Skip to content

OpenID4VP over the DC API #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

OpenID4VP over the DC API #45

wants to merge 2 commits into from

Conversation

@deshmukhrajvardhan
Copy link

@deshmukhrajvardhan deshmukhrajvardhan commented Jul 26, 2025

What type of PR is this? (check all applicable)

  • Minor content update (spelling, grammar)
  • Substantive content update (changes meaning)
  • Net new content
  • Reference content update (platforms, device support, etc)
  • Core platform updates (Docusaurus / Cloudflare)
  • Administrivia / chores

Description, Motivation, and Context

Related Issues

@deshmukhrajvardhan deshmukhrajvardhan requested a review from a team as a code owner July 26, 2025 02:31
@deshmukhrajvardhan deshmukhrajvardhan self-assigned this Jul 26, 2025
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jul 26, 2025
edited
Loading

Deploying digitalcredentials-dev-prod with  Cloudflare Pages  Cloudflare Pages

Latest commit: d3679c5
Status: ✅  Deploy successful!
Preview URL: https://78e6c541.digitalcredentials-dev-prod.pages.dev
Branch Preview URL: https://28-openid4vp.digitalcredentials-dev-prod.pages.dev

View logs

ewewraw
ewewraw reviewed Nov 3, 2025
View reviewed changes
Copy link

@ewewraw ewewraw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @deshmukhrajvardhan @timcappalli ,
What's the status of this PR? I've made a couple of minor suggestions. Also, it looks like the encrypted response is different in the spec, is that right?
Thanks!

