Welcome to the Inji Wallet Sandbox: Here, you can try out all the features of our app in a risk-free environment. Experiment with different settings, test your use cases, and get hands-on experience with Inji Wallet’s functionalities.
Refer Inji Wallet Collab Guide to know more about how you can explore 'Inji Wallet' in our 'sandbox collab environment'.
Welcome to the Inji Mobile Guide tailored specifically for our Collab Environment! This guide is designed to assist you in setting up and configuring the Inji Wallet wallet app in our sandbox Collab environment. By following the steps outlined in this guide, you will be able to smoothly install and utilize the Inji Wallet app, empowering you to explore its features and functionalities effectively. Whether you're a Developer, System Integrator, or an enthusiast eager to dive into the world of digital identity, this guide will provide you with the necessary information to get started with Inji Wallet in our Collab environment. Let's begin this journey of seamless setup and exploration!
Before you start with setting up Inji Mobile, ensure you have the following in place.
Inji Wallet APK File:
If you are using an Android smartphone, click to get the Inji Mobile apk file for installation.
Transfer the apk file onto the smartphone on which it is to be installed.
Inji Wallet Test Flight Access:
If you are using an iOS device, click get access to the Inji Wallet app on test flight.
Ensure you have get the test flight application from your app store.
UIN Credentials:
Issuance of UIN (Unique identification number) as a demo credential will allow you to explore Inji Mobile's capabilities and experience seamless VC sharing firsthand.
Now you can self generate your own UIN Credential using the .
Click on the Get UIN button located at the top-right corner of the page. This will open the , Alternatively, you can simply click on this
For sample Insurance Credentials, please provide the below details in the eSignet authentication page:
Policy id: 7070
Name: aswin
DOB: 19/02/2025
To effectively set up the Inji Mobile app and manage Verifiable Credentials (VCs), follow these detailed steps:
Step 1: Install the Inji Mobile App
For a step-by-step guide on how to install the Inji Mobile application, click .
You can visit this for more detailed instructions in the guide.
Step 2: Install the Inji Mobile App - To be used as Verifier App
Follow the same installation process mentioned above in step 1.
Setup another instance of the Inji Mobile app on an android device, which can serve as the Verifier app.
Step 3: Download National ID VC Using UIN/VID
Download your credential (VC) onto the app by using your demo UIN.
To learn how to download VCs using the Unique Identification Number (UIN) or Virtual ID (VID) feature, click . Refer to the section titled Download credentials using UIN / VID feature in the guide .
Step 4: Download Insurance Credentials Using Policy Details
Refer to the sample insurance credentials under 'Prerequisites' section.
Refer for step-wise download.
You can view the QR Code for insurance credentials in the detailed view.
Step 5: Start Sharing the Credentials
Quick Share
To understand the process of sharing credentials from the Resident app to the Verifier app, click .
Navigate to the section titled Sharing Credentials for detailed instructions.
This section outlines the process of creating your own insurance credentials, generating a QR code, and verifying the QR code using Inji Verify.
Step 1: Creation:
Inji Certify also offers to generate your own credentials which can be used for testing / development purposes.
To understand the steps to generate your own Insurance credentials, refer .
Step 2: QR Code generation:
Using Inji Wallet app you can get the QR Code for Insurance Credentials
To generate a QR Code using PixelPass library, please refer to the steps .'
Step 3: QR Code verification:
The above generated QR Code can be verified using Inji Verify, by uploading the QR Code. To know more, please click .
Watch this informative video titled for a visual walkthrough of the features.
Click for detailed information about Inji Wallet.
By following these instructions, you will be equipped to seamlessly set up the Inji Wallet application and effectively share your Verifiable Credentials.
If you require any assistance or encounter any issues during the testing and integration process, kindly reach out to us through the support mechanism provided below.
Navigate to .
Provide a detailed description about the support you require or provide detailed information about the issue you have encountered, including steps to reproduce, error messages, logs and any other relevant details.
Thank you. Wishing you a pleasant experience!
On successful registration the UIN is sent to you over the email you used for registration, For more details you follow the Generating Demo Credentials Guide.
Note: Please use 111111 as the OTP, for any OTP based feature in Collab environment.
