NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

EWC RFC001: Issue Verifiable Credential

type
Standard
Documentation

Description

Description
Source

OpenID for Verifiable Credential Issuance (OID4VCI) is a protocol specification that enables standardized issuance of verifiable credentials between issuers and wallet holders. This protocol implements a secure flow for requesting and receiving digital credentials while ensuring interoperability across the European Digital Identity Wallet ecosystem.

The standard defines two main issuance flows:

  • Authorization Code Flow - For interactive credential issuance requiring user authentication
  • Pre-authorized Code Flow - For non-interactive issuance using pre-authorized codes

Key capabilities include:

  • Credential Offer mechanism to initiate issuance
  • Discovery of issuer capabilities and configurations
  • Authorization flows for secure access
  • Credential Request/Response protocols
  • Support for multiple credential formats including:
    • jwt_vc_json (W3C Verifiable Credentials)
    • vc+sd-jwt (IETF SD-JWT Verifiable Credentials)
    • mso_mdoc (ISO Mobile Driving License format)

Technical Details:

  1. Purpose and Scope:
  • Standardize credential issuance between Issuers and Wallet Holders
  • Enable interoperability across European Wallet Ecosystem
  • Support multiple credential formats and authentication methods
  1. Key Technical Specifications:
  • Uses openid-credential-offer URI scheme
  • Implements OAuth 2.0 authorization flows
  • Supports PKCE (Proof Key for Code Exchange)
  • Requires Pushed Authorization Requests
  • Implements /.well-known endpoints for discovery
  1. Implementation Requirements:
  • Must support both authorization flows
  • Must implement credential offer and discovery endpoints
  • Must support specified credential formats
  • Must implement security features like nonce and state parameters
  1. Security Considerations:
  • Mandatory PKCE implementation
  • Support for DID Authentication
  • Transaction binding through tx_code
  • Short-lived authorization codes
  • Secure credential state management
  1. Interoperability Features:
  • Standardized credential offer format
  • Common discovery mechanisms
  • Consistent authorization flows
  • Support for multiple credential formats
  • Standardized error responses
  1. Current Adoption Status:
  • Implemented by multiple European Digital Identity Wallet providers
  • Adopted by various credential issuers
  • Part of the European Union Digital Identity framework

Statistics

Projects Following
Source
0

Under Management at

Projects Following or working on this Standard

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page