docs/requesting-credential/openid4vp.md
}
}
```
### Unsigned Presentation Request
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the unsigned request section be placed before the signed one? Developers essentially have to construct an unsigned request first, so it seems logical.

docs/requesting-credential/openid4vp.md
"requests": [
{
"data": {
"request": "eyJ0eXAiOiJvYXV0aC1hdXRoei1yZXErand0IiwiYWxnIjoiRVMyNTYiLCJ4NWMiOlsiTUlJQjl6Q0NBWnlnQXdJQkFnSVVVR1d5TllsajZSbnpwNUxJUHRHUFdLelN6QTB3Q2dZSUtvWkl6ajBFQXdJd09URUxNQWtHQTFVRUJoTUNWVk14S2pBb0JnTlZCQU1NSVdScFoybDBZV3hqY21Wa2N5NWtaWFl1ZEhKMWMzUmxaSEJoZEdndWFXNW1iekFlRncweU5UQTBNak14T1RVMk1ETmFGdzB5TmpBME1qTXhPVFUyTUROYU1Ea3hDekFKQmdOVkJBWVRBbFZUTVNvd0tBWURWUVFERENGa2FXZHBkR0ZzWTNKbFpITXVaR1YyTG5SeWRYTjBaV1J3WVhSb0xtbHVabTh3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVRFUTM1UGd6TlUrMUFnUjZMeGJCUVphSk5pRzlSeEhXQmxkeFdLd25FZ3RWRDFhOGw1eGNnaGxGeGQ2b0lJd3Y2T0FrOE1TaHY4WXpkaTVaWlBWb2pWbzRHQk1IOHdMQVlEVlIwUkJDVXdJNEloWkdsbmFYUmhiR055WldSekxtUmxkaTUwY25WemRHVmtjR0YwYUM1cGJtWnZNQjBHQTFVZERnUVdCQlNDNGVRNXdkVjIrOFE5aU1MMkdEaXArL2l6aVRBZkJnTlZIU01FR0RBV2dCU0M0ZVE1d2RWMis4UTlpTUwyR0RpcCsvaXppVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUURYNkJRbW5YN3FOcWl4MWJBeWNaSmZiclJ5VVNPcU8ydUYySDh0MXBoWE5nSWhBUG9yMXNNOE9KaUhYMGUvalRsc01zQ3BpMGk1ekJBaGxUZDBWVndYN0lsOSJdfQ.eyJyZXNwb25zZV90eXBlIjoidnBfdG9rZW4iLCJyZXNwb25zZV9tb2RlIjoiZGNfYXBpLmp3dCIsIm5vbmNlIjoiWlFTQ2t2VktoR2xjUkcyZGRwR0d6c1lOMSIsImNsaWVudF9tZXRhZGF0YSI6eyJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwidXNlIjoiZW5jIiwiY3J2IjoiUC0yNTYiLCJraWQiOiI4OWI3YWIyNDg4ODUyZjVmNDhjMWM0NGNjZTk5NTk1MGMyMWNhM2YxNjRkODFjMDlkNmE1Yzk3Nzk1YjYxOGIzIiwieCI6IkxaMm14c0MzWEQ0TVVNTUVVamRXUFV1MkR5dDc1X2YwVHF1a29FOVFDaVkiLCJ5IjoiV0FuTjNjQlkwVHRueHY1QlBNbksyXzZ1cS1yQTN0ME03MGpkZ25VbmhsRSJ9XX0sInZwX2Zvcm1hdHNfc3VwcG9ydGVkIjp7Im1zb19tZG9jIjp7Imlzc3VlcmF1dGhfYWxnX3ZhbHVlcyI6Wy03XSwiZGV2aWNlYXV0aF9hbGdfdmFsdWVzIjpbLTddfX19LCJkY3FsX3F1ZXJ5Ijp7ImNyZWRlbnRpYWxzIjpbeyJpZCI6Im1kbCIsImZvcm1hdCI6Im1zb19tZG9jIiwibWV0YSI6eyJkb2N0eXBlX3ZhbHVlIjoib3JnLmlzby4xODAxMy41LjEubURMIn0sImNsYWltcyI6W3sicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImZhbWlseV9uYW1lIl19LHsicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImdpdmVuX25hbWUiXX1dfV19LCJjbGllbnRfaWQiOiJ4NTA5X3Nhbl9kbnM6ZGlnaXRhbGNyZWRzLmRldi50cnVzdGVkcGF0aC5pbmZvIiwiZXhwZWN0ZWRfb3JpZ2lucyI6WyJodHRwczovL2RpZ2l0YWxjcmVkcy5kZXYudHJ1c3RlZHBhdGguaW5mbyJdfQ.uybMmjpTG9wCXNgnXGkBiFax8owB-cPy560PSxrufFGS4puw_E9tPgMueah_Wj87tSfKC0f3YIuD4MW1ca1M3g"
