The connector sets up flows that help users issue credentials based on credentials templates and issuance rules that are configured and tied to the PingOne Digital Wallet Application.

This connector also helps set up flows that the credential verification service receives and responds to using the Decentralized Identity Foundation's JWT VC Presentation Profile. Capabilities use the PingOne native protocols, which only work with apps that use the PingOne Neo Native SDKs.

Setup

Resources

For information and setup help, see the following sections of the PingOne Credentials and DaVinci documentation:

Requirements

To use the PingOne Credentials connector, you'll need:

  • A PingOne license with PingOne Credentials (Try PingOne for free)
  • A PingOne environment with a configured application
  • A PingOne application associated with a digital wallet and a Digital Wallet URL used to send notifications to the user related to the credentials

Depending on flow use case and the capabilities you use, you might also need:

  • A PingOne Digital Wallet Application ID, the Identifier (UUID) associated with the credential digital wallet app. For more information on developing and registering the wallet app that runs the PingOne Neo SDK, see Getting started with PingOne Credentials.
  • A Credential Type ID, the Identifier (UUID) associated with the credential type, used by compatible wallet apps. You can learn more about creating and updating a credential type in the PingOne admin console, or PingOne Credential Types API endpoint.
  • A Issuance Rule ID, the Identifier (UUID) of the credential issuance rules operations to create, read, and update rules for issuing, updating, and revoking credentials by credential type. Credential issuance rules can be set through the PingOne admin console, or Credential Issuance Rules API endpoint.

Setting up PingOne

Setting up your PingOne environment

Sign up for PingOne and configure an environment with PingOne Credentials. Make sure to also add the PingOne DaVinci service to your environment. Follow the instructions in Getting started with PingOne and Creating an environment.

Getting your environment details

Get your Environment ID and Region before setting up the PingOne Credentials connector in DaVinci:
  1. In your PingOne environment, go to Settings > Environment Properties.
  2. Locate the Environment ID and Region.
  3. Copy these values to a secure location.

Getting your application credentials

Get the Client ID and Client secret from the PingOne console before setting up the PingOne Credentials connector in DaVinci:
  1. In your PingOne environment, go to Applications > Applications. If you haven't added the application yet, see Adding an application.
  2. Locate the appropriate application and then click its entry to open the details panel.
  3. On the Profile tab, locate the Client ID and Client secret.
  4. Copy these values to a secure location.

Setting up the connector

In DaVinci, go to Connections and add a PingOne Credentials connection. For help, see Adding a connection.

Connector settings

Environment ID
The unique identifier for the appropriate PingOne environment. To find the environment ID, see Environment properties.
Client ID
The unique public identifier for the PingOne application. To find the client ID, see Viewing application details.
Client secret
The cryptographic secret that is known only to the application and the authorization server. To find the client secret, see Viewing a client secret.
Region
The geographic region that hosts your PingOne tenant. To find the region, see Environment properties.

Using the connector in a flow

You can use the PingOne Credentials connector to issue, verify, and manage digital verifiable credentials.

The following example flows show issuance and verification demonstrations.

The example issuance flow contains the following nodes.

A screen capture of an issuance flow in PingOne DaVinci.
  1. Simulate user proofing/authentication:
    1. The Get user details node lets the user input their information into PingOne.
    2. The Create user node creates the user in PingOne.
  2. Create user digital wallet and pair it to the existing digital wallet application:
    1. The Pair user wallet to application node creates a digital wallet for the user. The digital wallet application must already be configured in PingOne.
  3. Determine if mobile device, then show QR code for desktop and link for mobile:
    1. The Determine if Mobile Device node determines if the user has a mobile device or not. If the user has a mobile device, then the digital wallet app URL opens. If the user is on a desktop, a QR code for the digital wallet app displays.
  4. Poll and wait until the user has paired their digital wallet:
    1. The Find paired wallet for user node filters all user wallets to find if a paired wallet exists for the configured PingOne application.
    2. The Wallet ACTIVE? A==B node determines whether a digital wallet for the user has been paired or not.
    3. The Continue polling node continues to check for the digital wallet application status. When the status changes to paired, then the flow continues.
  5. Apply credential issuance rule to staged changes for the user:
    1. The Issue credentials node is used to apply the changes staged by the credential issuance rule for the credential type in an environment.
    2. User wallet successfully paired node displays a success message to the user when the digital wallet is successfully paired.

The example verification flow contains the following nodes.

A screen capture of a verification flow in PingOne DaVinci.
  1. Begin a session to verify a user’s credential:
    1. The Create verification session node lets an issuer begin a verification session to verify a user’s credential.
    2. The Show QR Image node displays a QR code for the user to verify their credential.
  2. Poll session status and return verification result from the verified credential:
    1. The Poll for verification status node checks and returns the status of the verification session.
    2. The Check verification status node checks for the verification status to be “verified”.
    3. The Return verification data node returns data from the verified credential.
    4. The Show verification data node displays the verified credential data.

