OpenID for Verifiable Presentations (OID4VP) is a standardized protocol that defines how a Relying Party (RP), such as a website or app, can request and verify W3C Verifiable Credentials from a user's digital wallet. It builds upon the widely adopted OpenID Connect (OIDC) authentication layer, allowing users to present cryptographically signed attestations—like a proof of age or professional license—instead of, or in addition to, traditional login credentials. This enables selective disclosure, where users can share only the specific claims needed for a transaction.
LABS
Glossary
OpenID for Verifiable Presentations (OID4VP)
An OpenID Connect extension that standardizes how a Relying Party requests and a Wallet presents Verifiable Credentials as a Verifiable Presentation during authentication.
Chainscore © 2026
definition
PROTOCOL
What is OpenID for Verifiable Presentations (OID4VP)?
An open standard that extends the OpenID Connect framework to enable the secure request and presentation of cryptographically verifiable credentials.
The protocol operates through a structured flow. A Relying Party sends a Presentation Request to the user's wallet, specifying the required credentials and any constraints (e.g., the issuer must be a trusted authority). The user's wallet then processes this request, allowing the user to review and consent to sharing specific data. The wallet constructs a Verifiable Presentation—a signed package containing the selected credentials—and returns it to the RP. The RP can then cryptographically verify the presentation's integrity, the credential's authenticity, and the issuer's status without needing to contact the issuer directly.
Key technical components include the Presentation Definition, a machine-readable format for specifying credential requirements, and the Presentation Submission, the wallet's response containing the matching credentials. OID4VP is a core specification within the broader OpenID for Verifiable Credentials (OID4VC) suite, which also includes OpenID for Verifiable Credential Issuance (OID4VCI). It is designed for interoperability, working with Decentralized Identifiers (DIDs) and various signature suites defined by the W3C Verifiable Credentials Data Model.
A primary use case is age verification without revealing a full birthdate. A user could present a verifiable credential from a government issuer asserting they are over 21. The website (RP) receives only this proof, not the underlying date of birth, enhancing privacy. Other applications include know-your-customer (KYC) processes, professional license checks, and access control for enterprise or physical systems, moving beyond brittle username/password systems to a model of portable, user-centric identity.
By leveraging the existing OIDC ecosystem, OID4VP facilitates easier adoption for developers and integrates with current web authentication flows. It represents a significant shift towards a trust framework for the internet, where trust is established through cryptographic proofs from trusted issuers rather than centralized user databases. This protocol is foundational for building self-sovereign identity (SSI) systems and enabling more secure, private, and efficient digital interactions across the web.
key-features
OID4VP
Key Features
OpenID for Verifiable Presentations (OID4VP) is a protocol that enables users to share cryptographically verifiable credentials (like a digital driver's license) with relying parties (like a website) in a secure, privacy-preserving manner, extending the familiar OAuth 2.0 flow.
01
Selective Disclosure
A core privacy feature allowing users to share only the specific data a verifier needs, rather than an entire credential. For example, proving you are over 21 by revealing only your birth year from a digital ID, not your full name or address. This minimizes data exposure and enhances user control.
02
Holder Binding & Non-Repudiation
Ensures the verifiable presentation is cryptographically bound to the holder who presents it, preventing unauthorized use or replay attacks. This is typically achieved using Decentralized Identifiers (DIDs) and digital signatures, providing strong proof that the credential belongs to the presenter and creating a non-repudiable audit trail.
03
Interoperability via W3C Standards
OID4VP is built on top of established W3C standards, ensuring compatibility across different ecosystems. It leverages:
- Verifiable Credentials (VCs) as the data model.
- Decentralized Identifiers (DIDs) for issuer and holder identification.
- JSON Web Tokens (JWTs) or JSON-LD Proofs for cryptographic proof formats. This standards-based approach prevents vendor lock-in.
04
Wallet-Based User Experience
The protocol is designed to work with digital identity wallets (mobile apps or browser extensions). The wallet acts as the user's agent, securely storing credentials, managing cryptographic keys, and mediating the presentation flow with the verifier. This creates a consistent, user-centric interface for managing digital identity across services.
05
Presentation Request & Submission
Defines a standardized machine-readable format for a Presentation Request. A verifier (e.g., a financial service) sends this request specifying the required credentials and constraints (e.g., "a government-issued ID issued after 2020"). The user's wallet processes this request and returns a Verifiable Presentation in a defined response format.
how-it-works
PROTOCOL MECHANICS
How OID4VP Works
OpenID for Verifiable Presentations (OID4VP) is a standardized protocol that enables a user to present cryptographically signed digital credentials to a relying party, using their existing digital wallet.
