NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

OpenID Connect UserInfo Verifiable Credentials

type
Standard
Documentation

Description

Description
Source

The OpenID Connect UserInfo Verifiable Credentials specification defines a framework for converting traditional OpenID Connect UserInfo claims into verifiable credentials. This enables more flexible and decentralized identity verification scenarios while maintaining compatibility with existing OpenID Connect infrastructure. The standard allows OpenID Providers to issue cryptographically verifiable credentials containing user attributes that can be presented to any verifier without requiring direct interaction with the original issuer.

Key features include:

  • UserInfoCredential type for representing standard OpenID claims
  • Integration with Verifiable Credentials data model
  • Support for credential revocation using StatusList2021
  • Signed JWK distribution for offline verification

Purpose and Scope:

  • Enables conversion of OpenID Connect user attributes into portable credentials
  • Supports decentralized identity verification without requiring verifier registration
  • Maintains compatibility with existing OpenID Connect deployments
  • Facilitates end-to-end identity verification in encrypted communications

Technical Specifications:

  • Uses JWT format for credential representation
  • Requires jwt_vc_json credential format
  • Implements StatusList2021 for revocation
  • Supports ES256 and other standard cryptographic algorithms
  • Leverages DID:jwk method for subject identification

Implementation Requirements:

  • Must support OpenID4VCI protocol
  • Must implement Wallet-initiated authorized code flow
  • Must provide signed JWK Sets for offline verification
  • Must support userinfo_credential scope
  • Must validate proof of possession for credential requests

Security Considerations:

  • Requires cryptographic binding between credentials and holders
  • Implements nonce-based replay protection
  • Supports credential revocation
  • Uses X.509 certificate chains for JWK Set validation
  • Maintains end-to-end security properties

Interoperability Features:

  • Compatible with existing OpenID Connect deployments
  • Works with standard Verifiable Credentials wallets
  • Supports multiple presentation protocols including OpenID4VP
  • Uses standardized credential format and revocation mechanism
  • Enables offline verification through signed JWK Sets

Current Adoption Status:

The specification is currently in draft status (Draft 00) as of January 2025, being developed through the OpenID Foundation.

The standard represents a significant evolution in digital identity by bridging traditional OpenID Connect infrastructure with emerging Verifiable Credentials technology, enabling more flexible and secure identity verification scenarios.

Statistics

Projects Following
Source
0

Under Management at

Project
Website
Source

Projects Following or working on this Standard

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page