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"request": "eyJ0eXAiOiJvYXV0aC1hdXRoei1yZXErand0IiwiYWxnIjoiRVMyNTYiLCJ4NWMiOlsiTUlJQjl6Q0NBWnlnQXdJQkFnSVVVR1d5TllsajZSbnpwNUxJUHRHUFdLelN6QTB3Q2dZSUtvWkl6ajBFQXdJd09URUxNQWtHQTFVRUJoTUNWVk14S2pBb0JnTlZCQU1NSVdScFoybDBZV3hqY21Wa2N5NWtaWFl1ZEhKMWMzUmxaSEJoZEdndWFXNW1iekFlRncweU5UQTBNak14T1RVMk1ETmFGdzB5TmpBME1qTXhPVFUyTUROYU1Ea3hDekFKQmdOVkJBWVRBbFZUTVNvd0tBWURWUVFERENGa2FXZHBkR0ZzWTNKbFpITXVaR1YyTG5SeWRYTjBaV1J3WVhSb0xtbHVabTh3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVRFUTM1UGd6TlUrMUFnUjZMeGJCUVphSk5pRzlSeEhXQmxkeFdLd25FZ3RWRDFhOGw1eGNnaGxGeGQ2b0lJd3Y2T0FrOE1TaHY4WXpkaTVaWlBWb2pWbzRHQk1IOHdMQVlEVlIwUkJDVXdJNEloWkdsbmFYUmhiR055WldSekxtUmxkaTUwY25WemRHVmtjR0YwYUM1cGJtWnZNQjBHQTFVZERnUVdCQlNDNGVRNXdkVjIrOFE5aU1MMkdEaXArL2l6aVRBZkJnTlZIU01FR0RBV2dCU0M0ZVE1d2RWMis4UTlpTUwyR0RpcCsvaXppVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUURYNkJRbW5YN3FOcWl4MWJBeWNaSmZiclJ5VVNPcU8ydUYySDh0MXBoWE5nSWhBUG9yMXNNOE9KaUhYMGUvalRsc01zQ3BpMGk1ekJBaGxUZDBWVndYN0lsOSJdfQ.eyJyZXNwb25zZV90eXBlIjoidnBfdG9rZW4iLCJyZXNwb25zZV9tb2RlIjoiZGNfYXBpLmp3dCIsIm5vbmNlIjoiWlFTQ2t2VktoR2xjUkcyZGRwR0d6c1lOMSIsImNsaWVudF9tZXRhZGF0YSI6eyJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwidXNlIjoiZW5jIiwiY3J2IjoiUC0yNTYiLCJraWQiOiI4OWI3YWIyNDg4ODUyZjVmNDhjMWM0NGNjZTk5NTk1MGMyMWNhM2YxNjRkODFjMDlkNmE1Yzk3Nzk1YjYxOGIzIiwieCI6IkxaMm14c0MzWEQ0TVVNTUVVamRXUFV1MkR5dDc1X2YwVHF1a29FOVFDaVkiLCJ5IjoiV0FuTjNjQlkwVHRueHY1QlBNbksyXzZ1cS1yQTN0ME03MGpkZ25VbmhsRSJ9XX0sInZwX2Zvcm1hdHNfc3VwcG9ydGVkIjp7Im1zb19tZG9jIjp7Imlzc3VlcmF1dGhfYWxnX3ZhbHVlcyI6Wy03XSwiZGV2aWNlYXV0aF9hbGdfdmFsdWVzIjpbLTddfX19LCJkY3FsX3F1ZXJ5Ijp7ImNyZWRlbnRpYWxzIjpbeyJpZCI6Im1kbCIsImZvcm1hdCI6Im1zb19tZG9jIiwibWV0YSI6eyJkb2N0eXBlX3ZhbHVlIjoib3JnLmlzby4xODAxMy41LjEubURMIn0sImNsYWltcyI6W3sicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImZhbWlseV9uYW1lIl19LHsicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImdpdmVuX25hbWUiXX1dfV19LCJjbGllbnRfaWQiOiJ4NTA5X3Nhbl9kbnM6ZGlnaXRhbGNyZWRzLmRldi50cnVzdGVkcGF0aC5pbmZvIiwiZXhwZWN0ZWRfb3JpZ2lucyI6WyJodHRwczovL2RpZ2l0YWxjcmVkcy5kZXYudHJ1c3RlZHBhdGguaW5mbyJdfQ.uybMmjpTG9wCXNgnXGkBiFax8owB-cPy560PSxrufFGS4puw_E9tPgMueah_Wj87tSfKC0f3YIuD4MW1ca1M3g"
// First, construct the request object as you would for an unsigned request.
