Overview

Issuer2 supports two OID4VCI flows for claiming a credential offer, set via the authMethod field when creating a credential offer. This section walks through the full sequence for each so you know what's actually happening between the wallet, your issuer, and (for one of them) an external identity provider.

Which Flow Should I Use?

Pre-Authorized Code FlowAuthorization Code Flow
authMethodPRE_AUTHORIZEDAUTHORIZED
User authenticationNone (optionally a PIN/txCode)Required — user logs in at an external IdP
Best forKnown users (already logged in) and data already verified before the offer is createdUnknown users, or credential data that should come from the user's own IdP login (e.g. corporate SSO)
Extra setup requiredNoneNone to try it — a hosted test provider with ready-made logins is used by default. For production, register your own OAuth/OIDC provider in authentication-service.conf
Credential data sourceFully defined in the profile (or runtime overrides) ahead of timeProfile defaults (or runtime overrides), enriched with claims from the IdP's ID token via idTokenClaimsMapping

Available Flows

Last updated on July 1, 2026