Start with Identity
Standard · stable

OpenID for Verifiable Credentials (OpenID4VC)

OpenID4VCI, OpenID4VP, SIOPv2 + HAIP 1.0OpenID FoundationHigh Assurance Interoperability Profile 1.0 Final (December 2025)Official spec ↗

What it is

OpenID for Verifiable Credentials (OpenID4VC) is a family of OpenID Foundation protocols that move verifiable credentials between issuers, wallets, and verifiers. If DIDs and the VC data model are the nouns of decentralized identity, OpenID4VC is the verbs: how a credential actually gets issued to a wallet and later presented to a verifier. It builds on OAuth 2.0 and OpenID Connect, so it reuses infrastructure and mental models that identity teams already have.

The pieces

  • OpenID4VCI (Issuance): how an issuer delivers a credential to a holder's wallet, including the credential offer, authorization, and the credential endpoint.
  • OpenID4VP (Presentation): how a verifier requests, and a wallet returns, a verifiable presentation, including cross-device flows via QR code.
  • SIOPv2 (Self-Issued OpenID Provider): lets a wallet act as its own OpenID Provider so a holder can authenticate with a DID instead of a hosted IdP.
  • HAIP (High Assurance Interoperability Profile): a tightly scoped profile that pins down formats (SD-JWT VC, mDL) and crypto so independent implementations interoperate.

How it works

An issuer sends a credential offer, the wallet runs an OAuth authorization flow, and the credential endpoint returns a signed SD-JWT VC or mDL. Later, a verifier sends an OpenID4VP request describing what it needs, the wallet prompts the holder, and returns only the disclosed claims using selective disclosure. Because it is layered on OAuth, existing authorization servers and libraries can be extended rather than replaced.

Status

The HAIP 1.0 profile reached Final in December 2025, a milestone that makes real interoperability testable. OpenID4VCI and OpenID4VP are the mandated protocols for the EU's EUDI Wallet, which is the single largest deployment driver. Wallet vendors, government programs, and decentralized identity platforms are converging on this family.

When to use it

Use OpenID4VC when you are building issuance or verification into a product and want a standards-based path that verifiers and wallets will accept. Choosing it over a proprietary credential exchange is what keeps your credentials portable across the ecosystem, especially anything that must interoperate with EU wallets.

Pitfalls

  • The family is broad; align on a profile (HAIP) and credential format up front rather than the base specs alone.
  • SIOPv2 and DID-based flows are less mature than the issuance and presentation cores; check what your target wallets actually support.

Related

Guides: verifiable credentials implementation guide, what is decentralized identity. Standards: Verifiable Credentials, DID, eIDAS 2 / EUDI Wallet. Glossary: OpenID4VCI, OpenID4VP. Vendors: decentralized identity.

Independent, community-driven reference. Always confirm details against the official specification linked above.