Table of Contents
A Verifiable Credential (VC) is a key concept in the OID4VCI specification. It refers to a digitally signed collection of data that represents information about an identifiable entity, such as a user. This data may include attributes like a given name, family name, or birthdate.
The term "verifiable" signifies that the credential’s integrity can be confirmed, ensuring that the data has not been altered. This is achieved through digital signatures, which allow relying parties to validate the authenticity and source of the credential.
Examples of verifiable credentials include digital driving licenses and health insurance cards stored on a mobile device. These credentials enable secure and tamper-proof identity verification in various digital interactions.
Authlete supports verifiable credentials, including features like OpenID for Verifiable Credential Issuance (OID4VCI) . When enabled, Authlete’s service facilitates the issuance and management of verifiable credentials in compliance with relevant industry standards, ensuring secure and standardized digital identity verification.
Authlete supports several configuration settings for Verifiable Credentials. This tutorial covers how to configure Verifiable Credentials in the Authlete Management Console.
Configure the following service settings in the Authlete Management Console to enable Verifiable Credentials.
| Tab | Key | Value |
|---|---|---|
| Service Settings > Verifiable Credentials > General | Verifiable Credentials Feature | Enable |
| Service Settings > Verifiable Credentials > Credential Issuer Metadata | Credential Issuer | Issuer Identifier - Mandatory. e.g., https://credential-issuer.example.com |
| Service Settings > Verifiable Credentials > Credential Issuer Metadata | Credential Endpoint | URL. Mandatory. e.g., https://credential-issuer.example.com/api/credential |
| Service Settings > Verifiable Credentials > Credential Issuer Metadata | Supported Credentials | Mandatory. e.g., credential_configurations_supported.json. |
| Service Settings > JWK Set > Verifiable Credentials | JWK Set | Key Set - - Mandatory. e.g., vc-issuer_jwk-set.json |
| Service Settings > Endpoints > Global Settings > General | Supported Grant Types | PRE_AUTHORIZED_CODE (if you support the pre-authorized code flow. |
| Service Settings > Endpoints > Authorization > Request Object | Supported Authorization Details Types | openid_credential |
| Service Settings > Tokens and Claims > Advanced > Scope | Supported Scopes | Scope Values - digital_credential, identity_credential and org.iso.18013.5.1.mDL. |
To enable Verifiable Credentials:
Verifiable Credentials, toggle the enable button.Save Changes to apply the updates.
To configure Credential Issuer Metadata:
"Credential Issuer" property and enter an Issuer Identifier. The value must be a valid URL with the https scheme and without the query part and the fragment part.
For example, https://credential-issuer.example.com"Credential Endpoint" property and enter a URL. Mandatory. e.g., https://credential-issuer.example.com/api/credential"Supported Credentials” property, and enter credentials - Mandatory. e.g., credential_configurations_supported.json. The value must be a JSON object. Non-ASCII characters may be contained, but Authlete limits the maximum number of characters to 16383.Save Changes to apply the updates.
To configure JWK key Set for Verifiable Credentials:
Save Changes to apply the updates.
To configure Supported Grant Types for Verifiable Credentials:
PRE_AUTHORIZED_CODE (if you support the pre-authorized code flow)Save Changes to apply the updates.
To configure Supported Authorization Details Types for Verifiable Credentials:
"Supported Authorization Details Types" property, add openid_credential. This is necessary if the client initiates VC issuance using the steps outlined in 2.2.4. Authorization Code Flow + authorization_details. Save Changes to apply the updates.
To configure Supported Scopes for Verifiable Credentials:
scope for “Supported Credentials”. For example, if you use the credential_configurations_supported.json introduced above as an example, add digital_credential, identity_credential and org.iso.18013.5.1.mDL. Adding scope values are required if you support VC issuance using the steps explained in 2.2.5. Authorization Code Flow + scope.Save Changes.
Configure the following client settings in the Authlete Management Console to enable Verifiable Credentials.
| Tab | Key | Value |
|---|---|---|
| Client Settings > Endpoints > Global Settings | Supported Grant Types | PRE_AUTHORIZED_CODE |
| Client Settings > Endpoints > Authorization > Request Object | Authorization Details Types | openid_credential |
To configure Supported Grant Types for Verifiable Credentials:
"Supported Grant Types" and check mark PRE_AUTHORIZED_CODE (if the client uses the pre-authorized code flow).Save Changes.
To configure Authorization Details Types Verifiable Credentials:
"Authorization Details Types" and add openid_credential. This is necessary if the client initiates VC issuance using the steps outlined in 2.2.4. Authorization Code Flow + authorization_details. Save Changes.