0.22.x

0.22.0

Highlights

  • Delivered mobile wallet SDK enterprise alignment with enterprise-backed mobile tests, wallet SDK/demo app integration, conformance updates, Wallet2 API test refactors, and mobile SDK compatibility work (WAL-1033).
  • Added and hardened OIDC Bridge / IAM Bridge flows for Ory and Keycloak use cases, including public endpoint permissions, multi-flow configuration, DC API support, verifier dependencies, demos, docs, and local scripts.
  • Improved enterprise database and deployment readiness with AWS DocumentDB migration fixes, MongoDB clustered-access handling, AWS DocumentDB profile configuration, migration 0006 repairs, issuer2 resource migrations, and Helm/Kubernetes updates (WAL-1082).
  • Expanded issuer2 and verifier2 session operations with enterprise pagination, issuer/verifier session list APIs, UI pagination migration, custom session-id handling, callback resolution by issuer state, and refresh-token support (WAL-8, WAL-963, WAL-964, WAL-1115).
  • Advanced credential status and crypto support with additional TSL states, protected COSE x5chain placement, full-scan fixes, clearer expiresIn naming, AWS multi-region KMS docs, Azure key rotation coverage, and JWT VC well-known metadata tests (WAL-1119, WAL-985).
  • Added policy, PAR, OIDC, and OpenBadge capabilities through PAR issuer2 work, trusted-authority / HAIP support, OpenBadge examples and ecosystem init updates, credential-profile hard delete, and richer service initialization paths (WAL-853, WAL-1062).

Features

Mobile Wallet SDK and Wallet2

  • Aligned enterprise tests and service adapters with the OSS mobile wallet SDK release, including Android/iOS mobile test coverage and enterprise companion work for WAL-1033 (#487, #486).
  • Updated Wallet2 integration tests to use the generated Wallet2 API and covered enterprise wallet initialization paths (#498, #478).
  • Added Wallet2 route and OpenAPI adjustments, credential read fallback behavior, DID type selection during wallet creation, and init-wallet endpoint coverage via the conformance branch (#478).
  • Added mobile SDK compatible crypto and key-flow updates required by the OSS mobile wallet SDK, including wallet adapter updates for key flows and JSON DID handling (#486).

OIDC Bridge, Ory, and Keycloak

  • Added OIDC Bridge support for Ory and renamed/advanced IAM Bridge work toward the OIDC Bridge model (#496).
  • Added public OIDC endpoint permissions, verifier dependency overrides, IAM/OIDC service registration, multi-flow configuration, request_uri QR/deep-link flows, and DC API/web wallet support (#496, #455).
  • Added Keycloak local scripts, realm mapper updates, OIDC bridge docs, and Ory setup/demo-client scripts for local bridge testing (#496).

Issuer2, Sessions, and OAuth

  • Added issuer2 refresh-token persistence and enterprise/keycloak refresh-grant coverage (#503).
  • Added PAR flow support for issuer2, aligned with RFC 9126 and WAL-853/WAL-854 work (#489).
  • Added hard delete of credential profiles (#499).
  • Added issuer2 resource migrations and regression tests for main-line migration compatibility (#520).
  • Added custom session-id handling and issuer-state callback resolution for issuer2 pre-authorized and auth-code flows (WAL-1115) (#523).
  • Added JWT VC issuer metadata well-known path coverage for tenant-scoped issuer services (WAL-985) (#524).

Pagination, UI, and Service Initialization

  • Added pagination to enterprise list endpoints, issuer2 session lists, and verifier2 session lists, then completed the UI migration away from fetchAllPages (WAL-8, WAL-963, WAL-964) (#458, #460, #465).
  • Pinned Vue/reka-ui dependencies to stabilize the enterprise UI build (#505).
  • Added OpenBadgeCredential examples, OpenBadge ecosystem init configuration, and service/resource initialization improvements used by enterprise setup flows (#504, #455).

Credential Status, KMS, and Database Operations

  • Fixed AWS DocumentDB migration behavior and default-port issuer URL handling (WAL-1082) (#500).
  • Fixed MongoDB clustered access, collation settings for the AWS DocumentDB 8 profile, recreate-database handling, docker-compose startup, and migration 0006 gaps (#506, #507, #508, #510).
  • Added profile configuration for AWS DocumentDB in deployment/config files and updated Helm values for AWS DocumentDB environments (#506, #507, #508).
  • Accepted additional token status list states and moved x5chain to protected COSE headers for ISO 18013-5 compliance (#516, #518).
  • Fixed credential status full database scans and clarified expiresIn naming (#517).
  • Added AWS multi-region KMS Swagger documentation and Azure key rotation test coverage (#515, #522).

Fixes and improvements

  • Refactored enterprise wallet2 adapters and controller routes to align with OSS API changes and conformance updates (#478, #486).
  • Reduced duplicate Keycloak test code and updated Keycloak tests for credential issuer and nonce endpoint metadata (#478, #504).
  • Removed obsolete issuer initialization models and stale submodule references while keeping the new init/resource APIs current (#455, #489).
  • Updated deployment workflow references, Helm values, and Kubernetes service configuration for the 0.22 branch (#515, #517).
  • Improved status-list and issuer2 regression coverage with test vectors, custom session tests, and well-known metadata tests (#516, #523, #524).

Breaking changes

Some v2 routes for the wallet api (specifically the isolated receive endpoints) have been deprecated in favour of our finalised versions which work similarly but have different paths and slightly different payloads. You can find more details in the Swagger regarding these changes

Last updated on July 8, 2026