Credential Issuer Metadata (OpenID4VCI)

Specifications and best practice implementations for Verifiable Credentials are currently being developed. This page is expected to be updated, closely following these developments.

The GET request to the /.well-known/openid-credential-issuer endpoint provides discovery information about the credential issuer, including supported credential types, credential endpoint URL, token endpoint URL, and other metadata required for OpenID4VCI credential issuance.

The GET request to the /.well-known/openid-credential-issuer is an OPTIONAL endpoint and is part of iSHARE Framework's Verifiable Credentials support in line with OpenID for Verifiable Credential Issuance (OpenID4VCI).

Endpoint

GET /.well-known/openid-credential-issuer

The base URL for this endpoint is published in the capabilities endpoint under publicServices with identifier "OpenID4VCICredentialIssuerBaseUrl".

Request model

There are no request parameters defined.

Example request

GET /.well-known/openid-credential-issuer
Host: credential-issuer.ishare.eu

Response model

The response is a JSON object containing the Credential Issuer Metadata as specified in OpenID4VCI Section 11.2.

credential_issuer String. (Required) The URL of the Credential Issuer. This MUST be the base URL used to construct credential issuer endpoints.
authorization_server String. The URL of the Authorization Server. If not provided, the credential_issuer value is used as the Authorization Server URL.
credential_endpoint String. (Required) The URL of the Credential Endpoint where credential requests are made.
token_endpoint String. The URL of the OAuth 2.0 Token Endpoint. If not provided, the credential_issuer value is used to construct the token endpoint.
credential_issuer_endpoint String. The URL of the Credential Issuer Metadata endpoint. If not provided, the credential_issuer value is used to construct the metadata endpoint.
credentials_supported Array of Objects. (Required) Array of credential configurations supported by this issuer. Each object contains:
- format String. (Required) The credential format (e.g., vc+sd-jwt, mso_mdoc).
- credential_definition Object. The credential definition containing:
  - type Array of Strings. (Required) Array of credential types (e.g., ["VerifiableCredential", "ParticipantCredential"]).
  - credentialSubject Object. The credential subject structure.

The credential types that are defined by the iSHARE Framework are defined on the iSHARE Schemas Site.

An iSHARE Participant Registry must at minimum support Participant Credential and related claim credentials.
An iSHARE Authorization Registry must at minimum support Data Rights Credential.
An iSHARE Identity Provider must at minimum support Identity Credential.

Example response

{
  "credential_issuer": "https://credential-issuer.ishare.eu",
  "authorization_server": "https://credential-issuer.ishare.eu",
  "credential_endpoint": "https://credential-issuer.ishare.eu/credential",
  "token_endpoint": "https://credential-issuer.ishare.eu/token",
  "credential_issuer_endpoint": "https://credential-issuer.ishare.eu/.well-known/openid-credential-issuer",
  "credentials_supported": [
    {
      "format": "vc+sd-jwt",
      "credential_definition": {
        "type": [
          "VerifiableCredential",
          "ParticipantCredential"
        ],
        "credentialSubject": {}
      }
    }
  ]
}

PreviousOpenID4VCI Endpoints NextToken Endpoint (OpenID4VCI)

Last updated 3 days ago

Good afternoon

Endpoint

Request model

Example request

Response model

Example response