Thoryn

Issuance, programmable

Become an issuer without building an issuer.

An OID4VCI-compliant issuance service. Mint SD-JWT VC credentials, expose them via standard OID4VCI flow, revoke via status list. The infrastructure side of the EU credential ecosystem — ready-made.

Get startedBook a demo

What Credential Issuer does

Credential Issuer generates SD-JWT VC credentials, tracks them through their lifecycle, and exposes a standard OpenID4VCI flow to holder wallets. You define credential types via admin API; any ARF-conformant wallet can receive. Selective disclosure is at the credential layer — holders present only what's needed.

Credential Issuer architecture — operator registers VCT, subject redeems offer, issuer mints SD-JWT VC and tracks revocation

Differentiators

Why teams pick it

OID4VCI conformant

Pre-authorized code flow today; authorization code on roadmap. Any ARF-conformant wallet can receive.

SD-JWT VC format

Selective disclosure at the credential layer — holder presents only what's needed.

Multi-tenant

One deployment, many issuing entities. A chamber of commerce hosts issuance for many member associations.

Credential templates

Operator defines credential types (VCTs) via admin API. No code change to add a new credential type.

Status list revocation

Every credential carries a status index. Revoke → verifiers reject within seconds.

EU-only

Hetzner Germany. Signing via Vault Transit (on roadmap). No CLOUD Act exposure.

Applications

What you can build

  • Member-state PID issuer Mint PID credentials at national-identity-authority scale with status-list revocation.
  • Bank credential program 'Verified customer' credentials that extend lifetime value across partners.
  • University diplomas Replace paper diplomas + transcripts with verifiable credentials for life.
  • Employer credentials Issuable in the HR portal flow; received into Cloud Wallet or Native Wallet SDK.

Shipped today

  • OID4VCI pre-authorized code flow, offer minting, token exchange, credential issuance
  • SD-JWT VC format with selective disclosure
  • Credential templates (VCTs) with admin API
  • Status list with revocation
  • Multi-tenant isolation + deferred issuance (approve / deny workflows)

On the roadmap

  • Authorization code flow — user-initiated issuance with PAR + PKCE + Hub federation
  • Vault Transit signing — migrate from in-process signing to Vault-held keys
  • Trust Registry JWKS publication — auto-register issuer keys on boot + rotation
  • Tamper-evident audit + webhook delivery
  • mdoc format, batch issuance, wallet-attestation verification

Ready to become an issuer?

Request access to mint SD-JWT VC credentials with templates, revocation, and multi-tenant isolation.

Get startedBook a demo