Introduction
The Identity Development Kit (IDK) is a Kotlin Multiplatform library for digital identity applications. It covers credential issuance and verification, identity proofing, trust establishment, and secure data exchange, all from a single codebase that compiles to Android, iOS, JVM, JavaScript (browser and Node.js), WebAssembly, and Linux native.
The IDK is the open-source core behind Sphereon's commercial Enterprise Development Kit (EDK). Use it standalone to build wallets, verifiers, issuers, and identity services, or as the foundation layer under the EDK.
What You Can Build
Mobile Wallets and Credential Holders
Store and present credentials using ISO/IEC 18013-5 (mDL/mDoc), SD-JWT, and OpenID4VP. The IDK handles device engagement (QR, NFC, BLE), session encryption, selective disclosure, and proximity and remote presentation protocols.
Credential Verifiers
Request and verify credentials as a relying party. Supported flows include OpenID4VP with DCQL queries or presentation definitions, mDoc reader verification over BLE/NFC/HTTP, SD-JWT signature and disclosure verification, and multi-framework trust validation.
Issuance and Authorization Services
Run server-side issuance with the built-in OAuth 2.0 authorization server (authorization code, client credentials, pre-authorized code, token exchange, DPoP, PKCE, PAR, introspection, revocation), SD-JWT credential issuance with selective disclosure, and DID-based issuer identity.
Identity Proofing and Onboarding
Combine OIDC federation, wallet-based credential presentation, document verification, biometric checks, and OTP into identity verification workflows. Includes policy-driven reconciliation, privacy-preserving identity matching, and compliance tracking for eIDAS, NIST 800-63A, and UK DIATF.
Cross-Platform Libraries and SDKs
The IDK compiles to all major platforms, so a single codebase can serve native Android, iOS, web, and server applications. JavaScript and WebAssembly targets ship with TypeScript definitions.
Platform Support
The IDK targets all major Kotlin Multiplatform platforms:
| Platform | Targets | Notes |
|---|---|---|
| JVM | Java 17+ | Server-side applications, Ktor |
| Android | API 27+ (Android 8.1) | Full support including BLE, NFC HCE, Android Keystore |
| iOS | arm64, x64, simulator-arm64 | CoreBluetooth, CoreNFC, Secure Enclave |
| JavaScript | Browser (Webpack), Node.js | ES modules, TypeScript definitions generated |
| WebAssembly | wasmJs (Browser + Node.js) | BigInt support, TypeScript definitions |
| Linux | x64 | Server and CLI tooling |
Most IDK modules compile to all of these targets. Platform-specific modules (BLE transport, NFC transport, mobile KMS) are available only on the platforms they support.
Architecture
The IDK is organized into functional domains, each with a clean separation between public API and implementation:
| Domain | What it provides |
|---|---|
| Core | Dependency injection (Metro), configuration, logging, events, HTTP client |
| Cryptography | Key management (software, mobile, AWS, Azure), COSE/JOSE signing and verification, identifier resolution |
| Identity | DID resolution and management, trust establishment (ETSI, X.509, OpenID Federation, DID), identity verification, matching, and reconciliation |
| Credentials | SD-JWT issuance and presentation, mDoc/mDL with BLE/NFC/HTTP transports, credential claims mapping |
| Protocols | OAuth 2.0 client and server, OpenID4VP holder and verifier, DPoP, PKCE |
| Data | Key-value store, blob storage, party/identity data models |
Each domain follows the -public / -impl module pattern (see Installation).
Next Steps
- Installation: repository setup, module architecture (
-publicvs-impl), and thelib-allshortcut - Module Reference: complete list of all available modules
- Platform Setup: Android permissions, iOS entitlements, and platform-specific configuration
- Dependency Injection: the App / User / Session scope hierarchy
- Application Setup: defining your application graph and initializing the IDK