tj01c3usw0vx3N-EIs5Y6cXcx3UN0O2ykWF3jCpEecUNCIzNKFTDrjALZXFvzlrdeyW5QO6sGdSVIsAZ4MDlTLRen0rzJkmw0cDmvN0OG6TvVgBoIv-Kc35g-4I8FQuUW-pIS9gQONYmCgXkQfxzjJdrcMCtQ1sV9kcg5CCirQ3KYH-5c3GhriDrNZIGJX3XkERFR9CqPFU6RSocReOr0iAx8LtssuiE1X2OeywQaAop8DJ1aQ3xaQwJQGCWSzKu_49ee6RhqSpq0EyPILxwqoHhP38NKlw5F5KGdWo6FqEzIcFVOOO160mv_yeYnIOIUnQEOGxcWSKVCiJmMcXadxtEWk2jqItbJiDxoOWs4d34eaWebVyoNOhcaim7UZQq0tE-GpFi8SZZmOmnIxL0lgZYYkvWH5WVY-n7Be6c9KoMYvQVFQ69EndcqS0zLV6unV0aZ-3CTXU1CvfSKZ1obsEozE1elYZawKiAUXQEoe2hhSmd63b3QSbduLDPs=",
21    "iv": "QKTq99Y9NjnWIDvU1XldP23j5eqXamrf",
22    "tag": "TXfEcE1wFMOOjE0GCCI7BA=="
23  }
24}

Response

200 response indicates that the message payload has been sent to the service endpoint of the dereferenced DID Document (or the default MATTR service endpoint).

The MATTR mobile wallet will follow valid 302 redirects to online resources, this allows you to make the secure message available to wallet holders and construct a URL that can be included in a QR code or deep-link.

To host the message you would need to first base64url encode the jwe to be URL safe.

http
Copy to clipboard.
1https://YOUR_HOST_PROVIDER.com?request={{base64url(jwe)}}

Then create a redirect to this hosted message.

