
Experience Verifiable Credentials: The Curity Demo Wallet

Judith Kahrer
· 5 min readKey Takeaways
Verifiable credentials enable user control — unlike SAML/OpenID Connect, the issuer isn't involved in every use, so users control how, when, and where they present their credential data.
The wallet is central to the experience — it stores credentials securely and handles retrieval/presentation without involving the issuer each time.
Curity now supports both issuance and presentation — the 9.0 release added an OpenID Wallet authenticator, enabling full verifiable credential flows.
The Curity Demo Wallet is free — a hands-on tool to request, manage, and present verifiable credentials end-to-end.
Four core views: content (manage credentials), issuers (request from credential sources), info, and settings (advanced protocol configuration).
Works out of the box but is fully configurable — comes pre-configured with a demo issuer but supports adding custom issuers/verifiers via OpenID4VCI and OpenID4VP.
Simple onboarding flow — users request their first credential via a guided "Get your first credential" flow and then can present it via QR code scan or same-device login.
Supports full round-trip testing — request a credential, then present it in an authentication flow, either with Curity's demo system or your own setup.
On this page
Verifiable credentials are pieces of information that users can store in a digital wallet and use independently from the issuer. This is not possible in common authentication protocols such as SAML or OpenID Connect, where the issuer is always present and can trace the user's activities.
The wallet not only provides secure storage for, sometimes, sensitive data in verifiable credentials, but it also supports the necessary protocols to retrieve and present credentials without involving the issuer. Consequently, wallets are an important component in the user experience of verifiable credentials.
Benefits of Verifiable Credentials
Verifiable credentials enable a decentralized identity system that allows users to control their (identity) data in a way they commonly cannot with other solutions. How, when, and which verifiable credential you use to reveal specific identity data (such as your name) is up to you, and the issuer has no control over it. Consequently, an issuer cannot track your activities or limit how you use your credentials, which gives you more control and power over your data.
The wallet is the application that connects the issuance and presentation of verifiable credentials. It is the central component in the user experience that allows you to retrieve and use a verifiable credential. If you want to see the benefits that verifiable credentials provide, you need a wallet to demonstrate them.
The Curity Demo Wallet
Curity has discussed verifiable credentials before and explained the concept of decentralized identities. We've also added support for verifiable credentials in the Curity Identity Server. The recent 9.0 release includes an OpenID Wallet authenticator that allows users to authenticate with a verifiable credential. This means that the Curity Identity Server supports both issuance and presentation of verifiable credentials. With the Curity Demo Wallet, we can now demonstrate the user experience.
The Curity Demo Wallet is a free online tool that you can run to get, manage, and use verifiable credentials. You can request, list, and delete credentials with the wallet and use a verifiable credential as part of an authentication process. In other words, the wallet allows you to fully experience verifiable credentials.
An Overview of the Demo Wallet UI
The Curity Demo Wallet has four main views:
The content of the wallet
The list of credential issuers
The info page with basic information about the wallet
The settings

In the content view, you can select and inspect a credential. You can also delete the selected credential if you want to.
In the issuer view, you see the credential issuers that the wallet can request credentials from. By default, the wallet has a pre-configured issuer that you can experiment with. If you want to, you can add other credential issuers that support the OpenID4VCI protocol as well. For example, you may add your own instance of the Curity Identity Server.

The settings view is for advanced users. Curity provides some defaults that work with the pre-configured issuer and Curity’s demo instance at demo-login.curity.io. However, we do not limit your possibilities. If you want, you can change the settings for the underlying protocols, OpenID4VCI and OpenID4VP, respectively, to integrate with your own systems and study your setup of verifiable credentials.
When requesting credentials, the wallet acts as the OAuth client towards the credential issuer, and you can set its client credential here. When presenting credentials, the wallet receives a presentation request from a verifier. The wallet needs to be able to identify trusted verifiers, and for that purpose, you can pre-register verifiers with the wallet. Configure the client_id and JWKS_uri of a verifier you want the wallet to trust. You do not have to change anything if you just want to test flows.
Requesting Credentials
When you open the wallet for the first time, it is empty. It does not have any credentials in its store yet. You can simply get your first credential by clicking the button “Get your first credential” to navigate to the list of issuers. Curity's Demo Wallet has a pre-configured credential issuer where you can authenticate and get a credential from. You can list all the supported credentials from the credential issuer in the wallet.

After you request one of the supported credentials and authenticate, the credential issuer returns your credential. You can then store it in the wallet. Give it a descriptive name so that you can easily identify the credential again. Getting and storing verifiable credentials is just half of the story. To actually benefit from verifiable credentials, you have to use them.
Presenting Credentials
As mentioned above, we’ve set up the demo wallet to work out of the box with Curity’s demo instance. This means you can use OAuth tools to trigger an authentication flow and use a credential from the wallet. When you select “wallet” as the login method, you can either scan the QR code with the wallet or start the wallet on the same device.
To scan a QR code, open the demo wallet in the browser of your mobile device, make sure you have a credential, and then click the pink QR code symbol in the right-hand corner. The wallet opens the camera to scan the QR code and gets the instructions to present the credential. You can then select an appropriate credential from the drop-down menu.
Full Experience
The demo wallet is free for everyone. It allows you to experiment with verifiable credentials and run end-to-end flows where you first request a credential and then present it. You can use it with the demo system or test your own setup. In this way, you can see the full experience of using verifiable credentials. The wallet guides you through the steps for getting your first credential and when presenting it. For detailed guidance, check out our wallet tutorial and get acquainted with using verifiable credentials.
Related resources
Frequently Asked Questions
What's the key difference between verifiable credentials and traditional protocols like SAML or OpenID Connect?
With SAML or OpenID Connect, the issuer is always present during authentication and can trace the user's activities. Verifiable credentials let users store and present credentials independently, without the issuer being involved in each use.
Do I need my own identity server setup to try verifiable credentials, or can I test with a demo environment?
No setup is required — the Curity Demo Wallet comes pre-configured with a demo credential issuer and works out of the box with Curity's demo instance at demo-login.curity.io, so you can experiment immediately.
Can the Demo Wallet work with issuers other than Curity's own system?
Yes — you can add other credential issuers as long as they support the OpenID4VCI protocol, including your own instance of the Curity Identity Server.
How do I present a credential during login — is there a specific method required?
You select "wallet" as the login method, then either scan a QR code with the wallet app or start the wallet on the same device, after which you choose the appropriate credential from a drop-down menu.