Changelog
[0.22.0] - 2026-07-08 (UTC)
Compare: v0.21.0...v0.22.0
Highlights
- Shipped the first broad mobile wallet SDK and demo-app release train with Android/iOS wallet SDK modules, hardware-backed persistence, native and Compose demo apps, client attestation, mobile EUDI/enterprise test utilities, and CI coverage (WAL-1033, WAL-748, WAL-447).
- Added mobile cryptography foundations by replacing platform crypto with the shared Signum/Supreme path and enabling Ed25519 and secp256k1 support across iOS and Android (WAL-447).
- Expanded OpenID4VCI and issuer2 behavior with refresh-token support, authorization details in token requests, PAR flow work, well-known JWT VC issuer coverage, custom session fixes, and safer base64 utilities (WAL-853, WAL-985, WAL-1091).
- Improved verifier and policy handling with policy exceptions, stronger DID document key resolution tests, TSE error messaging, request/conformance updates, and status-list verification fixes (WAL-975).
- Hardened credential status and token status lists with support for additional TSL states and spec-aligned protected-header placement for x5c/x5chain CWT status-list material (WAL-1119).
- Modernized deployment, docs, and CI with consolidated Helm/api-service charts, portal2 wiring, mobile SDK KDoc, OpenAPI schema generation fixes, EBSI TLS test migration, and readme rendering fixes (WAL-1071, WAL-1101, WAL-1108, WAL-1110).
Detailed updates
Mobile wallet SDK, demo apps, and crypto
- Added the KMP mobile wallet SDK, mobile/server persistence split, shared wallet server adapter, Android and iOS native demo apps, and platform test utilities for issuance and presentation flows (WAL-1033) (#1748, #1766).
- Added a Compose Multiplatform wallet demo with shared UI/state, Android and iOS targets, EUDI/local enterprise fixtures, and expanded CI diagnostics (WAL-748) (#1800).
- Reworked mobile crypto onto shared Signum/Supreme plumbing, added mobile software keys, fixed iOS JWK/public-key handling, and enabled Ed25519 and secp256k1 support for mobile wallets (WAL-447) (#1761, #1768).
- Closed iOS implementation gaps for DID JSON canonicalization, async policy verification, and COSE_Sign1 CWT proof verification (WAL-1033) (#1823).
- Added wallet SDK KDoc and mobile docs CI checks so generated documentation remains part of the release workflow (WAL-1071, WAL-1065) (#1836).
OpenID4VCI, issuer2, and wallet runtime
- Added refresh-token support and tests for issuer2 flows, including persistent refresh-token handling in the coordinated enterprise release (#1806).
- Added
authorization_detailssupport to the token request builder for richer OAuth/OIDC token requests (#1803). - Advanced pushed authorization request work for issuer2 (WAL-853) (#1774).
- Added issuer2 JWT VC metadata well-known path coverage for the 0.22 release line (WAL-985) (#1868).
- Refactored OpenID4VCI base64 handling to use shared crypto utilities (WAL-1091) (#1867).
- Fixed wallet-api/wallet-api2 routing and local SQLite directory creation issues that affected runtime deployments (#1809, #1814, #1851).
Verifier, policies, and credential status
- Added policy exceptions for verifier policy handling (WAL-975) (#1863).
- Updated conformance and wallet flows, coordinated with the enterprise conformance work (#1746).
- Improved DID document key resolution when multiple keys are present and added regression coverage (#1857).
- Updated TSE support and error messaging for clearer verifier/runtime failures (#1855).
- Accepted additional token status list states and fixed x5c/x5chain protected-header handling for CWT status lists (WAL-1119) (#1848, #1854).
- Fixed broken trust-list examples and issuer2 test profile assumptions to keep examples and regression fixtures aligned (#1801, #1847).
Deployment, docs, and CI
- Consolidated Helm charts around the api-service/portal setup, added verifier2 and wallet-api2 deployment artifacts, and pulled service Kubernetes configuration into the release workflows (WAL-1101, WAL-1108, WAL-1110) (#1822, #1837).
