Credential Issuer Metadata

The Credential Issuer Metadata, defined by the OID4VC spec, provides detailed information about the issuer's technical and operational capabilities, supported credential types, interaction endpoints, encryption standards, and localization options for display information.

Using the waltid-issuer-api/config/credential-issuer-metadata.conf file, you can customize the supported credential types and their related cryptographic binding methods, credential signing alg values, and more. This way you can enable the issuance of any custom credential type with specific options. You can either simply add another row defining your custom credential to the supportedCredentialTypes array already defined in the config file or use the expanded syntax to specify other options next to the credential type.

Please make sure to restart the issuer API service for changes to take effect.

1. Custom Credential Type Simple

Use the blow syntax if you want to only specify the credential type, other options like cryptographic_binding_methods_supported, credential_signing_alg_values_supported and more will be automatically generated by the issuer API. If you want to explicitly set those options, please refer to the next section "Custom Credential Type Expanded".

CustomCredential = [VerifiableCredential, CustomCredential]
  • kye The name of the credential
  • array: Type of the credential. Every W3C credential type is represented by an array, where the first type is always VerifiableCredential followed by your custom credential name.

2. Custom Credential Type Expanded

Using the expanded syntax you can specify the credential type that needs to be supported next to the:

  • format
  • cryptographic_binding_methods_supported
  • credential_signing_alg_values_supported
  • credential_definition
  • doctype
  • vct
  • doctype

depending on the credential format. You can find examples for the different credential formats we support below.

W3C Example
SD-JWT VC Example
mDL Example
"BankId_jwt_vc_json" = {
        format = "jwt_vc_json"
        cryptographic_binding_methods_supported = ["jwk"]
        credential_signing_alg_values_supported = ["ES256"]
        credential_definition = { 
          types = ["VerifiableCredential", "BankId"] 
        }
}

Example Config

You can also find it in walt.id repo.

credential-issuer-metadata.conf
  supportedCredentialTypes = {
      BankId = [VerifiableCredential, BankId],
      KycChecksCredential = [VerifiableCredential, VerifiableAttestation, KycChecksCredential],
      KycCredential = [VerifiableCredential, VerifiableAttestation, KycCredential],
      KycDataCredential = [VerifiableCredential, VerifiableAttestation, KycDataCredential],
      PassportCh = [VerifiableCredential, VerifiableAttestation, VerifiableId, PassportCh],
      PND91Credential = [VerifiableCredential, PND91Credential],
      MortgageEligibility = [VerifiableCredential, VerifiableAttestation, VerifiableId, MortgageEligibility],
      PortableDocumentA1 = [VerifiableCredential, VerifiableAttestation, PortableDocumentA1],
      OpenBadgeCredential = [VerifiableCredential, OpenBadgeCredential],
      VaccinationCertificate = [VerifiableCredential, VerifiableAttestation, VaccinationCertificate],
      WalletHolderCredential = [VerifiableCredential, WalletHolderCredential],
      UniversityDegree = [VerifiableCredential, UniversityDegree],
      VerifiableId = [VerifiableCredential, VerifiableAttestation, VerifiableId],
      CTWalletSameAuthorisedInTime = [VerifiableCredential, VerifiableAttestation, CTWalletSameAuthorisedInTime],
      CTWalletSameAuthorisedDeferred = [VerifiableCredential, VerifiableAttestation, CTWalletSameAuthorisedDeferred],
      CTWalletSamePreAuthorisedInTime = [VerifiableCredential, VerifiableAttestation, CTWalletSamePreAuthorisedInTime],
      CTWalletSamePreAuthorisedDeferred = [VerifiableCredential, VerifiableAttestation, CTWalletSamePreAuthorisedDeferred],
      AlpsTourReservation = [VerifiableCredential, VerifiableAttestation, AlpsTourReservation],
      EducationalID = [VerifiableCredential, VerifiableAttestation, EducationalID],
      HotelReservation = [VerifiableCredential, VerifiableAttestation, HotelReservation],
      Iso18013DriversLicenseCredential = [VerifiableCredential, VerifiableAttestation, Iso18013DriversLicenseCredential],
      TaxReceipt = [VerifiableCredential, VerifiableAttestation, TaxReceipt],
      VerifiablePortableDocumentA1 = [VerifiableCredential, VerifiableAttestation, VerifiablePortableDocumentA1],
      Visa = [VerifiableCredential, VerifiableAttestation, Visa],
      eID = [VerifiableCredential, VerifiableAttestation, eID],
      NaturalPersonVerifiableID = [VerifiableCredential, VerifiableAttestation, NaturalPersonVerifiableID],
      BoardingPass = [VerifiableCredential, VerifiableAttestation, BoardingPass]
      
      "org.iso.18013.5.1.mDL" = {
        format = "mso_mdoc"
        cryptographic_binding_methods_supported = ["cose_key"]
        credential_signing_alg_values_supported = ["ES256"]
        proof_types_supported = { cwt = { proof_signing_alg_values_supported = ["ES256"] } }
        doctype = "org.iso.18013.5.1.mDL"
      }

     "identity_credential_vc+sd-jwt" = {
        format = "vc+sd-jwt",
        cryptographic_binding_methods_supported = ["jwk"]
        credential_signing_alg_values_supported = ["ES256"]
        vct = "http://localhost:22222/identity_credential"
     }
      
     "BankId_jwt_vc_json" = {
        format = "jwt_vc_json"
        cryptographic_binding_methods_supported = ["jwk"]
        credential_signing_alg_values_supported = ["ES256"]
        credential_definition = { 
          types = ["VerifiableCredential", "BankId"] 
        }
     }
  }
FeaturesIssuer Service