light-mode-image
Learn

Choose your issuance workflow

The first decision when building an issuance solution is which OID4VCI workflow to use. MATTR VII supports two, and your choice depends on how much control you need over user authentication during the claiming process.

Choose your issuance workflow

MATTR VII supports two OID4VCI workflows. Your choice depends on how much control you need over user authentication during the claiming process.

Pre-authorized Code flow

Best for: issuing to known users, silent issuance within existing app sessions, high-assurance credentials where identity has already been verified out-of-band.

The issuer authenticates the user externally, prepares the credential data, and creates a single-use offer. The wallet claims the credential without an additional authentication step.

  • Offers are single-use, consumed after successful claim.
  • Supports mDocs credential format.
  • Optional transaction code adds two-factor security.
  • Ideal for in-app issuance or silent credential updates.

Components involved:

ComponentRole
Credential offerContains pre-authorized code and claim data
Credential configurationDefines credential structure and claim mappings
Claims source (optional)Enriches credential with additional data

See the Pre-authorized Code flow overview for the detailed workflow and configuration steps.

Authorization Code flow

Best for: public-facing credential offers, user self-service portals, scenarios requiring real-time identity verification.

The holder scans a QR code or clicks a link, authenticates through your identity provider, and the credential is issued upon successful authentication.

  • Offers are reusable: Multiple users can claim from the same offer.
  • Supports mDocs and CWT credential formats.
  • Integrates with your existing OIDC identity provider.
  • Supports optional interaction hooks for additional verification steps.

Components involved:

ComponentRole
Credential offerEntry point that starts the flow
Authentication providerAuthenticates the holder via OIDC
Credential configurationDefines credential structure and claim mappings
Claims source (optional)Fetches additional data from external systems
Interaction hook (optional)Adds custom steps between auth and issuance

See the Authorization Code flow overview for the detailed workflow and configuration steps.

Next steps

Once you have chosen a workflow, define your credential structure.

How would you rate this page?

Last updated on

On this page