Capabilities

Find Paired Wallet for User

Check to see if a user has a paired wallet

Details
Details
Properties
User ID textField

PingOne user ID

Input Schema
default object
userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
pairedDigitalWallets object
properties object
size number
pairedWallets array
items array
type object
properties
rawResponse object
properties object
size number
pairedWallets array
items array
type object
properties
headers object
statusCode integer
Read User Wallet

Return a specified digital wallet for a user

Details
Details
Properties
Digital Wallet ID textField

Identifier (UUID) of the digital wallet associated with the provisioned credential.

User ID textField

PingOne user ID

Input Schema
default object
digitalWalletId string required minLength: 0 maxLength: 100

Digital Wallet Id

userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
userDigitalWallet object
properties object
_links object
properties object
self object
properties object
href string
appOpen object
properties object
href string
qrUrl object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
digitalWalletApplication object
properties object
id string
status string
createdAt string
updatedAt string
pairingSession
notification object
properties object
methods array
items array
type string
results array
items array
type object
properties
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
appOpen object
properties object
href string
qrUrl object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
digitalWalletApplication object
properties object
id string
status string
createdAt string
updatedAt string
pairingSession
notification object
properties object
methods array
items array
type string
results array
items array
type object
properties
headers object
statusCode integer
Pair User Wallet to Application

Create a digital wallet and pair it to an application for a user

Details
Details
Properties
Notification Methods dropDownMultiSelect
  • Email
  • SMS
User ID textField

PingOne user ID

Input Schema
default object
notificationMethods array uniqueItems: true
items array
type string
maxLength maxLength: 255
userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
userDigitalWallet object
properties object
_links object
properties object
self object
properties object
href string
appOpen object
properties object
href string
qrUrl object
properties object
href string
id string
qrCodeImage string
osType string
environment object
properties object
id string
user object
properties object
id string
digitalWalletApplication object
properties object
id string
status string
createdAt string
updatedAt string
pairingSession object
properties object
id string
createdAt string
updatedAt string
environment object
properties object
id string
user object
properties object
id string
digitalWallet object
properties object
id string
challenge string
qrUrl string
status string
notification object
properties object
methods array
items array
type string
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
appOpen object
properties object
href string
qrUrl object
properties object
href string
id string
qrCodeImage string
osType string
environment object
properties object
id string
user object
properties object
id string
digitalWalletApplication object
properties object
id string
status string
createdAt string
updatedAt string
pairingSession object
properties object
id string
createdAt string
updatedAt string
environment object
properties object
id string
user object
properties object
id string
digitalWallet object
properties object
id string
challenge string
qrUrl string
status string
notification object
properties object
methods array
items array
type string
headers object
statusCode integer
Update User Wallet

Update the status of a digital wallet for a user

Details
Details
Properties
Status dropDown

Status of the wallet

  • ACTIVE (Default)
  • DISABLED
User ID textField

PingOne user ID

Digital Wallet ID textField

Identifier (UUID) of the digital wallet associated with the provisioned credential.

Input Schema
default object
digitalWalletStatus string required minLength: 0 maxLength: 100

Digital Wallet Status

userId string required minLength: 0 maxLength: 100

User Id

digitalWalletId string required minLength: 0 maxLength: 100

Digital Wallet Id

Output Schema
output object
userDigitalWallet object
properties object
_links object
properties object
self object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
digitalWalletApplication object
properties object
id string
status string
createdAt string
updatedAt string
notification object
properties object
methods array
items array
type string
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
digitalWalletApplication object
properties object
id string
status string
createdAt string
updatedAt string
notification object
properties object
methods array
items array
type string
headers object
statusCode integer
Delete User Wallet

Remove a digital wallet and all associated credentials for a user

Details
Details
Properties
Digital Wallet ID textField

Identifier (UUID) of the digital wallet associated with the provisioned credential.

User ID textField

PingOne user ID

Input Schema
default object
digitalWalletId string required minLength: 0 maxLength: 100

Digital Wallet Id

userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
rawResponse object
headers object
statusCode integer
Read Credential

Read a credential

Details
Details
Properties
Credential ID textField

Identifier (UUID) of the provisioned user credential

User ID textField

PingOne user ID

Input Schema
default object
credentialId string required minLength: 0 maxLength: 100

Credential ID

userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
userCredential object
properties object
_links object
properties object
self object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
credentialType object
properties object
id string
title string
status string
createdAt string
updatedAt string
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
credentialType object
properties object
id string
title string
status string
createdAt string
updatedAt string
headers object
statusCode integer
Read All Credentials

Return all credentials for a user

Details
Details
Properties
User ID textField

PingOne user ID

Input Schema
default object
userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
userCredentials object
properties object
_links object
properties object
self object
properties object
href string
_embedded object
properties object
items array
items array
type object
properties
size number
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
_embedded object
properties object
items array
items array
type object
properties
size number
headers object
statusCode integer
Revoke Credential

Revoke a user’s credential

Details
Details
Properties
Notification Methods dropDownMultiSelect
  • Email
  • SMS
Credential ID textField