Share with Face Verification
Discover how to share credentials with the added security of face verification by clicking here.
Refer to the section titled Face Authentication Flow for a step-by-step guide.
Inji Mobile is a versatile digital wallet designed to securely manage, store, and share trusted data as Verifiable Credentials (VCs) through a seamless and user-friendly interface. This mobile application offers several key functionalities aimed at enhancing the user experience, ensuring robust data security, and simplifying digital credential management.
Key features include:
Inji Wallet enables users to securely download their verifiable credentials (VCs) directly onto their mobile devices. As part of this process, verification occurs to ensure the authenticity and validity of the credentials. Once verified, the VCs are securely stored using the device’s hardware-based secure keystore, ensuring that the credentials are protected from unauthorized access.
Inji Wallet offers a robust data backup feature, allowing users to protect their verifiable credentials by securely backing them up in either Google Drive (for android) or iCloud (for iOS devices). This ensures that even in the event of a device loss or replacement, users can easily restore their credentials and continue using them without re-verifying their identity with issuers.
Inji Wallet supports Single Sign-On (SSO), simplifying the authentication process by allowing users to log in using their existing credentials from trusted identity providers. This eliminates the need to manage multiple credentials and provides a seamless experience when accessing or sharing verifiable credentials across platforms.
Inji Wallet offers a seamless way to share the trusted data as verifiable credentials without internet connection, but through BLE-based (Bluetooth Low Energy) sharing. For added security, users must complete decentralized face verification for presence assurance during offline interactions, ensuring the rightful owner is sharing their credentials.
This workflow describes how Inji Wallet downloads a Verifiable Credential (VC) from an issuing authority using the OpenID4VCI protocol.
Actors:
Inji Wallet: Orchestrates the process, interacts with VCI Client and Secure Keystore.
Secure Keystore: Signs cryptographic proofs.
VCI Client: Manages OpenID4VCI communication with the Issuing Authority.
Authorization Server: Authenticates the user (e.g., eSignet).
Workflow Steps:
Key Pair Generation: On first use, Inji Wallet generates and securely stores a cryptographic key pair via the Secure Keystore.
VC Download Request: User initiates VC download (via UIN/VID or KBI). Wallet instructs VCI Client to start the OpenID4VCI issuance flow.
User Authentication: VCI Client redirects the user to the Authorization Server. User authenticates (OTP, KBI, etc.). Authorization Server returns an auth code.
Token Exchange:
This workflow explains how Inji Wallet shares selected VCs with a verifier (Relying Party) using the OpenID4VP protocol.
Actors:
User: Selects credentials and provides consent.
Inji Wallet: Manages the process, interacts with OpenID4VP Module and Secure Keystore.
Secure Keystore: Signs VP tokens.
OpenID4VP Module: Validates requests and structures the VP token.
Workflow Steps:
QR Code Creation: The verifier generates a QR code containing the authentication request.
QR Code Scan: User scans the QR code in Inji Wallet, which extracts the auth request.
Auth Request Validation: Wallet passes the request to the OpenID4VP Module for validation (issuer, signature, expiry, audience).
Display Matching VCs & User Consent: Wallet finds matching credentials, displays them, and the user selects which to share and gives consent.
This document delineates the workflow for essential functionalities of Inji Wallet.
After installing the application for the first time, the user will be asked to set up unlock method for it. The app supports biometric or PIN-based locks. For more details, refer to the .
Residents have the ability to download a Verifiable Credential (VC) for themselves, their family members, or friends using a single mobile device. This can be done through two methods:
While downloading the VCs, the credentials are validated and verified for the authenticity of the issuer using the signature and the proof type provided in the VC.
Downloading VC using OpenID for VC Issuance Flow (eSignet)
Below sections are going to detail as how Inji Wallet as an OIDC client to OpenID4VCI method of downloading a VC and illustrated implementations.
Download credentials using UIN / VID:
This method of VC download illustrates the OpenID4VCI method of download using UIN / VID issued to the resident. In this, eSignet plays the authentication and authorisation end point to connect to the credential provider (Reference Implementation: MOSIP). To understand more about Onboarding Mimoto (Inji BFF) as an OIDC client to support credential issuance from any issuer who support OpenID4VCI protocol refer .
