Glossary / Verification
OpenID for Verifiable Credential Issuance
OpenID for Verifiable Credential Issuance (OID4VCI) is a protocol built on OpenID Connect that defines how a credential issuer delivers verifiable credentials to a holder's wallet in a standardized, interoperable way.
Also: OID4VC, OID4VCI
OpenID for Verifiable Credential Issuance defines how an issuer, such as a government agency, university, or employer, delivers a verifiable credential to a holder’s digital wallet. The protocol builds on the OAuth 2.0 authorization framework and OpenID Connect, reusing familiar concepts like authorization endpoints, token endpoints, and client authentication.
The flow begins when the holder requests a credential. The issuer authenticates the holder, verifies their eligibility, and issues the credential in a format such as SD-JWT or W3C Verifiable Credential. The credential is signed by the issuer and stored in the holder’s wallet for later use.
The specification supports multiple credential formats and delivery mechanisms, including immediate issuance and deferred issuance for credentials that require additional processing time. It is a foundational component of the European Digital Identity Framework under eIDAS 2.0.
For CIAM, OID4VCI matters because it standardizes credential issuance within the OpenID ecosystem, enabling identity platforms to issue and manage verifiable credentials alongside traditional authentication.
Sources
- OpenID for Verifiable Credential Issuance: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html
Related terms
Standards
- OpenID for Verifiable Credential Issuance