Learn how to create a standards-compliant mDoc Credential configuration
Introduction
In an OpenID4VCI issuance workflow, Credential offers are created based on Credential configurations. These are templates that define rules and parameters that control the structure and content of the credentials being issued.
The purpose of this tutorial is to demonstrate how to create an mDoc Credential configuration using the MATTR Portal or via API calls.
Prerequisites
- Ensure you have completed the Get Started with OID4VCI Tutorial, as this tutorial builds upon it.
- Review the Credential configuration overview page for a detailed explanation of the key concepts and considerations involved in creating a credential configuration.
We recommend using the MATTR VII Postman collection in this tutorial. While this isn’t an explicit prerequisite it can really speed things up.
Tutorial overview
When planning any credential configuration, an issuer should take the following factors into account:
- Credential type: Used to uniquely identify credentials issued via this configuration.
- Credential content: Decide what information will be included in the credential, and how it will be structured.
- Credential validity: Set the appropriate validity period to reflect how long the credential should be considered accurate and trustworthy.
- Revocation support: Determine whether the credential needs to support revocation status updates.
- Branding configuration: Specify how the credential should appear in a digital wallet. While display conventions are not yet standardized, this tutorial uses MATTR’s proprietary format to support branding, clarity, and holder trust.
This tutorial will walk you through each of these steps and explain the different considerations, options, and best practices to help you create a well-formed credential configuration.
Credential type
The credential type is used to differentiate between different types of credentials. It is a unique identifier that specifies the purpose and structure of the credential being issued.
It is set using the
type
property when creating a credential configuration:
{
"type": "org.iso.18013.5.1.mDL"
// Rest of the credential configuration
}Refer to the Credential configuration overview for considerations and best practices on defining credential types.
Credential content
The credential content defines the specific information that will be included in the credential. This can include various claims about the holder, such as their name, email address, and any other relevant data.
The content is set using the claimMappings object, as shown in the following example:
{
"claimMappings": {
"com.example.personaldetails.1": {
"name": {
"mapFrom": "claims.name",
"type": "string",
"required": true
},
"email": {
"mapFrom": "claims.email",
"type": "string",
"defaultValue": "Not provided"
}
}
},
"claimSourceId": "78e1b90c-401d-45bb-89c0-938da4d44c60"
// Rest of the credential configuration
}This example maps claims into a single namespace (com.example.personaldetails.1) and defines two
claims within it:
name: This claim is mapped from theclaims.nameproperty in the claim source. It is of typestringand is marked asrequired, meaning that the issuance process will fail if this claim is not provided.email: This claim is also mapped from theclaims.emailproperty in the claim source. It is of typestringbut is not marked as required. If the claim is not provided, it will default to the value “Not provided”.
The claimSourceId property specifies the claims source
from which claims are dynamically retrieved as part of the issuance flow.
Refer to the Credential configuration overview for considerations and best practices on defining and mapping credential content.
Credential validity
Credential validity defines the period during which the credential is considered valid and can be used for its intended purpose. This is set using a combination of three properties in the credential configuration. Examples include:
Refer to the Credential configuration overview for considerations and best practices on defining and mapping credential validity.
Revocation support
MATTR VII allows you to update the status of issued credentials, enabling you to revoke or suspend credentials when necessary. Verifiers can check the status of a presented credential without compromising the holder’s privacy.
Support for credential revocation is configured as part of the credential configuration, using the
includeStatus
boolean:
{
"includeStatus": true
// Rest of credential configuration
}includeStatus: When set totrue, issued credentials are revocable. They’ll include astatusobject, which refers a Status list where the credential status is indicated.
Credential branding
Credential configurations can include information regarding how to brand them when they are displayed in a digital wallet. This is useful for enhancing the user experience and ensuring that the credential is easily recognizable.
While display conventions are not yet standardized, this tutorial uses MATTR’s proprietary format to support branding, clarity, and holder trust.
Branding is controlled via the following properties of the
branding
object:
{
"branding": {
"name": "Course credential",
"description": "Diploma in Management",
"backgroundColor": "#860012",
"watermarkImage": "https://example-path-to-image-data.com",
"issuerLogo": "data:image/png;base64,anything",
"issuerIcon": "data:image/svg+xml;base64,anything"
}
// Rest of credential configuration
}
name: Displayed on the top part of the credential.description: Displayed below the name field.backgroundColor: Applied as the credential background color.watermarkImage: Displayed as a pattern on top of the credential.issuerLogo: Displayed on the bottom part of the credential.issuerIcon: Displayed next to the issuer’s name.
Refer to the API Reference for requirements and best practices for each of these elements.
Putting it all together
Request
Make the following request to create an mDoc credentials configuration:
POST /v2/credentials/mobile/configurationsRequest body
{
"type": "com.example.credentialconfiguration.1",
"expiresIn": {
"months": 1
},
"claimMappings": {
"com.example.personaldetails.1": {
"name": {
"mapFrom": "claims.name",
"type": "string",
"required": true
},
"email": {
"mapFrom": "claims.email",
"type": "string",
"required": true
},
"age": {
"mapFrom": "claims.age",
"type": "number"
}
}
},
"branding": {
"name": "My Credential Configuration Tutorial Credential",
"description": "Credential Configuration Best Practices",
"backgroundColor": "#d82db3ff"
},
"claimSourceId": "<CLAIM_SOURCE_ID>",
"includeStatus": true
}claimSourceId: If you completed the Claim source tutorial, you can replace this with the ID of the claim source you created. Otherwise, omit this line from the request body.
Response
{
"id": "294868aa-3814-4a50-9862-5ff48381a8e5"
//... rest of your credential configuration
}id: Unique identifier for the created mDocs credentials configuration. This ID is used to create a Credential offer in the next step.
Create a Credential offer
You can now generate a Credential offer and share it with the intended holder.
Make sure you create a credential offer that matches the flow you are implementing.
Test the workflow
- Open the GO hold example app.
- Select Scan.
- Scan the QR code generated in the previous step.
- Review the credential offer and select Accept.
- Follow the issuance workflow instructions to claim the credential.
You should now have an mDoc in your wallet that is compliant with ISO/IEC 18013-5 and 23220.
If you are using a claim source as part of your credential configuration, ensure that it is correctly set up and accessible. Issuance may fail if the claims source is not reachable or does not return the expected claims.
What’s next?
Check out more resources on MATTR Learn that will enable you to:
- Configure a Claims source to retrieve data from compatible data sources and use it in the issued credential.
- Configure an Interaction hook to redirect the user to custom components as part of the issuance workflow.