Truvera Documentation portal
WebsiteTruvera Workspace
  • Truvera overview
    • Decentralized identity explained
    • Roadmap
    • Subscription plans & billing
  • Solutions
    • Biometric-Bound Credentials
  • Truvera Workspace
    • Create an organization profile (DID)
    • Issue verifiable credentials
      • Filtering, downloading and deleting credentials
    • Verify credentials
    • Create a schema
    • Create a design
    • Team management
      • Inviting a team member
      • Removing a team member
      • Changing team member roles
      • Data retention policies
      • Sub-accounts
    • Revoking credentials
    • Ecosystem Tools
      • Ecosystem set up
      • Ecosystem example
    • Monetizing credentials
      • Setting up monetizable credentials
    • Creating API keys and webhook endpoints
    • Transaction history
    • Custom branded distribution emails
    • Truvera Workspace release notes
      • 2025 Release notes
        • Release notes Q1 2025
      • 2024 Release notes
        • Release Notes February 2024
        • Release Notes March 2024
        • Release Notes April 2024
        • Release Notes May 2024
        • Release Notes June 2024
        • Release Notes July 2024
        • Release Notes August 2024
        • Release Notes September 2024
        • Release Notes October 2024
        • Release notes November 2024
        • Release notes December 2024
  • Truvera API
    • Getting started
    • Webhooks
      • Webhooks API endpoints
    • Sample Postman collections
      • Issue-Store-Verify sample flow
      • Create ecosystems
      • Issue monetizable credentials
      • Create sub-accounts
      • Issue OpenID credentials
    • Truvera Swagger UI
    • DIDs
    • Profiles
    • Credentials
    • Presentations
      • Proof templates
      • Proof requests
      • Other proof endpoints
    • Registries
    • Revocation Status
    • Credential Schemas
    • Jobs
    • Templates
    • Sub-accounts
    • Teams
    • Messaging
    • OpenID
      • OpenID Issuance and Verification Integration Guide
    • iden3comm
    • Ecosystem Tools
      • Trust Registry Integration Guide
      • Creating a Trust Registry
      • Inviting participants
      • Verifiers and Public info
      • Trust Registry Schemas
      • Trust Registry Proof Templates
      • Reports
      • Updating and Deleting Trust Registry
    • Issuing paid credentials (KVAC algorithm integration)
    • Data
    • Verify
    • Keys
    • Schemas
  • System architecture
    • Proposed architecture with Truvera
    • Revocation
    • System scalability
    • Security policies
    • How data is processed and stored
  • Supported standards
    • Interoperability with OpenID
  • Credential wallet
    • Create and manage DIDs in the Truvera Wallet
    • Truvera Wallet release notes
      • Release Notes 2025Q1
      • Release Notes 2024Q4
      • Release Notes 2024Q3
        • Release Notes September 2024
        • Release Notes August 2024
        • Release Notes July 2024
      • Release Notes June 2024
      • Release Notes May 2024
      • Release Notes April 2024
    • White label wallet
      • Configuration
        • Enabling and Disabling Features
        • Customizing the Styling
        • Configuring for Android Builds
        • Configuring iOS Builds
      • Publishing in App Stores
        • Android Build Testing and Publishing
        • iOS Build Testing and Publishing
    • Wallet SDK
      • Getting started
        • Example Credential
        • Presentation definition
        • Verify credentials
      • Cloud wallet
      • Biometric plugin
      • Ecosystem Tools
    • Download Truvera Wallet
  • Open source community
    • Code of Conduct
    • Truvera Credential SDK
    • Blockchain archives
      • DOCK token
        • Migration terms and conditions
  • Support
    • System Status
    • Discord
    • Support services
    • Security policy
Powered by GitBook
On this page
  • Prerequisites
  • Set Up an OID4VCI Issuer
  • Check the OpenID Issuer Configuration
  • Create Credential Offers
  • Retrieve and Store Credentials
  • Verify Credentials
  • Create a new Proof Request
  • Get the request url for the OID4VP
  • Verify Presentation
  • Check proof request status

Was this helpful?

Edit on GitHub
  1. Truvera API
  2. OpenID

OpenID Issuance and Verification Integration Guide

PreviousOpenIDNextiden3comm

Last updated 1 month ago

Was this helpful?

This guide provides detailed instructions for implementing OpenID for Verifiable Credential Issuance (OID4VCI) and OpenID for Verifiable Presentation (OID4VP) using a series of API endpoints. It outlines the steps required to set up an issuer, create credential offers, manage the issuance flow, create presentations and verify the issued credentials.

Prerequisites

Before starting, ensure you have:

  • Issuer DID (did:dock:issuer): The did for the credential issuer.

  • Verifier DID (did:dock:verifier): The did for the credential verifier.

  • Holder DID (did:key:holder): The DID for the credential holder (optional)

Download and use our to experiment with OpenID standards based credentials.

Set Up an OID4VCI Issuer

Create an OID4VCI issuer with the necessary configurations, including claim mappings, credential options, and authentication provider settings.

POST /openid/issuers

This endpoint creates an OID4VCI issuer. "authProvider" and "claimMap" are supplied as part of the . It can be omitted for the .

