The relying party application acts as the primary point of contact for credential issuance to a
wallet. It uses the DC Agency Service and the OpenID Provider to support the key functions of access
token grants for credential issuance and credential minting.
Figure 1. OpenID for Verifiable Credential Issuance main
components
Procedure
Create credential schemas. The schema defines the attributes supported by a
credential.
Create a credential definition associated with the credential schema. A credential
definition defines features of credentials such as:
Format (for example, ldp_vc, mso_mdoc)
Signing algorithms
Key binding proofs
Create a credential offer. The relying party application provides a user experience such
that user can request a credential to be issued.
The relying party uses the DC Agency Service to generate an OID4VCI credential offer.
This offer may be displayed as a QR code.
After scanning the QR code and parsing the offer, the wallet retrieves details about the
offer and options for access token grants from the issuer’s metadata endpoint. The wallet queries
the authorization server to obtain token grant details.
The wallet begins an authorization code flow to request credentials.
The wallet retrieves an access token using the authorization code.
The wallet submits a credential request using the access token.
The DC Agency Service validates the access token and other request options based on the
credential definition. If successful, the requested credential is minted and returned to the wallet
via an OID4VCI credential endpoint response.