// This object is then signed and serialized into a JWS string.
"request": "eyJ0eXAiOiJvYXV0aC1hdXRoei1yZXErand0IiwiYWxnIjoiRVMyNTYiLCJ4NWMiOlsiTUlJQjl6Q0NBWnlnQXdJQkFnSVVVR1d5TllsajZSbnpwNUxJUHRHUFdLelN6QTB3Q2dZSUtvWkl6ajBFQXdJd09URUxNQWtHQTFVRUJoTUNWVk14S2pBb0JnTlZCQU1NSVdScFoybDBZV3hqY21Wa2N5NWtaWFl1ZEhKMWMzUmxaSEJoZEdndWFXNW1iekFlRncweU5UQTBNak14T1RVMk1ETmFGdzB5TmpBME1qTXhPVFUyTUROYU1Ea3hDekFKQmdOVkJBWVRBbFZUTVNvd0tBWURWUVFERENGa2FXZHBkR0ZzWTNKbFpITXVaR1YyTG5SeWRYTjBaV1J3WVhSb0xtbHVabTh3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVRFUTM1UGd6TlUrMUFnUjZMeGJCUVphSk5pRzlSeEhXQmxkeFdLd25FZ3RWRDFhOGw1eGNnaGxGeGQ2b0lJd3Y2T0FrOE1TaHY4WXpkaTVaWlBWb2pWbzRHQk1IOHdMQVlEVlIwUkJDVXdJNEloWkdsbmFYUmhiR055WldSekxtUmxkaTUwY25WemRHVmtjR0YwYUM1cGJtWnZNQjBHQTFVZERnUVdCQlNDNGVRNXdkVjIrOFE5aU1MMkdEaXArL2l6aVRBZkJnTlZIU01FR0RBV2dCU0M0ZVE1d2RWMis4UTlpTUwyR0RpcCsvaXppVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUURYNkJRbW5YN3FOcWl4MWJBeWNaSmZiclJ5VVNPcU8ydUYySDh0MXBoWE5nSWhBUG9yMXNNOE9KaUhYMGUvalRsc01zQ3BpMGk1ekJBaGxUZDBWVndYN0lsOSJdfQ.eyJyZXNwb25zZV90eXBlIjoidnBfdG9rZW4iLCJyZXNwb25zZV9tb2RlIjoiZGNfYXBpLmp3dCIsIm5vbmNlIjoiWlFTQ2t2VktoR2xjUkcyZGRwR0d6c1lOMSIsImNsaWVudF9tZXRhZGF0YSI6eyJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IkVDIiwidXNlIjoiZW5jIiwiY3J2IjoiUC0yNTYiLCJraWQiOiI4OWI3YWIyNDg4ODUyZjVmNDhjMWM0NGNjZTk5NTk1MGMyMWNhM2YxNjRkODFjMDlkNmE1Yzk3Nzk1YjYxOGIzIiwieCI6IkxaMm14c0MzWEQ0TVVNTUVVamRXUFV1MkR5dDc1X2YwVHF1a29FOVFDaVkiLCJ5IjoiV0FuTjNjQlkwVHRueHY1QlBNbksyXzZ1cS1yQTN0ME03MGpkZ25VbmhsRSJ9XX0sInZwX2Zvcm1hdHNfc3VwcG9ydGVkIjp7Im1zb19tZG9jIjp7Imlzc3VlcmF1dGhfYWxnX3ZhbHVlcyI6Wy03XSwiZGV2aWNlYXV0aF9hbGdfdmFsdWVzIjpbLTddfX19LCJkY3FsX3F1ZXJ5Ijp7ImNyZWRlbnRpYWxzIjpbeyJpZCI6Im1kbCIsImZvcm1hdCI6Im1zb19tZG9jIiwibWV0YSI6eyJkb2N0eXBlX3ZhbHVlIjoib3JnLmlzby4xODAxMy41LjEubURMIn0sImNsYWltcyI6W3sicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImZhbWlseV9uYW1lIl19LHsicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImdpdmVuX25hbWUiXX1dfV19LCJjbGllbnRfaWQiOiJ4NTA5X3Nhbl9kbnM6ZGlnaXRhbGNyZWRzLmRldi50cnVzdGVkcGF0aC5pbmZvIiwiZXhwZWN0ZWRfb3JpZ2lucyI6WyJodHRwczovL2RpZ2l0YWxjcmVkcy5kZXYudHJ1c3RlZHBhdGguaW5mbyJdfQ.uybMmjpTG9wCXNgnXGkBiFax8owB-cPy560PSxrufFGS4puw_E9tPgMueah_Wj87tSfKC0f3YIuD4MW1ca1M3g"

Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest to add a comment for more clarity

docs/requesting-credential/openid4vp.md
}
```

