WalletSdkOptions

data class WalletSdkOptions(val issuerUrl: String, val clientId: String, val verifiers: List<ClientConfig> = emptyList(), val dbFileName: String = "main.db", val secureAreaIdentifier: String = AndroidKeystoreSecureArea.IDENTIFIER, val useStrongBoxForKeys: Boolean = true, val userAuthenticationRequired: Boolean = false, val userAuthenticationTimeoutMillis: Duration = 30000.milliseconds, val trustedTypeMetadataRegistries: List<String> = emptyList(), val trustedVPScheme: String, val authFlowRedirectionUri: String = "openid-credential-offer", val requirePar: Boolean = false, val transactionLogger: WalletTransactionLogger? = null, val expectedSigningSha256: Set<String> = emptySet())

Configuration options for bootstrapping the EUDI wallet and document manager.

The hosting app decides:

  • which issuer / client ID to use (issuerUrl, clientId),

  • which verifiers are preregistered (verifiers),

  • how the local DB is named (dbFileName),

  • how keys are created in Android Keystore (useStrongBoxForKeys, userAuthenticationRequired, userAuthenticationTimeoutMillis).

This keeps "environments" (staging/prod/etc.) as an app-level concern.

Constructors

Link copied to clipboard
constructor(issuerUrl: String, clientId: String, verifiers: List<ClientConfig> = emptyList(), dbFileName: String = "main.db", secureAreaIdentifier: String = AndroidKeystoreSecureArea.IDENTIFIER, useStrongBoxForKeys: Boolean = true, userAuthenticationRequired: Boolean = false, userAuthenticationTimeoutMillis: Duration = 30000.milliseconds, trustedTypeMetadataRegistries: List<String> = emptyList(), trustedVPScheme: String, authFlowRedirectionUri: String = "openid-credential-offer", requirePar: Boolean = false, transactionLogger: WalletTransactionLogger? = null, expectedSigningSha256: Set<String> = emptySet())

Properties

Link copied to clipboard

OpenID4VCI authorization-code redirect URI.

Link copied to clipboard

OAuth2/OpenID client_id used for issuance.

Link copied to clipboard

Name of the file where the wallet DB will be stored, under context.noBackupFilesDir.

Link copied to clipboard

Allow-list of expected app signing-certificate SHA-256 hashes (:/space-separated and case-insensitive accepted). Used by the device-integrity capture (gated by a verifier's transaction_data) to evaluate the repackaging signal. When empty (the default), repackaging is reported as INCONCLUSIVE and only the observed signing hashes are surfaced for out-of-band comparison by the backend/PSP.

Link copied to clipboard

Issuer URL for OpenID4VCI (e.g. https://eboks.add-id.eu).

Link copied to clipboard

Whether Pushed Authorization Requests (PAR) are mandatory for issuance.

Link copied to clipboard

Secure area implementation identifier used for document keys.

Link copied to clipboard

Optional sink for wallet transaction events (issuance, presentation, signing, deletion).

Link copied to clipboard

Trusted VCT metadata registries used by the SDK when enriching com.dewa.walletsdk.api.IssuedDocumentHandle instances.

Link copied to clipboard
Link copied to clipboard

Whether keys should be bound to explicit user authentication (PIN/biometric) before usage.

Link copied to clipboard

How long (in milliseconds) the user authentication should remain valid for key usage, when userAuthenticationRequired is true.

Link copied to clipboard

Whether to request StrongBox-backed keys when available.

Link copied to clipboard

Preregistered verifiers the wallet should trust for OpenID4VP.