bash
Copy to clipboard.
1Redirect                 Content
2redirectid=1234567.      request=ewogICAgInByb3RlY3RlZCI6ICJleUpoYkdjaU9pSllRekl3VUNKOSIsCiAgICAicmVjaXBpZW50cyI6IFsKICAgICAgewogICAgICAgICJoZWFkZXIiOiB7CiAgICAgICAgICAiYWxnIjogIkVDREgtMVBVK0EyNTZLVyIsCiAgICAgICAgICAia2lkIjogImRpZDprZXk6ejZNa2Z4UVU3ZHk4ZUt4eUhwRzI2N0ZWMjNhZ1pRdTl6bW9rZDhCcHJlcGZIQUxpI3o2TFNvWXF2S1d6ZDhmYU1yb1M0V01IUmZ6ZURSMjJ3NW5yY0dFaTlNUlY0QkVZQSIsCiAgICAgICAgICAiZXBrIjogewogICAgICAgICAgICAia3R5IjogIk9LUCIsCiAgICAgICAgICAgICJjcnYiOiAieDI1NTE5IiwKICAgICAgICAgICAgIngiOiAib3ZLbEJnQUY5NjlNcGE2WFloVjZpbUxjWDRaeVZRUVRwVTNGa2pGS2syWSIKICAgICAgICAgIH0sCiAgICAgICAgICAic2tpZCI6ICJkaWQ6a2V5Ono2TWtzSGJ4TFFvUXZzUFJlelhzSkppS1h1YVY5ZnJBaXV3S2ZidUhIVFJuNTNqeCN6NkxTa0hHV3ZBZWppVEp0S3RlOThRQUptZVNEYU10Sk1vdXBUYmE0NzFuWlJRaGMiCiAgICAgICAgfSwKICAgICAgICAiZW5jcnlwdGVkX2tleSI6ICJwWndzYlBhN1ZmcTZLcktLTEVnMWpPRkZrQlJ1ZnNUT2pyRVpYNmZ3bnU2cnBRdDhHX080MlEiCiAgICAgIH0KICAgIF0sCiAgICAiY2lwaGVydGV4dCI6ICJ3T2lKTDB6bVpTYVNkQWszV241bV9YemV5aVZ2cEpYUlgzRlR5MGl2cjNEM0RUaWJnZTJJN202REoza2FEbVhpMTdzeTJjTDByM2xzZGR4QmNYRVBEZnJMOG82eTVvSXlvZGNRQW80dE1ZNElPWGRzRkhONGNUV2pPeXJzWmhULTFHR2IwUVl5UTdMZ0NFN1dnWWRNWC1mQmV0cjhmaFZ4QW9WZXlZa0J4UmhYaEY0N2VsV2xOcW9MVDdkZnNVVllDUEJqWTBHTjBjaVFPekJ2Y3BsQjhocnFWV2FUdmRicGdvUElHR0t4Y1hsOTA3Z25JQVg4cnpGY1JmaDY2dDZNMlNsR1o1cENlRHZsbmUtU3RQeHZJeHZHSmFRcTAydFd1QTJZeWt6NUd3Nnp6NXhtUFNyajd5eXkyNkFCU000eWpRY3UycS1wYXlXUXgxbGtHYUxyUHBzYmhLenE1S2NYTmx2aXo2cjNhdzNFUnQ0T08tTnhtQnU0WkNlSzFVdmZvX3dYd1Rhd09wZGpGNlJCN1JSak81VEoxZkdFV2pwbDFwODRUMGUtbjZDRV9LeGlia2xoNGJ1Y214NTVGMXJnUWMxMjgwQzBrNEROSmxwbGhvTkdsRnlPZmFZQnJhVC12T0owRnYtaEtwdjQxbnBHZl91Q3I1NkNqYjRwS3ZNRW5ncEFBMmRnbGZNTzBOQk41aGZfRmRvQzZnMTdoNFBXeGNCbnVDRFJRY0RmSHZvcEN1Q2ZVMkg0c2FMMDdSLVlSY29raXMydEJpaTdGWktTN0YtZVFvekh6Z1lsNjhaSTNDZDVlby00VlVwM2UxWG1kLWI1M21GM2JSdXRWOUpjWTdLQTFBUW53bTJ5eVRGejBzczdhMjFLc1laSFVpLWVJaGJhRWY4OEJpTXJibHZwNHp0RFB1WFVtd0c0Um93b1JkNVpTSnNkT0hya20yZm5peUlTTEdhUGdjU2VvdDIyX0hIc1hmOGJxaHl4TmJyNmU0Z2hUdVZaZ1RCQnB2MTVEVDJLU2ozejNfMlRnZUQ2VnBJRndKUW0xRG5faFpuU3BGeC1oNTduc0V5QUFXNUM5WG9WSjV1c256bjdUUUp0Wk02d3NGRkdkMUJnczhYbWYwcDc5Si1RWGtBV21oRGk2bWN0NXVuc0VucjUyaG56R3lMZnNvSDhZVWpmZmtJNTVVODZKWktyY015Y1Y5MklONmpGNGNNb2U4RmJmVnl1NHBOcmg0dktJa2dWcUpPMEI1MHowT0lrOFdFWUlWMUhvV3hJelhpSDZWTGlDNVFFWmFDRnlWVU9ucjRQRnNOSUNMRWVkWXdFNncwWG1SMmZwZU16NTI5UlBhbUpQWWxCYjlkWk1HSjJSTC1SbkpZSUg4QmJoeE4wOEVGUy00UlhsMjdQalJvYW0yVzZmUjNmYnlyT2JmaDRINkp3WFhpNEFUZWxjQnVjRTR6WlVNcmpzWE1iVzRDcmR1SWlzMGMwZjhlT1BlR1Y0dVc0VzlsZzQtRGJzVU9ZWTFmckJTdjZfMWtybUV2UVFMZ3UwODdLZkxnV016N3dxTk83VXVGOTZFQ0lpN1oxeVBDd3g0dm10S09KTjVsYkZYWmt6VEN0VjQtYmx0TnI5UHpMQkpGNGtycU5Ka3dFZ0tlM2t6ckFuQUJLSlF4MWFEQVRrOGdVSlV1MTQ2MzVoZHVHQldQclkzYl9pc1ZyOXR6ZmxrQ01GWHE1U1hWMjRZWUNBalFzVFhJUmJKeVY1NzU2TndpVDJMN0Zxemd6TG1kM1g2aFo1TENqdjlLSndERVZDV1ROOXYyWmJtaThXRndyRHo1TGVva0xHQTRfS200OGFKWU1HcHhQbUwwd2tFWHlua0lYMEloSnJFdTl1eEVLSHpFaWFfV2pESXc4MFZ3Z2hacFhHVnczallEczVSN08temh2MmxjUjNVWEpyX1hNcm9lN2pBVjVwcVdvcF8tZWsxcjdRcHQtcnVkalMzcV96Qy11dUcwU2tYc0w0N05pOTJlM01QeWVEanVrV0FhbU14N0hxVHhfYXpOTDlKZWVaLXdfOHFkNng0d0tvNnFCN1IwLVdERnNPWEhZTThIVDVBdzZzS1g0OERsMFZmWmFCRTRKQlhUVldUczRDOW40cDNndTExYlJCLXRqMDFjM3VzdzB2eDNOLUVJczVZNmNYY3gzVU4wTzJ5a1dGM2pDcEVlY1VOQ0l6TktGVERyakFMWlhGdnpscmRleVc1UU82c0dkU1ZJc0FaNE1EbFRMUmVuMHJ6SmttdzBjRG12TjBPRzZUdlZnQm9Jdi1LYzM1Zy00SThGUXVVVy1wSVM5Z1FPTlltQ2dYa1FmeHpqSmRyY01DdFExc1Y5a2NnNUNDaXJRM0tZSC01YzNHaHJpRHJOWklHSlgzWGtFUkZSOUNxUEZVNlJTb2NSZU9yMGlBeDhMdHNzdWlFMVgyT2V5d1FhQW9wOERKMWFRM3hhUXdKUUdDV1N6S3VfNDllZTZSaHFTcHEwRXlQSUx4d3FvSGhQMzhOS2x3NUY1S0dkV282RnFFekljRlZPT08xNjBtdl95ZVluSU9JVW5RRU9HeGNXU0tWQ2lKbU1jWGFkeHRFV2syanFJdGJKaUR4b09XczRkMzRlYVdlYlZ5b05PaGNhaW03VVpRcTB0RS1HcEZpOFNaWm1PbW5JeEwwbGdaWVlrdldINVdWWS1uN0JlNmM5S29NWXZRVkZRNjlFbmRjcVMwekxWNnVuVjBhWi0zQ1RYVTFDdmZTS1oxb2JzRW96RTFlbFlaYXdLaUFVWFFFb2UyaGhTbWQ2M2IzUVNiZHVMRFBzPSIsCiAgICAiaXYiOiAiUUtUcTk5WTlOam5XSUR2VTFYbGRQMjNqNWVxWGFtcmYiLAogICAgInRhZyI6ICJUWGZFY0Uxd0ZNT09qRTBHQ0NJN0JBPT0iCiAgfQ