- Added TLS configuration for OPA ingress and wallet-api OpenAPI path routing (#1788, #1814).
- Refactored Gradle build steps, workflow references, and issuer2 CI wiring for the release branch (#1802, #1812).
- Fixed OpenAPI schema generation for serialized names containing
/and JSON element examples (#1824). - Moved EBSI tests to the Java HTTP client to satisfy TLS 1.3 requirements (#1805).
- Temporarily skipped, then re-enabled, EUDI mobile integration tests around the expired backend certificate window (#1856, #1865).
- Fixed protocol-library README rendering (#1872).
Merged pull requests
| PR | Title | Author | Reviewer | Merged |
|---|---|---|---|---|
| #1766 | WAL-1033: Improve mobile tests setup | szijpeter | 2026-06-15 | |
| #1788 | chore: add TLS configuration for opa ingress | dinkar-jain | JakeFernandes98 | 2026-06-17 |
| #1801 | Fixed broken Trust-list examples | philpotisk | hokorn | 2026-06-17 |
| #1802 | Refactor Gradle build steps and update workflow references | dinkar-jain | JakeFernandes98 | 2026-06-18 |
| #1803 | Add authorization details to TokenRequestBuilder | SuperBatata | hokorn, JakeFernandes98 | 2026-06-19 |
| #1774 | Feature/wal 853 par | philpotisk | JakeFernandes98 | 2026-06-19 |
| #1805 | move ebsi tests to java client due to tls 1.3 requirements | JakeFernandes98 | chsavvaidis | 2026-06-19 |
| #1746 | Conformance + Wallet | waltkb | JakeFernandes98 | 2026-06-22 |
| #1809 | fix duplicate wallet-api in route | JakeFernandes98 | dinkar-jain | 2026-06-23 |
| #1812 | Ci/issuer2 | dinkar-jain | JakeFernandes98 | 2026-06-23 |
| #1814 | add api.json path to ingress configuration for wallet-api | JakeFernandes98 | dinkar-jain | 2026-06-24 |
| #1806 | Feat/refresh tokens | chsavvaidis | JakeFernandes98 | 2026-06-25 |
| #1824 | Fix Open API schema generation | hokorn | coderabbitai[bot], JakeFernandes98 | 2026-06-30 |
| #1823 | [WAL-1033] Close some more iOS implementation gaps | szijpeter | JakeFernandes98 | 2026-06-30 |
| #1748 | [WAL-1033] Add Mobile Wallet SDK and iOS & Android native demo apps with hardware-backed persistence | szijpeter | SuperBatata, JakeFernandes98 | 2026-06-30 |
| #1800 | [WAL-748] feat(wallet-demo): add Compose Multiplatform wallet demo app | szijpeter | JakeFernandes98 | 2026-07-01 |
| #1822 | feat: Added portal2 | dinkar-jain | JakeFernandes98 | 2026-07-01 |
| #1847 | switch friom University Degree to Openbadge for tests | JakeFernandes98 | chsavvaidis, dinkar-jain | 2026-07-02 |
| #1761 | [WAL-447] feat: replace platform crypto with signum/Supreme (iOS + Android) | szijpeter | waltkb, JakeFernandes98 | 2026-07-02 |
| #1768 | [WAL-447] feat: Ed25519 + secp256k1 support on iOS/Android | szijpeter | waltkb, JakeFernandes98 | 2026-07-02 |
| #1837 | Enhance service configuration and add new Helm charts | dinkar-jain | JakeFernandes98 | 2026-07-02 |
| #1851 | Add directory creation for SQLite database in Wallet2Database | dinkar-jain | JakeFernandes98 | 2026-07-02 |
| #1836 | [WAL-1071] docs(mobile): add KDoc for wallet SDK | szijpeter | coderabbitai[bot], JakeFernandes98 | 2026-07-03 |
| #1844 | Feature/wal 1107 | philpotisk | JakeFernandes98 | 2026-07-03 |
| #1848 | accept other states in TSL | JakeFernandes98 | philpotisk | 2026-07-06 |
| #1856 | Skip EUDI integration tests due to expired backend certificate | szijpeter | JakeFernandes98 | 2026-07-06 |
