OpenID for Verifiable Presentations

OpenID for Verifiable Presentations defines how a holder shares verifiable credentials from a digital wallet with a verifier. The protocol extends OAuth 2.0 with a new response type that carries a verifiable presentation, a package of one or more credentials along with a cryptographic proof that the holder controls them.

The verifier sends an authorization request specifying what credentials it needs, using a presentation definition that describes the required attributes and acceptable formats. The holder’s wallet evaluates the request, selects the matching credentials, obtains the holder’s consent, and returns a signed presentation. The verifier validates the presentation, checks the issuer’s signature on each credential, and confirms the holder’s proof.

A key privacy feature is selective disclosure: the holder can present only the specific claims the verifier needs, without revealing the full credential. For example, proving age without disclosing date of birth.

For CIAM, OID4VP enables customer identity verification through wallet-based credential presentation, offering a privacy-preserving alternative to traditional document uploads or database lookups.

Sources

• OpenID for Verifiable Presentations: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html