Connectors

PingOne Credentials Connector

Use the PingOne Credentials connector to issue, verify, and manage digital verifiable credentials with PingOne Credentials.

The connector sets up flows that help users issue credentials based on credentials templates and issuance rules that are configured and tied to the PingOne Digital Wallet Application.

This connector also helps set up flows that the credential verification service receives and responds to using the Decentralized Identity Foundation’s JWT VC Presentation Profile. Capabilities use the PingOne native protocols, which only work with apps that use the PingOne Neo Native SDKs.

Setup

Resources

For information and setup help, see the following sections of the PingOne Credentials and DaVinci documentation:

Requirements

To use the PingOne Credentials connector, you’ll need:

  • A PingOne license with PingOne credentials (Try PingOne for free)

  • A PingOne environment with a configured application

  • A PingOne application associated with a digital wallet and a Digital Wallet URL used to send notifications to the user related to the credentials

Depending on flow use case and the capabilities you use, you might also need:

  • A PingOne Digital Wallet Application ID, the Identifier (UUID) associated with the credential digital wallet app. For more information on developing and registering the wallet app that runs the PingOne Neo SDK, see Getting started with PingOne Credentials.

  • A Credential Type ID, the Identifier (UUID) associated with the credential type, used by compatible wallet apps. You can learn more about creating and updating a credential type in the PingOne admin console, or PingOne Credential Types API endpoint.

  • A Issuance Rule ID, the Identifier (UUID) of the credential issuance rules operations to create, read, and update rules for issuing, updating, and revoking credentials by credential type. Credential issuance rules can be set through the PingOne admin console, or Credential Issuance Rules API endpoint.

Setting up PingOne

Setting up your PingOne environment

Sign up for PingOne and configure an environment with PingOne Credentials. Make sure to also add the PingOne DaVinci service to your environment. Follow the instructions in Getting started with PingOne and Creating an environment.

Getting your environment details

Get your Environment ID and Region before setting up the PingOne Credentials connector in DaVinci:

  1. In your PingOne environment, go to Settings → Environment Properties.

  2. Locate the Environment ID and Region.

  3. Copy these values to a secure location.

Getting your application credentials

Get the Client ID and Client secret from the PingOne console before setting up the PingOne Credentials connector in DaVinci:

  1. In your PingOne environment, go to Applications → Applications. If you haven’t added the application yet, see Adding an application.

  2. Locate the appropriate application and then click its entry to open the details panel.

  3. On the Profile tab, locate the Client ID and Client secret.

  4. Copy these values to a secure location.

Setting up the connector

In DaVinci, go to Connections and add a PingOne Credentials connection. For help, see Adding a connector.

Connector settings

Environment ID

The unique identifier for the appropriate PingOne environment. To find the environment ID, see Environment properties.

Client ID

The unique public identifier for the PingOne application. To find the client ID, see Viewing application details.

Client secret

The cryptographic secret that is known only to the application and the authorization server. To find the client secret, see Viewing a client secret.

Region

The geographic region that hosts your PingOne tenant. To find the region, see Environment properties.

Using the connector in a flow

You can use the PingOne Credentials connector to issue, verify, and manage digital verifiable credentials.

The following example flows show issuance and verification demonstrations.

The example issuance flow contains the following nodes.

A screen capture of an issuance flow in PingOne DaVinci.

  1. Simulate user proofing/authentication:

    1. The Get user details node lets the user input their information into PingOne.

    2. The Create user node creates the user in PingOne.

  2. Create user digital wallet and pair it to the existing digital wallet application:

    1. The Pair user wallet to application node creates a digital wallet for the user. The digital wallet application must already be configured in PingOne.

  3. Determine if mobile device, then show QR code for desktop and link for mobile:

    1. The Determine if Mobile Device node determines if the user has a mobile device or not. If the user has a mobile device, then the digital wallet app URL opens. If the user is on a desktop, a QR code for the digital wallet app displays.

  4. Poll and wait until the user has paired their digital wallet:

    1. The Find paired wallet for user node filters all user wallets to find if a paired wallet exists for the configured PingOne application.

    2. The Wallet ACTIVE? A==B node determines whether a digital wallet for the user has been paired or not.

    3. The Continue polling node continues to check for the digital wallet application status. When the status changes to paired, then the flow continues.

