Wallet profiles · Wallet profiles
KYC — full PID presentation
Wallet profile + presentation definition for remote KYC. Requires a member-state PID with given_name, family_name, date_of_birth, nationality.
- kyc
- pid
- eidas
Tested against:broker: 1.0.0arf: 1.4
Use case
A Dutch neobank onboarding retail users replaces document-upload KYC with an EUDIW PID presentation. The presentation pulls the four identity claims required for KYC, no more, no less.
Wallet profile (YAML)
id: kyc-pid
name: "Remote KYC — full PID"
accepted_formats:
- vc+sd-jwt
- mso_mdoc
trust_registry_url: https://trust.thoryn.org
allowed_issuers:
- "did:eidas:nl"
- "did:eidas:de"
- "did:eidas:fr"
# ... extend with the EU member states you accept
session_ttl_seconds: 600
require_holder_binding: true
nonce_required: truePresentation definition
{
"id": "kyc-pid-pd",
"input_descriptors": [
{
"id": "pid",
"constraints": {
"fields": [
{ "path": ["$.vct"], "filter": { "const": "PIDCredential" } },
{ "path": ["$.given_name"] },
{ "path": ["$.family_name"] },
{ "path": ["$.date_of_birth"] },
{ "path": ["$.nationality"] }
]
}
}
]
}Sample VP token shape
After verification, Broker delivers:
{
"session_id": "...",
"credential_id": "...",
"issuer": "did:eidas:nl",
"vct": "PIDCredential",
"claims": {
"given_name": "Jan",
"family_name": "Jansen",
"date_of_birth": "1985-03-12",
"nationality": "NL"
},
"verified_at": "2026-04-25T..."
}Webhook payload
Your callback_url receives the same shape, signed with HMAC-SHA256 in X-Thoryn-Signature and an X-Thoryn-Idempotency-Key.
When to use
- Regulated financial onboarding under eIDAS 2.0
- Government services replacing paper-passport workflows
When not to use
- Age-only verification — use age-gate for selective disclosure
- Internal employee onboarding — use employer-onboarding
See also
- Broker — Use cases — scenario 1 (remote KYC for a fintech)