Drop-in widget · Tier B1
Sign in with EU Wallet — one script tag
Add EU Wallet sign-in to any web page in about 30 seconds. The widget renders a branded button, opens a QR modal on click, polls the CodeB verifier for the wallet’s response, and fires a codeb:wallet-signed-in DOM event on the host page. No backend integration is required on your side beyond verifying the returned assertion server-side.
Live demo
Click the button below. A modal will open with a scannable QR pointing at the CodeB verifier on this domain.
Nothing wires the button to your app until you handle the event — the demo just prints the payload below.
Integration snippet (copy-paste)
Data attributes on the <script> tag
| Attribute | Default | Effect |
|---|---|---|
data-verifier | https://phone.aloaha.com | Origin serving oidc.ashx. Set to your own tenant domain. |
data-mode | signin | Currently signin only. age-verify lands with the dedicated backend endpoint in the next iteration. |
data-theme | auto | light, dark, or auto (follows the browser’s prefers-color-scheme). |
data-debug | false | Set to true to see widget lifecycle in the browser console. |
Data attributes on the placeholder <div>
| Attribute | Effect |
|---|---|
data-codeb-widget="signin" | Required. Marks the div for widget insertion. |
data-label | Override the button label (default: Sign in with EU Wallet). |
Events fired on window
e.detail.claims holds the verified SD-JWT VC claims (given_name, family_name, age_over_*, whatever the wallet released). e.detail.assertion holds a signed CodeB assertion your server verifies against the verifier JWKS.e.detail.error holds the reason.Programmatic API
If you prefer not to use the auto-rendered button, call the API directly:
Security & privacy
data-verifier origin. No third-party trackers, no cookies, no analytics.credentials: 'omit'
Your visitor’s session cookies never leave your site.e.detail.claims alone. POST e.detail.assertion to your backend and verify against the CodeB verifier JWKS.Roadmap
Coming with Tier B follow-on rounds:
- Age-only mode — dedicated
?query=age&threshold=Nbackend so the widget only asks for the age claim. - Wallet Attestation (WUA) check — verify the presenting wallet is a national-scheme-certified EUDIW app. Lands with LOTL cache.
- Cross-device de-dup — if the visitor scans the QR with a wallet on another device, the button-owning browser tab receives the assertion via a signed back-channel.
EU Wallet verifier overview · HAIP notes · Try full sign-in · Age verification