Create a credential offer

The first step in the OpenID4VCI issuance workflow is to create a credential offer. The credential offer specifies the details of the credentials that will be issued, including the issuer URL, authorisation and token endpoints, as well as the credential format, type and scope.

Prerequisites

Request

Create a request of the following structure to create a new credential offer:

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/v1/openid/offers
json
Copy to clipboard.
1{
2    "credentials": [
3        "20d6bbe6-a978-447c-b5bd-f33b6dca19e2"
4    ],
5    "request_parameters": {
6        "login_hint": "user@example.com",
7        "prompt": "login"
8    }
9}
  • credentials: This array includes a list of identifiers for credentials that will be included in the credential offer. These identifiers are the id elements returned in the response when you create a credential configuration.

    To issue multiple credential profiles of the same credential in a single flow, include all the required credential configuration id elements in the request payload. For example, you could issue a Web, Compact and/or Mobile Credential using the same data in a single user journey.

  • request_parameters (optional): Specifies a list of additional request parameters that the wallet can include in the authentication request.

For Web and Compact Credential, the Issuer must use the same DID to issue all credentials offered as part of the configured issuance flow. Using different DIDs to offer different credentials is not currently supported by MATTR VII.

Response

json
Copy to clipboard.
1{
2  "uri": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Ftenant.vii.mattr.global%22%2C%22credentials%22%3A%5B%2220d6bbe6-a978-447c-b5bd-f33b6dca19e2%22%5D%2C%22request_parameters%22%3A%7B%22login_hint%22%3A%22user%40example.com%22%2C%22prompt%22%3A%22login%22%7D%7D"
3}

The response includes an offer URl, which for Web and Compact Credentials can now be sent to a user's digital wallet via a message, a QR code or a deep link.

When a multi-format credential offer is created, the generated URI offer is used to issue all the credential profiles in a single workflow.

What's next?

You can now Send the credential offer to the intended holder.

Your configuration details are added to the publicly available openid-credential-issuer resource so that issued credentials can be verified by external verifiers:

http
Copy to clipboard.
1https://YOUR_TENANT_URL/.well-known/openid-credential-issuer