NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

OpenID for Verifiable Credential Issuance - OID4VCI specification

type
Standard
Documentation

Description

Description
Source

OpenID for Verifiable Credential Issuance is a protocol that enables the standardized issuance of verifiable credentials from issuers to digital wallets. Built on OAuth 2.0, it defines a secure API and workflow for requesting, authorizing, and delivering digital credentials in various formats.

The protocol supports multiple credential formats including W3C Verifiable Credentials, ISO mDL, and IETF SD-JWT VC, making it highly flexible for different use cases. It enables both issuer-initiated and wallet-initiated credential issuance flows.

Key features include:

  • Support for both synchronous (immediate) and asynchronous (deferred) credential issuance
  • Multiple authorization flows including Authorization Code Flow and Pre-Authorized Code Flow
  • Cryptographic binding of credentials to holder keys
  • Extensible metadata for describing credential types and issuer capabilities
  • Optional encryption of credential responses
  • Support for batch credential issuance

Core technical components:

  • Credential Endpoint (required)

    • Issues one or more credentials upon presentation of valid access token
    • Supports proof of possession for cryptographic binding
  • Nonce Endpoint (optional)

    • Provides fresh nonce values for proof generation
    • Helps prevent replay attacks
  • Deferred Credential Endpoint (optional)

    • Enables asynchronous credential delivery
    • Used when immediate issuance is not possible
  • Notification Endpoint (optional)

    • Allows wallets to notify issuers about credential status
    • Supports success/failure notifications

The specification defines:

  1. Purpose and Scope:
  • Standardized API for verifiable credential issuance
  • Framework for secure credential delivery
  • Support for multiple credential formats and binding methods
  1. Key Technical Specifications:
  • OAuth 2.0-based authorization
  • JWT-based proofs and attestations
  • JSON-based metadata and request/response formats
  • TLS required for all endpoints
  1. Implementation Requirements:
  • Must implement required Credential Endpoint
  • Must support at least one authorization flow
  • Must validate all proofs and tokens
  • Must implement proper error handling
  1. Security Considerations:
  • Access token protection
  • Proof replay prevention
  • Transaction code security
  • TLS requirements
  1. Interoperability Features:
  • Multiple credential format support
  • Extensible metadata
  • Standard error codes
  • Common proof formats
  1. Current Status:
  • Active development by OpenID Foundation
  • Multiple implementations in progress
  • Growing adoption in digital identity ecosystem

The specification provides a robust foundation for building interoperable credential issuance systems while maintaining security and privacy.

Statistics

Projects Following
Source
0

Under Management at

Project
Website
Source

Projects Following or working on this Standard

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page