OpenID 4 Verifiable Credential Issuance
Nuts supports using OpenID 4 Verifiable Credential Issuance (OpenID4VCI) to issue credentials directly from an issuer to a holder. By supporting this protocol we aim to improve compliance with industry standards and products and remove credentials from the network DAG.
This functionality is experimental and subject to change. We encourage developers to test it out and provide feedback.
We currently only support the issuer initiated, pre-authorized code flow, without PIN (since the issuance is server-to-server, without user involvement).
Further support leads from what Nuts supports, meaning:
did:nutsDIDs are supported
Only JSON-LD credentials are supported
We aim to support other flows and features in future:
Authorization code and dynamic credential requests, when we want to support flows in which the holder requests issuance of a credential
Client authentication, depending on evolving security requirements.
By default, the feature is disabled.
To enable issuing and receiving credentials over OpenID4VCI, set
To receive credentials over OpenID4VCI for a DID, you also have to register your wallet metadata URL on its DID document.
You do so by registering a service of type
oidc4vci-wallet-metadata with the
serviceEndpoint pointing to the wallet metadata URL,
(make sure to replace
<did> with the correct values). The rest of the URL is dictated by the Nuts node.