| #1865 | Re-enable EUDI mobile integration tests | szijpeter | JakeFernandes98 | 2026-07-07 |
| #1855 | Updates TSE support and improves general error messaging | JakeFernandes98 | SuperBatata | 2026-07-07 |
| #1857 | fix logic for resolving multiple keys from did doc and add test | JakeFernandes98 | philpotisk | 2026-07-07 |
| #1867 | refactor: use crypto base64 utils in openid4vci | chsavvaidis | JakeFernandes98, szijpeter | 2026-07-07 |
| #1854 | Fix x5c header location for CWT TSL | philpotisk | JakeFernandes98 | 2026-07-07 |
| #1868 | test: cover oss issuer2 jwt vc metadata well-known path | chsavvaidis | JakeFernandes98 | 2026-07-07 |
| #1872 | fix: protocols libs readme rendering | chsavvaidis | JakeFernandes98 | 2026-07-07 |
| #1863 | Policy exceptions | waltkb | JakeFernandes98 | 2026-07-07 |
What's Changed
- WAL-1033: Improve mobile tests setup by @szijpeter in #1766
- chore: add TLS configuration for opa ingress by @dinkar-jain in #1788
- Fixed broken Trust-list examples by @philpotisk in #1801
- Refactor Gradle build steps and update workflow references by @dinkar-jain in #1802
- Add authorization details to TokenRequestBuilder by @SuperBatata in #1803
- Feature/wal 853 par by @philpotisk in #1774
- move ebsi tests to java client due to tls 1.3 requirements by @JakeFernandes98 in #1805
- Conformance + Wallet by @waltkb in #1746
- fix duplicate wallet-api in route by @JakeFernandes98 in #1809
- Ci/issuer2 by @dinkar-jain in #1812
- add api.json path to ingress configuration for wallet-api by @JakeFernandes98 in #1814
- Feat/refresh tokens by @chsavvaidis in #1806
- Fix Open API schema generation by @hokorn in #1824
- [WAL-1033] Close some more iOS implementation gaps by @szijpeter in #1823
- [WAL-1033] Add Mobile Wallet SDK and iOS & Android native demo apps with hardware-backed persistence by @szijpeter in #1748
- [WAL-748] feat(wallet-demo): add Compose Multiplatform wallet demo app by @szijpeter in #1800
- feat: Added portal2 by @dinkar-jain in #1822
- switch friom University Degree to Openbadge for tests by @JakeFernandes98 in #1847
- [WAL-447] feat: replace platform crypto with signum/Supreme (iOS + Android) by @szijpeter in #1761
- [WAL-447] feat: Ed25519 + secp256k1 support on iOS/Android by @szijpeter in #1768
- Enhance service configuration and add new Helm charts by @dinkar-jain in #1837
- Add directory creation for SQLite database in Wallet2Database by @dinkar-jain in #1851
- [WAL-1071] docs(mobile): add KDoc for wallet SDK by @szijpeter in #1836
- Feature/wal 1107 by @philpotisk in #1844
- accept other states in TSL by @JakeFernandes98 in #1848
- Skip EUDI integration tests due to expired backend certificate by @szijpeter in #1856
- Re-enable EUDI mobile integration tests by @szijpeter in #1865
- Updates TSE support and improves general error messaging by @JakeFernandes98 in #1855
- fix logic for resolving multiple keys from did doc and add test by @JakeFernandes98 in #1857
- refactor: use crypto base64 utils in openid4vci by @chsavvaidis in #1867
- Fix x5c header location for CWT TSL by @philpotisk in #1854
- test: cover oss issuer2 jwt vc metadata well-known path by @chsavvaidis in #1868
- fix: protocols libs readme rendering by @chsavvaidis in #1872
- Policy exceptions by @waltkb in #1863