In Progress

OpenID for Verifiable Credentials

OID4VCI, OID4VP, and SIOPv2

What Are OID4VCI, OID4VP, and SIOPv2?

The OpenID for Verifiable Credentials (OID4VC) family of specifications defines how verifiable credentials are issued, presented, and used for authentication over the internet. Built on top of OAuth 2.0 and OpenID Connect, these protocols provide a familiar, widely-deployed foundation for credential exchange.

OID4VCI (Credential Issuance)

OpenID for Verifiable Credential Issuance defines how a wallet obtains credentials from an issuer. It supports pre-authorized and authorization code flows, batch issuance, and multiple credential formats including SD-JWT VC and ISO mdoc.

OID4VP (Verifiable Presentations)

OpenID for Verifiable Presentations defines how a wallet presents credentials to a verifier (relying party). It supports same-device and cross-device flows, selective disclosure, and multiple presentation formats.

SIOPv2 (Self-Issued OP)

Self-Issued OpenID Provider v2 enables users to authenticate using their own identity wallet instead of relying on a third-party identity provider. The wallet acts as its own OpenID Provider, presenting a self-issued ID token.

The HAIP Profile

The High Assurance Interoperability Profile (HAIP) v1.0 constrains the OID4VC specifications for high-assurance use cases like eIDAS 2.0 wallets. HAIP mandates specific cryptographic algorithms (ES256), credential formats (SD-JWT VC, ISO mdoc), key binding, and issuer-bound credentials to ensure interoperability across implementations.

How BaseID Implements It

BaseID provides dedicated crates for each OID4VC protocol:

  • baseid-oid4vci: Credential issuance flows with support for pre-authorized code, authorization code, and deferred issuance patterns.
  • baseid-oid4vp: Verifiable presentation request and response handling, including DIF Presentation Exchange and DCQL query support.
  • baseid-siop: SIOPv2 provider and relying party logic for self-issued authentication.
  • baseid-haip: HAIP profile validation ensuring credential exchanges meet high-assurance requirements.

Who Uses OID4VC?

The OID4VC protocols are rapidly becoming the standard for credential exchange:

  • EU Digital Identity Wallets: Mandated under eIDAS 2.0 for all member state wallet implementations.
  • OpenID Foundation: Maintained by the OpenID Foundation with broad industry participation.
  • Government programs: Adopted by digital identity programs in Canada, Australia, New Zealand, and Japan.
Explore Developer Docs →

Ready to build with BaseID?

Get started with our open-source libraries or contact us about managed services.

View Documentation Contact Sales