Variant C
Issuance protocol
- The issuer URI to use as base for metadata fetching is "https://demo.pid-issuer.bundesdruckerei.de/c". The metadata contains the information required to construct the initial authorization request sent by the wallet to start the issuance.
- OpenID for Verifiable Credential Issuance Implementers Draft 1 (Draft 13) is used.
- Issuance is performed using the authorization code flow with scope parameter and can be initiated by the wallet.
- The use of Pushed Authorization Requests is required.
- The use of PKCE is required.
- The use of any Client Attestation is currently completely ignored.
- The use of DPoP is required.
- Issuance will happen at the credential endpoint, which supports single or batch issuance through the use of proof or proofs parameter as specified in the current OpenID4VCI working draft. Batch-Credential endpoint, deferred issuance and the notification endpoint are unsupported.
- Credentials can be issued using the provided test eID cards.
Credential offer
It is intended, that the wallet initiates the issuance by sending an authorization request directly to the issuer. For convenience the following credential offer can be used to start issuer initiated issuance if supported by the wallet. It will use the scheme "openid-credential-offer".
| SD-JWT | MSO mdoc |
|---|---|
|
You can open the wallet on the current device or use this qr code  to use a wallet on another device. |
You can open the wallet on the current device or use this qr code  to use a wallet on another device. |