How to create a Credential configuration
As part of an OpenID4VCI issuance workflow you must create a Credential configuration. A Credential configuration is a specific set of rules and parameters that are used to create and validate a particular type of verifiable credential. These rules and parameters define how the credential is structured and what data it contains when issued.
The OpenID4VCI issuance workflow currently supports configuration of the following credentials profiles:
- Compact and Compact Semantic Credentials
- Web Credentials
- Mobile Credentials
You can also create Credential configurations via the MATTR Self Service Portal.
Create a Compact or Compact Semantic Credential Configuration
Request
Make a request of the following structure to create a new Compact Credential configuration:
POST /v2/credentials/compact/configurationsYou can make a similar request to a different endpoint to create a new Compact Semantic Credential configuration:
POST /v2/credentials/compact-semantic/configurationsRequest body
{
"type": "CourseCredential",
"claimMappings": {
"email": {
"mapFrom": "claims.email"
},
"firstName": {
"mapFrom": "claims.given_name"
},
"lastName": {
"mapFrom": "claims.lastName"
},
"addressRegion": {
"mapFrom": "claims.addressRegion",
"required": true,
"defaultValue": "Kakapo"
},
"providerUrl": {
"mapFrom": "authenticationProvider.url",
"required": true
},
"providersubjectId": {
"mapFrom": "authenticationProvider.subjectId",
"required": true
}
},
"revocable": true,
"expiresIn": {
"years": 1
},
"claimSourceId": "945214ad-3635-4aff-b51d-61d69a3c8eee"
}type(required): Used to differentiate between different Compact/Compact Semantic Credential configurations on your tenant. Thus, its value must:- Be unique across all Compact/Compact Semantic Credential configurations on your tenant.
- Not be
VerifiableCredential.
claimMappings: This is where you specify how to map claims (user attributes) into issued credentials. Each field in the object corresponds to a claim in the issued credential, and contains one or more of the following attributes:mapFrom: References the path in the user object where the claim is available.- When using a URL as a claims namespace identifier, use bracket notation to access the
claim value (e.g.
mapFrom: "claims['https://example.com/claim-name']"). mapFromis optional whendefaultValueis provided, as the latter will be used for all issued credentials. This is referred to as a static claim.
- When using a URL as a claims namespace identifier, use bracket notation to access the
claim value (e.g.
defaultValue: Used to populate the claim with a static value when mapping is unsuccessful. WhendefaultValueis provided,mapFromis optional.required: Indicates whether the claim is required. When a required claim cannot be retrieved and nodefaultValueis available, credential issuance will fail. Defaults tofalse.
revocable: When set totrue(default), the created credential can later be revoked. When set tofalse, the credential cannot be revoked.expiresIn(optional): Used to determine when will issued credentials expire. Can include any combination ofyears,months,weeks,days,hours,minutesandseconds.claimSourceId(optional): References the unique identifier of a claims source that can be used to retrieve claims and include them in the issued credential.
Response
{
"id": "8fda86fc-781d-4401-80d7-eaa43efafad9",
"type": "CourseCredential"
//... rest of your Credential configuration
}id: Uniquely identifies the created Credential configuration. This identifier can be used to include this Credential configuration in a Credential offer, or to retrieve, update or delete the Credential configuration.
Once the Credential configuration is created, its details are publicly available on https:// {your_tenant_url}/.well-known/openid-credential-issuer. This enables relying parties to verify
credentials issued using this Credential configuration.