Identifier (UUID) of the provisioned user credential

User ID textField

PingOne user ID

Input Schema
default object
notificationMethods array uniqueItems: true
items array
type string
maxLength maxLength: 255
credentialId string required minLength: 0 maxLength: 100

Credential ID

userId string required minLength: 0 maxLength: 100

User Id

Output Schema
output object
userCredential object
properties object
_links object
properties object
self object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
credentialType object
properties object
id string
title string
status string
createdAt string
updatedAt string
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
id string
environment object
properties object
id string
user object
properties object
id string
credentialType object
properties object
id string
title string
status string
createdAt string
updatedAt string
headers object
statusCode integer
Issue Credential(s)

Apply credential issuance rule to staged changes

Details
Details
Properties
User ID(s) textFieldArrayView

Array of one or more user IDs for which credentials should be issued

Issuance Rule ID textField

Identifier (UUID) of the credential issuance rule.

Credential Type ID textField

Identifier (UUID) associated with the credential type.

Input Schema
default object
applyIssue array uniqueItems: true

Issue

items array
type string
maxLength maxLength: 255
applyUpdate array uniqueItems: true

Update

items array
type string
maxLength maxLength: 255
applyRevoke array uniqueItems: true

Revoke

items array
type string
maxLength maxLength: 255
issuanceRuleId string required minLength: 0 maxLength: 100

Issuance Rule Id

credentialTypeId string required minLength: 0 maxLength: 100

Credential Type ID

Output Schema
output object
stagedChanges object
properties object
_links object
properties object
self object
properties object
href string
_embedded object
properties object
stagedChanges array
items array
type object
properties
size number
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
_embedded object
properties object
stagedChanges array
items array
type object
properties
size number
headers object
statusCode integer
Create Verification Session

Begin a session to verify a user’s credential

Details
Details
Properties
Message textField

A message shown to the user by the compatible wallet app to alert the user

Protocol dropDown

Protocol to use for verification; can be OPENID4VP or NATIVE. Defaults to NATIVE.

  • NATIVE (Default)
  • OPENID4VP
Filter by DIDs textFieldArrayView

Array of unique decentralized identifiers (DIDs) to be searched for the Issuer of the presented credential (OPENID4VP only).

Filter by PingOne Environment ID textFieldArrayView

Array of PingOne environment IDs to be searched for the Issuer of the presented credential (NATIVE only).

Credential Type textField

The ID of the credential type to be verified.

Requested Credential Keys textFieldArrayView

Array of strings that identify the key names for selective disclosure to return from the credential.

Input Schema
default object
message string minLength: 0 maxLength: 100

Message

protocol string required minLength: 0 maxLength: 100

protocol

issuerFilterDids array uniqueItems: true

Issue Filter Dids

items array
type string
maxLength maxLength: 255
issuerFilterEnvIds array uniqueItems: true

Issue Filter Environment Ids

items array
type string
maxLength maxLength: 255
reqCredType string required minLength: 0 maxLength: 100

Requested Credential Type

requestedCredKeys array uniqueItems: true

Requested Credential Keys

items array
type string
maxLength maxLength: 255
Output Schema
output object
credVerPresentationSession object
properties object
_links object
properties object
self object
properties object
href string
qr object
properties object
href string
appOpenUrl object
properties object
href string
id string
qrCodeImage string
osType string
status string
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
qr object
properties object
href string
appOpenUrl object
properties object
href string
id string
qrCodeImage string
osType string
status string
headers object
statusCode integer
Poll for Verification Status

Return the status of a verification session

Details
Details
Properties
Credential Verification ID textField

Identifier (UUID) of the verification credential data

Input Schema
default object
credentialsVerificationId string required minLength: 0 maxLength: 100

Credentials Verification ID

Output Schema
output object
credVerificationStatus object
properties object
_links object
properties object
self object
properties object
href string
qr object
properties object
href string
appOpenUrl object
properties object
href string
id string
qrCodeImage string
osType string
status string
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
qr object
properties object
href string
appOpenUrl object
properties object
href string
id string
qrCodeImage string
osType string
status string
headers object
statusCode integer
Return Verification Data

Return data from verified credential

Details
Details
Properties
Credential Verification ID textField

Identifier (UUID) of the verification credential data

Input Schema
default object
credentialsVerificationId string required minLength: 0 maxLength: 100

Credentials Verification ID

Output Schema
output object
credVerificationData object
properties object
_links object
properties object
self object
properties object
href string
qr object
properties object
href string
appOpenUrl object
properties object
href string
id string
status string
sessionData object
properties object
id string
credentialsDataList array
items array
type object
properties {"type":"string"}
rawResponse object
properties object
_links object
properties object
self object
properties object
href string
qr object
properties object
href string
appOpenUrl object
properties object
href string
id string
status string
sessionData object
properties object
id string
credentialsDataList array
items array
type object
properties {"type":"string"}
headers object
statusCode integer