How to issue a credential via the OID4VCI workflow
To issue a credential via the OID4VCI workflow you must create a Credential offer. This offer specifies the Credential configurations that will be used to issue the credential, as well as additional parameters to support the issuance workflow.
Once the offer is created, it must be shared with the credential’s intended holder so that they can claim the credential.
The process for issuing a credential is similar for both the Authorization Code flow and the Pre-authorized Code flow. The main difference is the type of credential offer you need to create, depending on which workflow you are using.
Prerequisites
- The
id
identifier of one or more Credential configurations you wish to include in this offer. This is obtained when you create a Credential configuration. - DIDs (Only required when sharing the offer as a DID message):
- Issuer DID: This is a
did:web
that identifies the issuer who attests the claims in the credential are accurate.- Refer to Create a
did:web
if you need assistance in creating one.
- Refer to Create a
- Subject DID: This is a
did:key
that identifies the intended holder of the credential. This DID is usually retrieved from the intended holder’s digital wallet.- Refer to
Create a did:key
if you need assistance in creating one for testing this feature. - In production environments you must have a secure way to obtain the holder’s digital
wallet DID:
- Use DID Auth for any new interactions.
- Ask the user to share their wallet DID.
- Request an existing credential as part of a verification workflow, and extract the DID from that interaction.
- Refer to
- Issuer DID: This is a
Overview
Issuing a credential via the OID4VCI workflow comprises the following steps:
Generate an offer URI
Generate the offer URI by making one of the following requests based on the issuance flow you are using:
Send an offer URI
Once a credential offer URI is generated, you can send it to the intended holder in one of the following methods:
- Send via a DID message
- Send via a QR code.
- Send via a Deeplink.
Accept a Credential offer
Once the Credential offer is shared with the intended holder, it is up to them to use their digital wallet to accept the offer and claim the credential.
The credential is only issued after the intended holder accepts the Credential offer.
Troubleshooting
Below are a few common problems and their solutions:
Problem | How to solve |
---|---|
The app opens but does not show the credential being offered | Make sure the mobile device is connected to the internet |
Scanning the QR code using the phone’s camera doesn’t open the app (opens Google search or tries to load in the browser and fails) |
|