CredLyr
Sign inGet Started
Back to Tutorials
advanced
Concepts

Understanding OID4VP Flow

Deep dive into OpenID for Verifiable Presentations.

20 min read
6 sections

Prerequisites

  • Understanding of OAuth 2.0
  • Basic knowledge of verifiable credentials
  • Familiarity with DIDs

In this tutorial

Overview

OpenID for Verifiable Presentations (OID4VP) is a protocol for requesting and presenting verifiable credentials. It builds on OAuth 2.0 and OpenID Connect patterns to enable secure, privacy-preserving credential verification.

Key Concepts

OID4VP involves three parties: the Verifier (your application), the Wallet (user's credential holder), and the Issuer (who created the credentials). The protocol enables the wallet to present credentials to the verifier without involving the issuer.

The Verification Flow

Understanding the end-to-end flow of a credential presentation.

// 1. Verifier creates an authorization request
{
  "response_type": "vp_token",
  "client_id": "https://verifier.example.com",
  "redirect_uri": "https://verifier.example.com/callback",
  "presentation_definition": {
    "id": "example_pd",
    "input_descriptors": [{
      "id": "id_credential",
      "constraints": {
        "fields": [{
          "path": ["$.type"],
          "filter": { "pattern": "IdentityCredential" }
        }]
      }
    }]
  }
}

// 2. Wallet receives request, user selects credentials
// 3. Wallet creates VP Token with selected credentials
// 4. Wallet sends VP Token to verifier's redirect_uri

Presentation Definition

The presentation definition specifies what credentials and claims are required.

{
  "id": "kyc_verification",
  "name": "KYC Verification",
  "purpose": "Verify identity for account opening",
  "input_descriptors": [
    {
      "id": "identity",
      "name": "Identity Credential",
      "purpose": "Prove your identity",
      "constraints": {
        "fields": [
          {
            "path": ["$.credentialSubject.givenName"],
            "purpose": "First name is required"
          },
          {
            "path": ["$.credentialSubject.familyName"],
            "purpose": "Last name is required"
          },
          {
            "path": ["$.credentialSubject.birthDate"],
            "purpose": "Age verification",
            "filter": {
              "type": "string",
              "format": "date"
            }
          }
        ]
      }
    }
  ]
}

VP Token Response

The wallet returns a VP Token containing the verifiable presentation.

// VP Token structure
{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": ["VerifiablePresentation"],
  "verifiableCredential": [{
    "@context": ["https://www.w3.org/2018/credentials/v1"],
    "type": ["VerifiableCredential", "IdentityCredential"],
    "issuer": "did:web:trusted-issuer.com",
    "credentialSubject": {
      "givenName": "John",
      "familyName": "Doe",
      "birthDate": "1990-01-15"
    },
    "proof": { /* cryptographic proof */ }
  }],
  "proof": { /* presentation proof */ }
}

How CredLyr Simplifies OID4VP

CredLyr handles the complexity of OID4VP, providing a simple API while maintaining full protocol compliance. You define policies, we handle the protocol mechanics, signature verification, and trust management.

Previous Tutorial