QR code

For a QR code you would need to construct a URL to be;

http
Copy to clipboard.
1didcomm://https://YOUR_HOST_PROVIDER.com?redirectid=1234567

Using an online service the QR code would look like this https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=didcomm://https://YOUR_HOST_PROVIDER.com?redirectid=1234567

For a deep-link you would need to perform another base64url encoding of the didcomm:// URL;

bash
Copy to clipboard.
1echo -n 'didcomm://https://YOUR_HOST_PROVIDER.com?redirectid=1234567' | base64url

Then construct the URL to include the bundle id of the wallet;

http
Copy to clipboard.
1global.mattr.wallet://accept/ZGlkY29tbTovL2h0dHBzOi8vWU9VUl9IT1NUX1BST1ZJREVSLmNvbT9yZWRpcmVjdGlkPTEyMzQ1Njc

By following this URL whilst on your device, it will open the MATTR mobile wallet, follow the redirect you have configured and navigate to the Credential Offer screen in the wallet, where you can store the credential.

Try it out

Make sure you have the MATTR Wallet app installed and have accepted the notification request during the onboarding steps.

  1. First, obtain a DID from the Mobile Wallet either a using DID Auth or by copying the 'Public DID' available in the Settings menu

  2. Create a Credential and construct the message payload

  3. Encrypt the payload

  4. Send the encrypted payload or construct a QR code/deep-link redirect URL

On your mobile device, you should see a notification message appear. Tap on the message and authenticate using biometrics or PIN. The app should navigate you to the Credential offer screen where you can view the credential you have issued.

https://www.datocms-assets.com/38428/1628110946-obtain-cred-directly-2.png?auto=format

As long as the domain checks are valid and the credential isn't a duplicate then you will be able to Store the credential in your wallet.

The MATTR mobile wallet will check for duplicate credentials, these are credentials that contain the exact same proofs.

Viewing the credential is as simple as tapping on the Credential card. Each time the credential is opened a validity check is performed.

https://www.datocms-assets.com/38428/1628111055-obtain-cred-directly-3.png?auto=format