Quick Start Guide

Get started with SIROS ID in minutes. This guide walks you through connecting your first application to verify digital credentials.

What You'll Build

By the end of this guide, you'll have:

✅ A working credential verification flow
✅ Users logging in with their digital credentials
✅ Verified identity claims in your application

Prerequisites

An application with OIDC/OAuth2 login support
Access to your IAM configuration (e.g., Keycloak, Auth0)
A test wallet (we'll set this up)

Step 1: Get a Test Wallet (2 minutes)

Open id.siros.org in your browser
Create a new wallet using a passkey
Navigate to Add Credential → Demo PID
Accept the test Person Identification credential

You now have a wallet with a test credential.

Step 2: Register Your Application (5 minutes)

# For self-hosted verifier:
curl -X POST https://verifier.example.org/register \
  -H "Content-Type: application/json" \
  -d '{
    "client_name": "My Test App",
    "redirect_uris": ["https://localhost:8080/callback"],
    "token_endpoint_auth_method": "client_secret_post",
    "grant_types": ["authorization_code"],
    "response_types": ["code"],
    "scope": "openid profile"
  }'

Save the returned client_id and client_secret.

SIROS Hosted Service

When using the SIROS ID hosted service, services use subdomain-based multi-tenancy:

Wallet: https://id.siros.org/<tenant>
Verifiers: https://<instance>.<tenant>.verifier.id.siros.org
Issuers: https://<instance>.<tenant>.issuer.id.siros.org

For example, with tenant demo and verifier instance main:

curl -X POST https://main.demo.verifier.id.siros.org/register \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Step 3: Configure Your IAM (5 minutes)

Add SIROS ID verifier as an identity provider:

Keycloak

Go to Identity Providers → Add provider → OpenID Connect v1.0
Configure:
- Alias: sirosid
- Display Name: SIROS ID
- Discovery URL: https://verifier.example.org/.well-known/openid-configuration
- Client ID: (from step 2)
- Client Secret: (from step 2)
- Client Authentication: Client secret sent as post
Save

Auth0

Go to Authentication → Enterprise → OpenID Connect
Create a new connection with:
- Issuer URL: https://verifier.example.org
- Client ID: (from step 2)
- Client Secret: (from step 2)

Direct Integration

If not using an IAM, redirect users directly:

// Replace with your verifier URL
const authUrl = 'https://verifier.example.org/authorize?' + 
  new URLSearchParams({
    response_type: 'code',
    client_id: 'your-client-id',
    redirect_uri: 'https://localhost:8080/callback',
    scope: 'openid profile',
    state: crypto.randomUUID()
  });

window.location = authUrl;

Step 4: Test the Flow (2 minutes)

Start login: Click "Login with SIROS ID" in your app
Scan QR code: Use your test wallet to scan the QR code
Approve sharing: Review and approve the credential request
Complete: You're logged in with verified claims!

What Just Happened?

Your application received verified identity claims directly from the user's credential:

{
  "sub": "unique-user-id",
  "given_name": "Alice",
  "family_name": "Smith",
  "birthdate": "1990-01-15"
}

Requesting Specific Claims

Use scopes to request different credentials:

Scope	What You Get
`openid`	Basic authentication
`profile`	Name, birthdate from PID
`pid`	Full Person ID claims
`ehic`	Health insurance card
`diploma`	Educational credentials

Example:

scope=openid profile ehic

Going to Production

Register for production: Contact SIROS ID to get production credentials or deploy your own infrastructure
Configure trust: Set up your trust framework registration
Update URLs: Point to your production verifier endpoint

Next Steps

📖 Full Verifier Guide – Complete verification documentation
🎫 Issuing Credentials – Issue your own credentials
🔐 Trust Services – Configure trust framework
🔧 Keycloak Integration – Detailed Keycloak setup

Common Issues

QR Code Not Scanning

Ensure the wallet has camera permissions
Try the deep link option for mobile browsers

Claims Not Appearing

Check that requested scopes match available credentials
Verify the credential type in your wallet matches the request

Token Validation Fails

Ensure your clock is synchronized (NTP)
Check the JWKS endpoint is accessible

Get Help

📧 Email: support@siros.org
GitHub: sirosfoundation

What You'll Build​

Prerequisites​

Step 1: Get a Test Wallet (2 minutes)​

Step 2: Register Your Application (5 minutes)​

Step 3: Configure Your IAM (5 minutes)​

Keycloak​

Auth0​

Direct Integration​

Step 4: Test the Flow (2 minutes)​

What Just Happened?​

Requesting Specific Claims​

Going to Production​

Next Steps​

Common Issues​

QR Code Not Scanning​

Claims Not Appearing​

Token Validation Fails​

Get Help​