Download credentials using Knowledge Based Identification (KBI)
This method of VC download illustrates the OpenID4VCI method of download using KBI (Knowledge Based Identification). In this, eSignet plays the authentication, authorisation and credential issuance end point to connect to the credential provider. To understand more about Onboarding Mimoto (Inji BFF) as an OIDC client to support credential issuance from any issuer who supports OpenID4VCI protocol, refer .
Appendix:
The term “identifier” in the architecture diagram refers to the unique identifier which can be used to download the credential on the esignet login Page
eSignet supports Various types of authorizations, ACR value is configured based on the Issuers' need to include the authorization mode in the authorization page
Types of Authorization Supported for Credential Download by eSignet are:
Login With OTP
The credentials are shared in a peer-to-peer model with the verifier application. The data exchange between devices is done using the BLE Protocol. For more information, refer to documentation.
Residents can use Inji Wallet to log in to any service provider app (integrated with e-Signet) by just scanning a QR code from their portal.
The app performs offline face auth after scanning the QR code to verify the user's presence.
Once the presence is verified, the resident is given the option to choose the optional information to be shared with the service provider portal.
From Settings screen, users can access Backup settings screen. In Backup settings screen, users can configure their preferences for data backup. The setting, configured once during the application's lifecycle, determines whether Google Drive or iCloud will be utilized based on the device platform. To restore backup data to the mobile wallet, users must log in to the same account and configure settings within the app accordingly. Additionally, restored Verifiable Credentials (VCs) should be re-activated to enable QR Code login functionality.
Issuing Authority: Issues the VC.
VC Verifier: Verifies credential authenticity.
Pixelpass: Handles QR code generation and encoding.
Proof Construction: Wallet creates a proof JWT with the nonce, sends it to Secure Keystore for signing, and receives the signed proof JWT.
Credential Issuance Request: VCI Client sends the signed proof JWT to the Issuing Authority. Issuer returns the VC.
Credential Verification: Wallet verifies the VC with the VC Verifier (checks signature and schema). If verification fails, an error is shown.
VC Storage and Rendering: Verified credentials are securely stored. For some credentials, a QR code is cached for offline use.
Relying Party (Verifier): Requests and validates credentials.
Construct Unsigned VP Token: Wallet sends selected VCs and metadata to the OpenID4VP Module, which constructs the VP token (unsigned).
Sign VP Token: OpenID4VP Module sends the unsigned VP token to Secure Keystore for signing. The signed VP token is returned.
Send Auth Response to Verifier: Wallet sends the signed VP token and presentation_submission to the verifier. The verifier validates the response and, if successful, completes the transaction.
Illustrated Implementation: National ID credentials download
Login With KBI: Credential download using KBI to authorize the user. The knowledge (as described by the credential issuer to authorize) is exposed to eSignet from Registry (Issuer) through eSignet Issuance Plugins
Illustrated Implementation: Insurance ID credentials download
The resident is then given the access to the portal after the token verification.
Important: We are in the process of updating screenshots and content in the End User Guide to reflect our new branding. These updates will be available soon, thank you for your patience!
This document serves as a concise user guide for end users, providing comprehensive information on the features and functionalities offered by Inji Wallet.
The below sections explain the steps for installing the Inji Wallet application on Android and iOS platforms.
To install the Inji Wallet app on an Android smartphone, click to get the Inji Wallet apk file for installation.
Transfer the apk file onto the smartphone on which it is to be installed.
Click on the apk file and follow the OS installation instructions.
Install the test flight app on your device.
Follow the steps mentioned .
The below screenshots explain the next steps after you get access.
After installation when you launch the app for the first time:
Select the preferred language.
You can read though a five-page tutorial for the Inji Wallet which is presented.
Choose a secure login method to enter the app (Biometric / PIN). This can be achieved through a PIN or the device's Biometrics (such as fingerprint or facial recognition). Once the setting is done you will be directed to the app's home page.
Inji Wallet supports VC downloads using eSignet as the authorization layer. Some of the available use-cases include:
Download National ID (MOSIP VC)
Download Insurance VC
And many more use-cases available to explore via eSignet!
