Skip to Content
GuidesOID4VCI

How to issue a credential via the OID4VCI workflow

To issue a credential via the OID4VCI workflow you must create a Credential offer. This offer specifies the Credential configurations that will be used to issue the credential, as well as additional parameters to support the issuance workflow.

Once the offer is created, it must be shared with the credential’s intended holder so that they can claim the credential.

The process for issuing a credential is similar for both the Authorization Code flow and the Pre-authorized Code flow. The main difference is the type of credential offer you need to create, depending on which workflow you are using.

Prerequisites

  • The id identifier of one or more Credential configurations you wish to include in this offer. This is obtained when you create a Credential configuration.
  • DIDs (Only required when sharing the offer as a DID message):
    • Issuer DID: This is a did:web that identifies the issuer who attests the claims in the credential are accurate.
    • Subject DID: This is a did:key that identifies the intended holder of the credential. This DID is usually retrieved from the intended holder’s digital wallet.
      • Refer to Create a did:key if you need assistance in creating one for testing this feature.
      • In production environments you must have a secure way to obtain the holder’s digital wallet DID:
        • Use DID Auth for any new interactions.
        • Ask the user to share their wallet DID.
        • Request an existing credential as part of a verification workflow, and extract the DID from that interaction.

Overview

Issuing a credential via the OID4VCI workflow comprises the following steps:

  1. Generate an offer URI.
  2. Send an offer URI.
  3. Accept a Credential offer.

Generate an offer URI

Generate the offer URI by making one of the following requests based on the issuance flow you are using:

Send an offer URI

Once a credential offer URI is generated, you can send it to the intended holder in one of the following methods:

  • Send via a DID message
  • Send via a QR code.
  • Send via a Deeplink.

Accept a Credential offer

Once the Credential offer is shared with the intended holder, it is up to them to use their digital wallet to accept the offer and claim the credential.

The credential is only issued after the intended holder accepts the Credential offer.

Troubleshooting

Below are a few common problems and their solutions:

ProblemHow to solve
The app opens but does not show the credential being offeredMake sure the mobile device is connected to the internet
Scanning the QR code using the phone’s camera doesn’t open the app (opens Google search or tries to load in the browser and fails)
  • - Make sure you have the GO Hold example app set up with a PIN.
  • - Make sure the QR is large enough to be read by your phone; try creating a larger QR Code (e.g., 300 x 300 px).
Last updated on