Set up an OIDC Credential Verifier


The OIDC Bridge Extension requires an OIDC Credential Verifier to be set up so that an OIDC client can initiate a request that the Mobile Wallet App can understand and respond to with credential data.

This guide will step through how that can be achieved by setting up the OIDC Credential Verifier.


You need the following in order to proceed with this tutorial:

The OIDC Credential Verifier

The OIDC Credential Verifier is designed for an OIDC Client application to request a Credential.

Create an OIDC Credential Verifier

Create an OIDC Credential Verifier by providing a payload:

Copy to clipboard.
1POST https://YOUR_TENANT_URL/ext/oidc/v1/verifiers


Copy to clipboard.
2  "verifierDid": "",
3  "presentationTemplateId": "364b6a1b-3600-4927-a6ac-4d66aa6bbac3",
4  "claimMappings": [
5    {
6      "jsonLdFqn": "",
7      "oidcClaim": "given_name"
8    },
9    {
10      "jsonLdFqn": "",
11      "oidcClaim": "family_name"
12    },
13    {
14      "jsonLdFqn": "",
15      "oidcClaim": ""
16    }
17  ],
18  "includePresentation": true

Make sure to use http:// and not https:// when entering jsonLdFqn values for Otherwise you may not get the claims returned in your ID Token.

The verifierDid specifies the DID where the verifiable presentation will be sent to.

The presentationTemplateId references the request template that defines what type of credential is being requested.

The claimMappings defines the mapping for the presented credential claims from JSON-LD terms to OpenID Connect terms. The JSON-LD claims defined in a JSON-LD Verifiable Credential can be mapped to OpenID Connect claims which are functionally equivalent.

As part of verifying a credential, the OIDC client initiates the request expecting a standard OIDC ID Token, however as the Mobile Wallet provides the credential to the platform in JSON-LD terms, the Platform translates the claims from the verifiable credential into OpenID Connect ID Token claims.

Currently the platform only supports for data vocabularies.

The standard OIDC claims are already mapped for you on the Common Credential to OIDC Claim mappings page, so you can copy & paste into your payload.

  • jsonLdFqn is the fully qualified JSON-LD term.

  • oidcTerm is the OIDC claim name.

includePresentation is an optional field. It has a boolean value which is set to false by default. If set to true, the generated id_token will include the original presentation from the wallet.


Copy to clipboard.
2  "id": "41458e5a-9092-40b7-9a26-d4eb43c5792f",
3  "verifierDid": "",
4  "presentationTemplateId": "364b6a1b-3600-4927-a6ac-4d66aa6bbac3",
5  "claimMappings": [
6    {
7      "jsonLdFqn": "",
8      "oidcClaim": "given_name"
9    },
10    {
11      "jsonLdFqn": "",
12      "oidcClaim": "family_name"
13    },
14    {
15      "jsonLdFqn": "",
16      "oidcClaim": ""
17    }
18  ],
19  "includePresentation": true

The verifier can be resolved publicly from your tenant by the verifierId.

Copy to clipboard.
1GET https://YOUR_TENANT_URL/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/.well-known/openid-configuration

The Authorization header is not required as it is intended for OIDC Client applications to resolve.