Download credentials using UIN / VID:
On the home page, a plus "+" symbol will display the list of issuers from which you can download VCs.
Select the issuer that states National Identity Department and choose a credential type (MOSIP National ID). Once clicked, the browser will open and take you to the eSignet page.
On the authorization page (eSignet page), the user has to enter the UIN / VID and provide the OTP sent to the registered mobile number/email.
Upon successful validation of OTP, the user will be taken back to the application and land on the loading screen. After the download process is completed, the user will be returned to the home page, where the Downloaded Credential will be available.
Download credentials using KBI:
A plus "+" symbol on the home page will display the list of issuers from which you can download VCs.
Select the issuer that states Stay Protected Insurance and choose a credential type (Health Insurance, Life Insurance). Once clicked, the browser will open and take you to the eSignet page.
On the authorization page (eSignet page), the user has to enter the Policy Number, Full Name, and Date Of Birth(D.O.B).
Upon successful validation, the user will return to the application and land on the loading screen. Following the completion of the download process, the user will be returned to the home page, where the Downloaded Credential will be available.
Once we click on the downloaded VC on the Home Page, the detailed view opens up for the VC.
Users can see all the details of the National ID in the detailed view. In addition, the user can access the quick access menu (...) on the top right to perform actions such as Pin/Unpin, Share, Share with Selfie, QR Code Login, view Activity Log, and Remove from the detailed view of the VC.
Users can see all the Insurance policy details in the detailed view along with the QR Code. The QR Code can be magnified which can be presented to the verifier for scanning. Through the quick access menu (...) on the top right user can also perform other actions like Share, Pin, Remove and Activity log on the VC.
This flow allows you to download credentials simply by scanning a QR code, without login or manual input of ID/Identifier or other data.
Used in public campaigns or mass rollouts (e.g., vaccine certificates, land cards).
On the issuer’s website, or from a flyer/poster, scan the QR code using the Scan & Download option available in Inji Wallet.
Click on the "+" (Add Credential) icon.
Select the first option: Scan & Download.
Scan the QR code from the issuer's website or printed material.
If this is your first time interacting with the issuer, a trust screen will appear asking you to trust the issuer.
You can proceed to trust and add the issuer to your trusted list or decline as per your preference. This prompt appears only once per issuer.
If you Decline, the download will not proceed further.
The wallet recognizes the embedded credential offer, without needing to log in or enter any data, your credential starts downloading.
You’ll see a success message and the VC will appear in your wallet.
Used for personalized and secure issuance (e.g., mDL, insurance).
On the issuer’s website, or from a flyer/poster, scan the QR code using the Scan & Download option available in Inji Wallet.
Click on the "+" (Add Credential) icon.
Select the first option: Scan & Download.
Scan the QR code from the issuer's website or printed material.
If this is your first time interacting with the issuer, a trust screen will appear asking you to trust the issuer.
You can proceed to trust and add the issuer to your trusted list or decline as per your preference. This prompt appears only once per issuer.
If you Decline, the download will not proceed further.
If you Allow, the download will proceed further.
After entering the code, the wallet retrieves the credential securely.
The wallet recognizes the embedded credential offer, Without needing to log in or enter any data, your credential starts downloading.
You’ll see a success message and the VC will appear in your wallet.
After completing several scenarios, we can find it by selecting the third icon in the bottom right corner when we navigate to the history page. This page will display a comprehensive list of all the events.
Users can view the activity logs of a VC from the Home Page or the detailed view by choosing the menu option "View Activity Log" from the quick access menu (...).
Two or more devices with Inji Wallet installed are required to share credentials. The relying party's phone should be an Android device.
All required permissions like Bluetooth, location, and camera access are enabled on both devices.
The parties involved are usually a Resident (sharing party) who wishes to share their credentials with a Relying party (receiving party), a banker, a health worker, or other professional service.
Users can now share their credentials using any of the methods listed below:
Share option from the NavBar.
Share or Share with Selfie option from the quick access menu (...) from a VC in the Home Page
Share or Share with Selfie option from quick access menu (...) in detailed view of VC.
