OpenID for Verifiable Credentials (OpenID4VC)

OpenID for Verifiable Credentials (OpenID4VC) is a suite of protocols developed by the OpenID Foundation that extends the widely deployed OpenID Connect framework to support the issuance, presentation, and verification of digital credentials. The suite includes several key specifications: OpenID4VCI (Verifiable Credential Issuance), which defines how a wallet obtains credentials from an issuer; OpenID4VP (Verifiable Presentations), which defines how a wallet presents credentials to a verifier; and SIOPv2 (Self-Issued OpenID Provider v2), which enables the wallet itself to act as an identity provider. The Architecture Reference Framework for the European Digital Identity Wallet has adopted OpenID4VC as the primary protocol family for credential issuance and presentation.

This choice reflects a pragmatic approach: OpenID Connect is already widely adopted in the industry, and building on it lowers the barrier to adoption for relying parties and issuers who already have OIDC infrastructure. The protocols are designed to be credential-format-agnostic, supporting both SD-JWT and mdoc formats as required by the ARF. OpenID4VC supports both same-device and cross-device flows (e.

g., scanning a QR code on a laptop with a phone wallet), online and offline scenarios, and various trust establishment mechanisms. For organisations preparing to integrate with the EUDIW, understanding OpenID4VC is essential.

Relying parties will use OpenID4VP to request and verify credential presentations from wallets, while credential issuers will use OpenID4VCI to deliver credentials to wallet holders. The protocols include security features such as request signing, response encryption, and nonce-based replay protection that implementers must correctly handle.