← PSDP Demo hub · API docs

The PSDP On-Ramp

Bring your own login → walk out with a privacy-preserving PSDP credential.

You sign in OpenID id_token verified PSDP credential minted & signed

Authenticate at an OpenID provider and this app mints a real, cryptographically-signed PSDP credential bound to your verified identity. No wallet, no setup.

1. Sign in

Click below to run the full login → mint flow against the built-in provider.

Sign in with the Demo IdP SIMULATED PROVIDER

The Demo IdP is a simulated OpenID provider served by this same app (under /onramp/idp) so the on-ramp works with zero external setup. It issues a genuine RS256-signed id_token — nothing is faked. Real providers (Google, Microsoft, Apple, Okta, Auth0, GitHub, Keycloak) work through the same adapter when the operator configures OIDC_<PROVIDER>_CLIENT_ID / _CLIENT_SECRET; absent that, the demo provider is used.

What is real here, and what isn't:

• The built-in IdP is a simulated provider for demonstration — it does no real-world identity proofing.
• The id_token and the minted PSDP credential are really signed and verifiable (RS256 id_token validated against the IdP JWKS; Ed25519 issuer signature over the credential root).
• No claim of external certification or unlinkability is made on this page. This page mints a credential; it does not present one.

Next step (not shown here): the unlinkable presentation of a PSDP credential — proving a predicate (e.g. age ≥ 18) to a verifier with a per-verifier nullifier so two verifiers cannot correlate you. See the Privacy: Audit vs Private mode section on the demo hub. coming to this on-ramp