Let us understand the process of sharing credentials using an example and see the step-wise process for all the above three methods. Suppose a Resident wishes to share their credentials with a Relying/ Requesting party through the receiver's phone, the following steps outline the procedure for both parties involved:
On the Sharing Party's phone:
The resident opens the QR Code Scanner by clicking on the Share button in the NavBar. The application now prompts for permissions.
Upon granting the necessary permissions, the app opens a camera where the resident can scan the QR code of the recipient's (Verifier/Relying Party) phone.
Once the QR code is successfully scanned, both phones will establish a Bluetooth connection.
On the Relying Party's phone
This functionality is only available on Android devices. To access it, the receiver needs to navigate to the settings page and locate the Receive Cards option.
On selecting this option, it will open the QR code page. For the relying party to be able to receive a card, the resident needs to scan the QR code using a shared phone. Once the QR code is scanned and shared, the relying party will receive the VC and be able to preview its contents.
To view the received cards, they would need to access the settings page and find the Received Cards section. Clicking on this section will display the received cards. If the receiver has not received any card, this section will be empty.
On the Sharing Party's phone:
The resident clicks on the quick access menu (...) from a VC on the Home Page and chooses the Share or Share with Selfie option from the menu.
The application now prompts for permissions if not granted already.
Upon granting the necessary permissions, the app opens a camera where the resident can scan the QR code of the recipient's (Verifier/Relying Party) phone.
Once the QR code is successfully scanned, both phones will establish a Bluetooth connection.
On the Relying Party's phone:
This functionality is only available on Android devices. To access it, the receiver needs to navigate to the settings page and locate the Receive Cards option.
On selecting this option, it will open the QR code page. For the relying party to be able to receive a card, the resident needs to scan the QR code using a shared phone. Once the QR code is scanned and shared, the relying party will receive the VC and be able to preview its contents.
To view the received cards, they would need to access the settings page and find the Received Cards section. Clicking on this section will display the received cards. If the receiver has not received any card, this section will be empty.
On the Sharing Party's phone
The resident clicks on the VC on the Home page and clicks on the quick access menu (...) in the detailed view. Resident can choose either Share or Share with Selfie option from the menu.
The application now prompts for permissions if not granted already.
Upon granting the necessary permissions, the app opens a camera where the resident can scan the QR code of the recipient's (Verifier/Relying Party) phone.
Once the QR code is successfully scanned, both phones will establish a Bluetooth connection.
On the Relying Party's phone:
This functionality is only available on Android devices. To access it, the receiver needs to navigate to the settings page and locate the Receive Cards option.
On selecting this option, it will open the QR code page. For the relying party to be able to receive a card, the resident needs to scan the QR code using a shared phone. Once the QR code is scanned and shared, the relying party will receive the VC and be able to preview its contents.
To view the received cards, they would need to access the settings page and find the Received Cards section. Clicking on this section will display the received cards. If the receiver has not received any card, this section will be empty.
Note: Screenshots will be added soon to enhance the user experience and better explain the steps shown below.
Inji Wallet supports two primary modes of sharing Verifiable Credentials (VCs) using the OpenID4VP protocol:
Same-Device Flow, where the wallet and verifier are accessed from the same mobile device.
Cross-Device Flow, where the wallet and verifier operate on separate devices.
Both flows support standard JSON-LD VCs, mDL (ISO 18013-5), and IETF SD-JWT credentials for full or non-selective disclosure sharing. For privacy-preserving selective disclosure, the SD-JWT VP flow is followed, as described below.
This method is used when the Inji Wallet is on a mobile phone, and the verifier (such as a service provider portal, kiosk, or scanner) operates on a different device (e.g., laptop or tablet).
Steps to Present Credentials:
Verifier generates a QR code on their system/portal requesting specific credentials.
On your Inji Wallet, tap the QR scanner icon from the home screen or use the “Share” option.
Scan the QR code displayed by the verifier.
The wallet reads the verifier’s request and shows you a list of matching credentials
This method is useful when you’re accessing a portal from the same mobile device that has the Inji Wallet installed.
Steps to Present Credentials:
On your phone browser, visit the service portal that is requesting your credentials.