  5. Apply credential issuance rule to staged changes for the user:

    1. The Issue credentials node is used to apply the changes staged by the credential issuance rule for the credential type in an environment.

    2. User wallet successfully paired node displays a success message to the user when the digital wallet is successfully paired.

      The example verification flow contains the following nodes.

      A screen capture of a verification flow in PingOne DaVinci.

  6. Begin a session to verify a user’s credential:

    1. The Create verification session node lets an issuer begin a verification session to verify a user’s credential.

    2. The Show QR Image node displays a QR code for the user to verify their credential.

  7. Poll session status and return verification result from the verified credential:

    1. The Poll for verification status node checks and returns the status of the verification session.

    2. The Check verification status node checks for the verification status to be “verified”.

    3. The Return verification data node returns data from the verified credential.

    4. The Show verification data node displays the verified credential data.

Capabilties

Find Paired Wallet for User

Check to see if a user has a paired wallet

Show details
User ID textField

PingOne user ID

Read User Wallet

Return a specified digital wallet for a user

Show details
Digital Wallet ID textField

Identifier (UUID) of the digital wallet associated with the provisioned credential.

User ID textField

PingOne user ID

Pair User Wallet to Application

Create a digital wallet and pair it to an application for a user

Show details
Notification Methods dropDownMultiSelect

  • Email

  • SMS

User ID textField

PingOne user ID

Update User Wallet

Update the status of a digital wallet for a user

Show details
User ID textField

PingOne user ID

Digital Wallet ID textField

Identifier (UUID) of the digital wallet associated with the provisioned credential.

Status dropDown

Status of the wallet

  • ACTIVE (Default)

  • DISABLED

Delete User Digital Wallet

Remove a digital wallet and all associated credentials for a user

Show details
User ID textField

PingOne user ID

Digital Wallet ID textField

Identifier (UUID) of the digital wallet associated with the provisioned credential.

Read Credential

Read a credential

Show details
Credential ID textField

Identifier (UUID) of the provisioned user credential

User ID textField

PingOne user ID

Read All Credentials

Return all credentials for a user

Show details
User ID textField

PingOne user ID

Revoke Credential

Revoke a user’s credential

Show details
User ID textField

PingOne user ID

Credential ID textField

Identifier (UUID) of the provisioned user credential

Notification Methods dropDownMultiSelect

  • Email

  • SMS

Issue/Update/Revoke Credential(s)

Apply credential issuance rule to staged changes

Show details
Apply Issue for User ID(s) textFieldArrayView

Array of one or more user IDs for which credentials should be issued

Apply Update for User ID(s) textFieldArrayView

Array of one or more identifiers (UUIDs) of users whose credentials are in an update action state and should be updated

Apply Revoke for User ID(s) textFieldArrayView

Array of one or more identifiers (UUIDs) of users whose credentials are in a revoke action state and should be revoked

Issuance Rule ID textField

Identifier (UUID) of the credential issuance rule.

Credential Type ID textField

Identifier (UUID) associated with the credential type.

Create Verification Session

Begin a session to verify a user’s credential

Show details
Message textField

A message shown to the user by the compatible wallet app to alert the user

Protocol dropDown

Protocol to use for verification; can be OPENID4VP or NATIVE. Defaults to NATIVE.

  • NATIVE (Default)

  • OPENID4VP

Application Instance textField

Application Instance Id.

didMethod dropDown

DID Method

  • WEB (Default)

  • JWK

  • ION

Filter by DIDs textFieldArrayView

Array of unique decentralized identifiers (DIDs) to be searched for the Issuer of the presented credential (OPENID4VP only).

Filter by PingOne Environment ID textFieldArrayView

Array of PingOne environment IDs to be searched for the Issuer of the presented credential.

Requested Credentials variableInputList

Requested Credentials. Variable Name ⇒credential type, value⇒(comma separated keys)

Notification Locale textField

Add a locale to allow localized notifications for end-users. ISO Language Codes are supported.

Custom Value textField

You can enter a custom template name, or leave blank to use the default template. You can also enter a parameter from a previous connector, or any text.

Notification Variables variableInputList

If Custom variables are defined in the notification body, map them here.

Poll for Verification Status

Return the status of a verification session

Show details
Credential Verification ID textField

Identifier (UUID) of the verification credential data

Return Verification Data

Return data from verified credential

Show details
Credential Verification ID textField

Identifier (UUID) of the verification credential data