## Presentation Response
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the documentation also cover how to structure the request for the response to be encrypted? Specifically, that the response mode value should be set to "response_mode": "dc_api.jwt", and the "jwks" object should be included?

docs/requesting-credential/openid4vp.md

## Presentation Request
The Verifier backend provides the presentation request to the browser's JavaScript environment, which then invokes the Digital Credentials API as documented in [dc-api](/docs/requesting-credential/dc-api).
The presentation request can be of 2 types:
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As suggested in the comment below in the Presentation Response section, maybe here it could be also specified that the requests can be signed and unsigned, as well as structured for encrypted on unencrypted response?

docs/requesting-credential/openid4vp.md
```json
{
"data":{
"vp_token":{
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"vp_token":{
// The unencrypted response's 'vp_token' object contains the one ore more
// credential presentations, keyed by their `id` value from the `dcql_query`
// request object. In this case, the "pid" credential is returned as an array
// containing a SD-JWT.
"vp_token":{

docs/requesting-credential/openid4vp.md
{
"data":{
"vp_token":{
"mdl": ["o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGxpc3N1ZXJTaWduZWSiam5hbWVTcGFjZXOhcW9yZy5pc28uMTgwMTMuNS4xgtgYWFSkaGRpZ2VzdElEAGZyYW5kb21QyA1rq3z_3nYPSLhoQwcl0HFlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVlU21pdGjYGFhRpGhkaWdlc3RJRAFmcmFuZG9tUKfN8mrTghU-esMmxdQJ9NFxZWxlbWVudElkZW50aWZpZXJqZ2l2ZW5fbmFtZWxlbGVtZW50VmFsdWVjSm9uamlzc3VlckF1dGiEQ6EBJqEYIVkCxDCCAsAwggJnoAMCAQICFB5_GzKtTzTv5LDMB7ew4zOnCxhNMAoGCCqGSM49BAMCMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRwwGgYDVQQKDBNEaWdpdGFsIENyZWRlbnRpYWxzMR8wHQYDVQQDDBZkaWdpdGFsY3JlZGVudGlhbHMuZGV2MB4XDTI1MDIxOTIzMzAxOFoXDTI2MDIxOTIzMzAxOFoweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxHDAaBgNVBAoME0RpZ2l0YWwgQ3JlZGVudGlhbHMxHzAdBgNVBAMMFmRpZ2l0YWxjcmVkZW50aWFscy5kZXYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATreTYr4tfzl8NQBH2D4eNiLONVazYPamjHWLsN3Gr4bAmvml1dDZk5dhLDWieRlpjKAA_IpMABbM2ISHjYBeNpo4HMMIHJMB8GA1UdIwQYMBaAFKJP9InZfEbobqOG2UdIzsy-3M_1MB0GA1UdDgQWBBTf_mpaEunAYsS8mKcl0tlw93pgKDA0BgNVHR8ELTArMCmgJ6AlhiNodHRwczovL2RpZ2l0YWwtY3JlZGVudGlhbHMuZGV2L2NybDAqBgNVHRIEIzAhhh9odHRwczovL2RpZ2l0YWwtY3JlZGVudGlhbHMuZGV2MA4GA1UdDwEB_wQEAwIHgDAVBgNVHSUBAf8ECzAJBgcogYxdBQECMAoGCCqGSM49BAMCA0cAMEQCIGHFy_V8weN78uCxM9ofIDEEXXCbWiEUDnpoMJvLB0LnAiBwr6LhxJv7p4wVzAnlGe0Ef8pqYxshyE8NufwfR_ULAlkDpNgYWQOfpmd2ZXJzaW9uYzEuMG9kaWdlc3RBbGdvcml0aG1nU0hBLTI1Nmdkb2NUeXBldW9yZy5pc28uMTgwMTMuNS4xLm1ETGx2YWx1ZURpZ2VzdHOhcW9yZy5pc28uMTgwMTMuNS4xsQBYIFzyZQg7ZkA1grdjM108zXfkzvHbFzlHOScn1GzZuv9OAVggXqOWEQI2XOdh43n-MHE1x9rwiCgyja9nGa6S3G7g0gwCWCAmSGOpISfK-