OpenID4VCI - Dynamic Credential Request
OpenID4VCI based Dynamic Credential Request enable an organisation to request additional proof before issuing a credential. The following steps outline the process for issuing credentials with a dynamic credential request using OpenID for Verifiable Credentials Issuance (OID4VCI). This process is based on Chapter 5.1.5 of the approved OID4VCI specification, and is as illustrated below:
Example workflow scenario: The Companies Registration Office is issuing a Certificate of Registration to a company. To proceed, the company must provide a Legal Person Identification Data (LPID) credential for verification.
Prerequisite
The company must have an LPID SD-JWT credential in their wallet. Follow the workflow guide available here to obtain the LPID credential.
Step 1: Get the API Key (Issuer Admin)
To obtain your API key, please contact support@igrant.io. Once you have received your API key, enter it in the field below and click the Set API Key button to save it for future use.
Step 2: Create a Presentation Definition (Issuer)
The Companies Registration Office creates a presentation definition to specify the verification requirements. Execute the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request available here. From the API response, copy the credentialDefinitionId for use in Step 3.
Request
Response
Once a presentation definition is created, the presentationDefinitionId can be reused to issue multiple credentials (Step 4).
Step 3: Create a Credential Definition (Issuer)
The Companies Registration Office defines the structure of the Certificate of Registration. Execute the code block below using the Run button. Alternatively, you can manually copy the code block and use it in the body of the API request available here. From the API response, copy the credentialDefinitionId for use in Step 4. Credentials can be issued in any of the following formats:
Request
Response
Once a credential definition is created, the credentialDefinitionId can be reused to issue multiple credentials (Step 4).
Step 4: Issue and Receive Credential (Issuer/Holder)
The Companies Registration Office proceeds to issue the Certificate of Registration immediately or InTime. Replace <credentialDefinitionId> and <presentationDefinitionId> with the actual IDs obtained in the previous steps. You can run the JSON code block below using the Run button.
After receiving the response, toggle the button provided to dynamically generate a QR code. The EUDI Wallet/Holder can then accept the credential offer using the Data Wallet (or any other EU Digital Identity Wallet) by either scanning the QR code or directly accessing the credential offer on their mobile device, such as via a browser.
Request
Response
For deferred credential issuance, follow the guide here.
Try It Yourself (With Demo Video)
Watch the below demo to learn issue credential API and try it out yourselves: