# Credential Issuer Metadata (OpenID4VCI)
{% hint style="info" %}
Specifications and best practice implementations for Verifiable Credentials are currently being developed. This page is expected to be updated, closely following these developments.
{% endhint %}
The `GET` request to the `/.well-known/openid-credential-issuer` endpoint provides discovery information about the credential issuer, including supported credential types, credential endpoint URL, token endpoint URL, and other metadata required for OpenID4VCI credential issuance.
{% hint style="info" %}
The `GET` request to the `/.well-known/openid-credential-issuer` is an **OPTIONAL** endpoint and is part of iSHARE Framework's Verifiable Credentials support in line with **OpenID for Verifiable Credential Issuance (OpenID4VCI)**.
{% endhint %}
### Endpoint
```
GET /.well-known/openid-credential-issuer
```
The base URL for this endpoint is published in the [capabilities endpoint](https://dev.ishare.eu/all-roles-common-endpoints/capabilities) under `publicServices` with identifier `"OpenID4VCICredentialIssuerBaseUrl"`.
### Request model
There are no request parameters defined.
### Example request
```
GET /.well-known/openid-credential-issuer
Host: credential-issuer.ishare.eu
```
### Response model
The response is a JSON object containing the Credential Issuer Metadata as specified in [OpenID4VCI Section 11.2](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-issuer-metadata-).
* `credential_issuer`\
**String**. (Required)\
The URL of the Credential Issuer. This MUST be the base URL used to construct credential issuer endpoints.
* `authorization_server`\
**String**.\
The URL of the Authorization Server. If not provided, the `credential_issuer` value is used as the Authorization Server URL.
* `credential_endpoint`\
**String**. (Required)\
The URL of the Credential Endpoint where credential requests are made.
* `token_endpoint`\
**String**.\
The URL of the OAuth 2.0 Token Endpoint. If not provided, the `credential_issuer` value is used to construct the token endpoint.
* `credential_issuer_endpoint`\
**String**.\
The URL of the Credential Issuer Metadata endpoint. If not provided, the `credential_issuer` value is used to construct the metadata endpoint.
* `credentials_supported`\
**Array of Objects**. (Required)\
Array of credential configurations supported by this issuer. Each object contains:
* `format`\
**String**. (Required)\
The credential format (e.g., `vc+sd-jwt`, `mso_mdoc`).
* `credential_definition`\
**Object**.\
The credential definition containing:
* `type`\
**Array of Strings**. (Required)\
Array of credential types (e.g., `["VerifiableCredential", "ParticipantCredential"]`).
* `credentialSubject`\
**Object**.\
The credential subject structure.
The credential types that are defined by the iSHARE Framework are defined on the [iSHARE Schemas Site](https://schemas.ishare.eu/v3/).
* An iSHARE Participant Registry must at minimum support [Participant Credential](https://schemas.ishare.eu/v3/party/schema.json) and related claim credentials.
* An iSHARE Authorization Registry must at minimum support [Data Rights Credential](https://schemas.ishare.eu/v3/datarights/schema.json).
* An iSHARE Identity Provider must at minimum support [Identity Credential](https://schemas.ishare.eu/v3/party/claims/idp-assertion/schema.json).
### Example response
```json
{
"credential_issuer": "https://credential-issuer.ishare.eu",
"authorization_server": "https://credential-issuer.ishare.eu",
"credential_endpoint": "https://credential-issuer.ishare.eu/credential",
"token_endpoint": "https://credential-issuer.ishare.eu/token",
"credential_issuer_endpoint": "https://credential-issuer.ishare.eu/.well-known/openid-credential-issuer",
"credentials_supported": [
{
"format": "vc+sd-jwt",
"credential_definition": {
"type": [
"VerifiableCredential",
"ParticipantCredential"
],
"credentialSubject": {}
}
}
]
}
```