s-ZpQIbcHVvYPEzjwuylPH-p8gc-n-04ANYIEBqAowiUts3l8LarZKqC7xDRcZQZEJ_La-Me_KjEmmzBFggcXDzD63D47INHQsad5Pxki834H4FNqUnJqHIsX_Z0BgFWCB929W3tRFzoRjElZksBRAzxdbqa3f8PVkoWjh1yK__OAZYIFB3Vn7spJAC-Gn8KHug63EOVoGbpfpgAGaplclPDRqqB1gg13dSWEeFYHH8KAzvvanHfH32PDME_8gxNMaaL_ajXa0IWCDimYKHpAKbLvP4fmh1iurn9nwJsa-qsTvOjmfq1qwMLQlYIJ30LH7o2TcTAgZWirVxOyxxF51Jw54XXHNURAI1bvRMClggqOdnvNdQEU4ly--lhhxuUMI6lgxEodCKNGLQ32AYZlwLWCCdn58bs0LsocwbrqeP38S_ETsVhbqYsZO1ISfNngoqmwxYIBpSS-NQZxNeiDpd6ed0EDDkcZ3d-Blqm4Mtg8vghwA3DVgg72cx0M_GmKyJXFlIZ7VsOsdWNjBYU6Efpck8_o51wRMOWCAhVhijSGH2AxUW4NZGa8TZEPzGt8HB5VNTIvMsC8ViaQ9YILQ5HQfNgQVrJdDE3kgKCosXjWpb5cf9xZSN1VTaD5vZEFgg1_wsn7f8q_MZtj5jgd1xv9GHkG20vW-AjBtNUtWMaMptZGV2aWNlS2V5SW5mb6FpZGV2aWNlS2V5pAECIAEhWCCl92rQyXlTH9IGjptkf1-NAqp7TlWQpc6U8c3ymc41EyJYIMuP7pXU_susKXLY0UZYbZfWppwqWAN7biHi83EXe4vEbHZhbGlkaXR5SW5mb6Nmc2lnbmVkwHgbMjAyNS0wNi0xNlQxNTo1NjowNy40MzQ4NDJaaXZhbGlkRnJvbcB4GzIwMjUtMDYtMTZUMTU6NTY6MDcuNDM0ODU2Wmp2YWxpZFVudGlswHgbMjAzNS0wNi0wNFQxNTo1NjowNy40MzQ4NTdaWEDVVbsN81M2DVAUxo2OKwC5evVExkrzJsfAGAjdoz3hMAkq64Eip2-9-Ja8SmiNc6cwqKXIG_RcKH877YZM9XxybGRldmljZVNpZ25lZKJqbmFtZVNwYWNlc9gYQaBqZGV2aWNlQXV0aKFvZGV2aWNlU2lnbmF0dXJlhEOhASag9lhA5H_ywACJmomFe_KE-g7JV-GPCqBZ7codseoXzFDlLdyp9nn7mWTACb9ZblP3IjzA-7yQXJsPeDf2DRNfB0FWjmZzdGF0dXMA"]
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a decrypted payload. Shouldn't the encrypted response be of the format:

{
 "protocol": "openid4vp-v1-unsigned",
 "data": {
   "response": "<token>"
 }
}

?

docs/requesting-credential/openid4vp.md
```json
{
"data":{
"vp_token":{
Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"vp_token":{
// Decrypt this token with the private key that corresponds
// to the public key you sent in the original request. The decrypted
// payload will be structured just like an unencrypted response.
"response": "<token>"

Copy link

@ewewraw ewewraw Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If my understanding of the encrypted response format is correct, this bit needs to be updated, and they "mdl" property should be removed. I'd also suggest to add a comment.

@timcappalli
Copy link
Contributor

timcappalli commented Nov 3, 2025

What's the status of this PR? I

It is parked right now. There is a lot of good content in here, but it needs to be broken up across different pages.

@deshmukhrajvardhan
Copy link
Author

deshmukhrajvardhan commented Nov 6, 2025

@ewewraw @timcappalli thanks for the comments. I'll be happy to contribute once we decide to work on this and unpark this, would appreciate your guidance then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timcappalli timcappalli Awaiting requested review from timcappalli

1 more reviewer

@ewewraw ewewraw ewewraw left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

@deshmukhrajvardhan deshmukhrajvardhan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@deshmukhrajvardhan @timcappalli @ewewraw