Request/Response

 {
    "claimMap": {
      "name": "name"
    },
    "credentialOptions": {
      "credential": {
        "type": ["UniversityDegreeCredential"],
        "context": ["https://www.w3.org/2018/credentials/examples/v1"],
        "subject": {
          "alumniOf": "Truvera University",
          "degree": "Credential Science"
          // name will be added by claims flow
        },
        "expirationDate": "2099-08-24T14:15:22Z",
        "issuer": "did:dock:issuer"
      }
    },
    "authProvider": {
      "url": "https://creds.dock.io/claims",
      "scope": ["openid"],
      "clientId": "eyAic2NoZW1hIjogImh0dHBzOi8vZG9ja25ldHdvcmsuZ2l0aHViLmlvL3ZjLXNjaGVtYXMvYmFzaWMtY3JlZGVudGlhbC5qc29uIiwgImNsYWltcyI6IFsibmFtZSJdIH0=",
      "clientSecret": "gpO2IVK+OALL8W+DcFlIfFhJtNA="
    },
    "singleUse": false
  }
{
  "id": "{issuerId}",
  "created": "2024-09-20T08:53:50.524Z",
  "updated": "2024-09-20T08:53:50.524Z",
  "credentialOptions": { ... },
  "authProvider": { ... },
  "claimMap": { ... },
  "qrUrl": "openid://discovery?issuer=https://api.example.com/openid/issuers/issuer-id"
}

Check the OpenID Issuer Configuration

GET /openid/issuers/{issuerId}/.well-known/openid-configuration

This endpoint retrieves the OpenID configuration for the specified issuer.

Request/Response

{
  "issuer": "https://api-testnet.dock.io/openid/issuers/{issuerId}",
  "credential_formats_supported": ["ldp_vc", "jwt"],
  "credential_claims_supported": ["name"],
  "response_types_supported": ["code"],
  "grant_types_supported": ["authorization_code"]
}

Create Credential Offers

Generate credential offers to initiate the issuance process. Credential offers can be shared with the holder to claim the credential.

POST /openid/credential-offers

This endpoint creates a credential offer linked to the OpenID issuer.

Request/Response

  {
    "id": "{issuerId}"
  }
{
  "url": "openid-credential-offer://?credential_offer=...",
  "offer": {
    "credential_issuer": "https://api-testnet.dock.io/openid/issuers/{issuerId}",
    "credentials": ["ldp_vc:UniversityDegreeCredential"],
    "grants": {
      "authorization_code": { "issuer_state": "state123" }
    }
  }
}

Retrieve and Store Credentials

Verify Credentials

Create a new Proof Request

This step involves creating a proof request that specifies the requirements for the verifiable presentation. The proof request defines what credentials and claims are expected from the holder.

POST /proof-requests

This endpoint creates a new proof request that the verifier can use to request credentials from the holder.

Request/Response

{
      "did": "did:dock:5HCXuyBhXRiZxSmyLG2j6NhoeqL4dYHV9EGwLE2FKJVUmXL4",
	  "name": "OID4VP Proof request 2",
	  "request": {
		"name": "OID4VP test proof request",
		"purpose": "To present a test credential using OID4VPI",
		"input_descriptors": [
		  {
			"id": "Truvera Credential",
			"name": "OID4VP test proof request",
			"purpose": "To present a test credential using OID4VP",
			"constraints": {
			  "fields": [
				{
				  "path": [
					"$.credentialSubject.name"
				  ]
				},
				{
				  "path": [
					"$.type",
					"$.vc.type"
				  ],
				  "filter": {
					"type": "array",
					"contains": {
					  "const": "UniversityDegreeCredential"
					}
				  }
				}
			  ]
			}
		  }
		]
	  }
  }
{
    "id": "{proofRequestId}",
    "name": "OID4VP Proof request",
    "nonce": "...",
    "did": "did:dock:verifier",
    "verified": false,
    "created": "...",
    "updated": "...",
    "signature": "...",
    "presentation": {},
    "response_url": "...",
    "type": "proof-request",
    "qr": "...",
    "request": {...},
    "types": ["jsonld"]
}

Get the request url for the OID4VP

This step generates a request URL that can be shared with the holder. The holder can use this URL to present the requested credentials through their wallet.

POST /openid/vp/{proofRequestId}/request-url

This endpoint generates a request URL based on the proof request ID. The withRequestURI parameter determines whether the URL includes the request_uri.

Request/Response

  {
      "withRequestURI": true
  }
{
    "url": "openid://?client_id=...&request_uri=..."
}

Verify Presentation

Check proof request status

This step involves checking the status of a specific proof request to see if it has been fulfilled, and to retrieve any relevant information associated with the request.

GET /proof-requests/{proofRequestId}

This endpoint retrieves the status and details of the specified proof request, including whether the requested credentials have been presented and verified

Request/Response

{
    "id": "{proofRequestId}",
    "name": "OID4VP Proof request",
    "nonce": "...",
    "did": "did:dock:verifier",
    "verified": true,
    "created": "...",
    "updated": "...",
    "signature": "...",
    "presentation": {
	    "holder": "did:dock:holder"
	    ...
    },
    "response_url": "...",
    "type": "proof-request",
    "qr": "...",
    "request": {...},
    "types": ["jsonld"]
}

Using the or any OID4VCI Wallet, scan the QR code received and follow the process to receive the credential.

Using the or any OID4VP Wallet, scan the QR code received and follow the process to verify the credential.

Postman Collections
Authorization Code Flow
Pre-Authorized Code Flow
Truvera Wallet
Truvera Wallet