Tap on the “QR Code” or similar button.
This opens a deep link that launches your Inji Wallet app automatically.
The wallet fetches the verifier’s request.
This method allows users to share only specific claims from an IETF SD-JWT credential, ensuring privacy-preserving and minimal disclosure of information.
Steps to Present Credentials with SD-JWT VP:
Access the verifier’s portal or service (same-device or cross-device).
Initiate the credential request using the OpenID4VP flow.
The verifier specifies required claims (e.g., Name, Date of Birth).
The Inji Wallet parses the SD-JWT credential
After clicking on the ellipsis button on the downloaded VC, a button will appear allowing for the VC to be pinned. Selecting this option will pin the specific VC to the top of the screen.
There are two ways to activate the VC:
The first option is to click on the "Activate for online login" menu option by clicking on the quick access menu (...) of the card from the Home Page.
The second option is to click on the "Activate for online login" menu option by clicking on the quick access menu (...) of the card from the detailed view of the VC.
A confirmation alert message will be prompted upon clicking the "Activate for online login" option. Once permission is granted, the user will be directed to an OTP screen. After entering the correct OTP, the VC will be activated and projected on the screen with the same message.
There are two ways to remove/delete a VC from the wallet:
The first option is to click on the Remove from Wallet menu option from the quick access menu (...) of the card from the Home Page.
The second option is to choose the Remove from Wallet menu option from the quick access menu (...) of the card from the detailed view of the VC.
Upon clicking this option, the user will be prompted with a pop-up for confirmation. If the user chooses, “Yes, I confirm” the VC will be removed from the wallet.
Users can now search for a VC by providing a search string in the search bar. VCs that match the search criteria will be displayed.
To backup VCs, the user has to choose their preference for the cloud based on the device they are using.
Firstly, the user has to go to settings and click on the Backup and Restore menu options.
The User should consent for the app to use the drive, and once consented, the application displays a backup and restore screen.
In this screen, the user can manually take a backup by clicking on the Backup button and this asynchronously happens allowing the user to use the application.
Users will be notified of success or failure.
To restore backed-up VCs, the user has to choose their preference of the cloud based on the device and use the same Google/apple ID that they used for taking backups.
Firstly, the user has to go to settings and click on the Backup and Restore menu options.
The user should consent for the app to use the drive, and once consented, the application displays a backup and restore screen.
Users find the details of latest backup details in the Last Backup Details section.
In this screen, the user can manually restore a backup by clicking on the Restore button and this asynchronously happens allowing the user to use the application.
If you Allow, the download will proceed further.
You will be prompted to enter a Transaction Code / OTP provided by the issuer via SMS or Email.
The Share button will solely share the VC, while the Share with Selfie option will verify if the sender's face matches the photo in the VC before proceeding to share.
Please note that the relying party can only view the received cards and will not be able to share or perform other actions with them.
The Share button will solely share the VC, while the Share with Selfie option will verify if the sender's face matches the photo in the VC before proceeding to share.
Please note that the relying party can only view the received cards and will not be able to share or perform other actions with them.
The Share button will solely share the VC, while the Share with Selfie option will verify if the sender's face matches the photo in the VC before proceeding to share.
Please note that the relying party can only view the received cards and will not be able to share or perform other actions with them.
You are prompted for face authentication.
Choose the credentials you want to share.
Tap “Share” to proceed. The wallet sends the Verifiable Presentation (VP) to the verifier securely.
You’ll see a confirmation message once the sharing is complete.
A list of matching credentials is displayed.
You will be asked for face authentication.
Choose the credentials to be shared.
Tap “Share”.
You are automatically redirected back to the service portal (Android).
On iOS, you may need to manually switch back to the browser.
The wallet displays:
The verifier’s details and request information.
A list of available claims within the SD-JWT credential.
The user can select only the claims they wish to share.
The wallet generates a Verifiable Presentation (VP) containing only the selected claims.
You are prompted for authentication (Face) if VC contains a face photo.
Upon confirmation, the SD-JWT VP is securely shared with the verifier.
A success message confirms completion of the privacy-preserving sharing process.
Users will be notified of success or failure.
