Skip to main content

Create a credential offer

The first step in the OpenID4VCI issuance workflow is to create a credential offer. The credential offer specifies the details of the credentials that will be issued, including the issuer URL, authorisation and token endpoints, as well as the credential format, type and scope.

The information to construct an OpenID4CVI credential offer is exposed by the OpenID Provider via a well-known endpoint:

/.well-known/openid-credential-issuer

Prerequisites

  • Access to Sovrin APIs. If you’re experiencing any difficulties, contact us.

  • The id identifier of a credential configuration, returned in the response when you created the credential configuration.

Request

Create a request of the following structure to create a new credential offer:

POST https://api.sovrin.one/v1/openid/offers
{
    "credentials": [
        "20d6bbe6-a978-447c-b5bd-f33b6dca19e2"
    ],
    "request_parameters": {
        "login_hint": "user@example.com",
        "prompt": "login"
    }
}
  • credentials: This array includes a list of identifiers for credentials that will be included in the credential offer. These identifiers are the id elements returned in the response when you create a credential configuration.

To issue multiple credential profiles of the same credential in a single flow, include all the required credential configuration id elements in the request payload. For example, you could issue a Web, Compact and/or Mobile Credential using the same data in a single user journey.

  • request_parameters (optional): Specifies a list of additional request parameters that the wallet can include in the authentication request.
tip

For Web and Compact Credential, the Issuer must use the same DID to issue all credentials offered as part of the configured issuance flow. Using different DIDs to offer different credentials is not currently supported by Sovrin.

Response

{
  "uri": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Ftenant.vii.sovrin.one%22%2C%22credentials%22%3A%5B%2220d6bbe6-a978-447c-b5bd-f33b6dca19e2%22%5D%2C%22request_parameters%22%3A%7B%22login_hint%22%3A%22user%40example.com%22%2C%22prompt%22%3A%22login%22%7D%7D"
}

The response includes an offer URl, which for Web and Compact Credentials can now be sent to a user's digital wallet via a message, a QR code or a deep link.

When a multi-format credential offer is created, the generated URI offer is used to issue all the credential profiles in a single workflow.

What's next?

You can now Send the credential offer to the intended holder.