EUDI wallet relying party in PHP?
Yes — the credential-format part. When an EUDI wallet presents a credential,
what arrives at your service is an SD-JWT VC (dc+sd-jwt):
the issuer-signed token, the claims the holder chose to disclose, and a Key
Binding JWT tied to your audience and nonce.
k2gl/sd-jwt-vc verifies all of it in pure PHP:
use K2gl\Dsse\PublicKey;
use K2gl\SdJwt\KeyBinding;
use K2gl\SdJwtVc\SdJwtVcVerifier;
$verified = new SdJwtVcVerifier()->verifyPresentation(
$presentation,
PublicKey::fromJwk($issuerJwk),
KeyBinding::required(audience: 'https://you.example', nonce: $nonce, maxAgeSeconds: 300),
);
Issuer keys can be pinned, taken from x5c chains, or discovered via the
issuer’s metadata; the vct and protected-claims rules of the SD-JWT VC spec are
enforced. Walkthrough: verify an SD-JWT VC presentation.
Scope, honestly
The OpenID4VP transport — request objects, response modes, session management — is your framework’s territory; these packages cover the credential format and its cryptography, which is the part that must be exactly right. Context and specs: digital identity overview.
Poke at the format first
Generate a demo credential, then decode it — both tools run on these packages.