> For the complete documentation index, see [llms.txt](https://dev.ishare.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dev.ishare.eu/all-roles-common-endpoints/h2m-verifiable-credential-endpoints/openid4vci-endpoints/credential-issuer-metadata-openid4vci.md).

# Credential Issuer Metadata (OpenID4VCI)

{% hint style="info" %}
Specifications and best practice implementations for Verifiable Credentials are currently being developed. This page is expected to be updated, closely following these developments.
{% endhint %}

The `GET` request to the `/.well-known/openid-credential-issuer` endpoint provides discovery information about the credential issuer, including supported credential types, credential endpoint URL, token endpoint URL, and other metadata required for OpenID4VCI credential issuance.

{% hint style="info" %}
The `GET` request to the `/.well-known/openid-credential-issuer` is an **OPTIONAL** endpoint and is part of iSHARE Framework's Verifiable Credentials support in line with **OpenID for Verifiable Credential Issuance (OpenID4VCI)**.
{% endhint %}

### Endpoint

```
GET /.well-known/openid-credential-issuer
```

The base URL for this endpoint is published in the [capabilities endpoint](/all-roles-common-endpoints/capabilities.md) under `publicServices` with identifier `"OpenID4VCICredentialIssuerBaseUrl"`.

### Request model

There are no request parameters defined.

### Example request

```
GET /.well-known/openid-credential-issuer
Host: credential-issuer.ishare.eu
```

### Response model

The response is a JSON object containing the Credential Issuer Metadata as specified in [OpenID4VCI Section 11.2](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-issuer-metadata-).

* `credential_issuer`\
  **String**. <mark style="color:red;">(Required)</mark>\
  The URL of the Credential Issuer. This MUST be the base URL used to construct credential issuer endpoints.
* `authorization_server`\
  **String**.\
  The URL of the Authorization Server. If not provided, the `credential_issuer` value is used as the Authorization Server URL.
* `credential_endpoint`\
  **String**. <mark style="color:red;">(Required)</mark>\
  The URL of the Credential Endpoint where credential requests are made.
* `token_endpoint`\
  **String**.\
  The URL of the OAuth 2.0 Token Endpoint. If not provided, the `credential_issuer` value is used to construct the token endpoint.
* `credential_issuer_endpoint`\
  **String**.\
  The URL of the Credential Issuer Metadata endpoint. If not provided, the `credential_issuer` value is used to construct the metadata endpoint.
* `credentials_supported`\
  **Array of Objects**. <mark style="color:red;">(Required)</mark>\
  Array of credential configurations supported by this issuer. Each object contains:
  * `format`\
    **String**. <mark style="color:red;">(Required)</mark>\
    The credential format (e.g., `vc+sd-jwt`, `mso_mdoc`).
  * `credential_definition`\
    **Object**.\
    The credential definition containing:
    * `type`\
      **Array of Strings**. <mark style="color:red;">(Required)</mark>\
      Array of credential types (e.g., `["VerifiableCredential", "ParticipantCredential"]`).
    * `credentialSubject`\
      **Object**.\
      The credential subject structure.

The credential types that are defined by the iSHARE Framework are defined on the [iSHARE Schemas Site](https://schemas.ishare.eu/v3/).

* An iSHARE Participant Registry must at minimum support [Participant Credential](https://schemas.ishare.eu/v3/party/schema.json) and related claim credentials.
* An iSHARE Authorization Registry must at minimum support [Data Rights Credential](https://schemas.ishare.eu/v3/datarights/schema.json).
* An iSHARE Identity Provider must at minimum support [Identity Credential](https://schemas.ishare.eu/v3/party/claims/idp-assertion/schema.json).

### Example response

```json
{
  "credential_issuer": "https://credential-issuer.ishare.eu",
  "authorization_server": "https://credential-issuer.ishare.eu",
  "credential_endpoint": "https://credential-issuer.ishare.eu/credential",
  "token_endpoint": "https://credential-issuer.ishare.eu/token",
  "credential_issuer_endpoint": "https://credential-issuer.ishare.eu/.well-known/openid-credential-issuer",
  "credentials_supported": [
    {
      "format": "vc+sd-jwt",
      "credential_definition": {
        "type": [
          "VerifiableCredential",
          "ParticipantCredential"
        ],
        "credentialSubject": {}
      }
    }
  ]
}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev.ishare.eu/all-roles-common-endpoints/h2m-verifiable-credential-endpoints/openid4vci-endpoints/credential-issuer-metadata-openid4vci.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.