The OID4VP flow is initiated when a relying party (RP), such as a website or service, requests specific user data. Instead of asking for raw data, the RP sends a presentation request that specifies the required credential types and the data claims within them (e.g., a Verifiable Credential proving the user is over 18). This request is typically embedded in a QR code or a deep link, which the user scans or clicks with their digital wallet.
Upon receiving the request, the user's wallet displays the request details, allowing the user to review and select which credentials to share. The user consents to the transaction, and the wallet constructs a Verifiable Presentation. This is a cryptographically signed package containing the selected credentials, which proves the data's authenticity and integrity without revealing unnecessary information. The presentation is then transmitted back to the relying party.
The relying party receives the Verifiable Presentation and performs verification. This process involves several cryptographic checks: verifying the digital signatures on the presentation and the contained credentials, ensuring the credentials were issued by a trusted issuer, and confirming they have not been revoked. Crucially, this verification is decentralized; the RP can perform it independently using public keys and revocation registries, without needing to call the issuer for each transaction.
A key technical feature of OID4VP is its support for selective disclosure. This allows a user to reveal only specific attributes from a credential (e.g., proving they are over a certain age from a driver's license credential without revealing their exact birth date or address). This is often achieved using zero-knowledge proofs or BBS+ signatures, which are cryptographic methods that enable proof of predicate satisfaction without data leakage.
OID4VP integrates seamlessly with the broader Self-Sovereign Identity (SSI) ecosystem. It relies on Decentralized Identifiers (DIDs) as the foundational identifiers for issuers, holders, and verifiers, and uses Verifiable Credentials Data Model standards for the credential format. This interoperability ensures credentials issued in one ecosystem can be presented via OID4VP to verifiers in another, promoting user-centric data portability.
examples
OID4VP
Common Use Cases & Examples
OpenID for Verifiable Presentations (OID4VP) is a protocol that enables users to share cryptographically verifiable credentials (like a driver's license or university degree) with online services. These cards illustrate its primary applications in decentralized identity and access management.
02
Selective Disclosure & Privacy
A core feature of OID4VP is allowing users to share only the specific attributes required. For example, to prove residency in a specific country, a user can present a cryptographically verifiable proof derived from their passport credential that only confirms "country of residence = Germany," without revealing their full name, passport number, or date of birth.
03
KYC and Regulatory Compliance
Financial institutions and regulated platforms can use OID4VP to streamline Know Your Customer (KYC) processes. A user can present a verifiable credential issued by a trusted KYC provider. The platform verifies its authenticity and validity instantly, reducing manual checks while maintaining a high assurance level and audit trail.
04
Access to Gated Services
Services can gate access based on proven qualifications or memberships. Examples include:
- A professional forum requiring a verifiable credential of a software engineering degree.
- A discount platform requiring proof of student status.
- A DAO requiring proof of holding a specific NFT or governance token as a verifiable credential.
05
Cross-Border and Interoperable Verification
OID4VP, built on W3C Verifiable Credentials standards, enables credentials issued by one organization (e.g., a European university) to be seamlessly verified by another (e.g., an Asian employer). This solves interoperability challenges in digital identity, creating a trust framework that is not locked into a single vendor or jurisdiction.
PROTOCOL COMPARISON
OID4VP vs. Traditional OIDC
A technical comparison of OpenID for Verifiable Presentations (OID4VP) and the traditional OpenID Connect (OIDC) standard.
| Feature | OpenID for Verifiable Presentations (OID4VP) | Traditional OpenID Connect (OIDC) |
|---|---|---|
Core Credential Type | Verifiable Presentations (VPs) & Verifiable Credentials (VCs) | JSON Web Tokens (JWTs) |
Data Source | Holder's Wallet (User-Agent) | Identity Provider (IdP) Server |
User Control & Portability | ||
Selective Disclosure Support | ||
Cryptographic Proof | Verifiable Proofs (e.g., BBS+, CL-Signatures) | Digital Signature (JWS) |
Primary Flow | Presentation Exchange | Authorization Code Flow / Implicit Flow |
Standardization Body | OpenID Foundation (OIDF) & W3C | OpenID Foundation (OIDF) |
Data Minimization | Built-in via presentation definitions | Limited; relies on OAuth scopes |
ecosystem-usage
STANDARDS & PROTOCOLS
Ecosystem & Adoption
OpenID for Verifiable Presentations (OID4VP) is a standardized protocol that enables users to share cryptographically verifiable credentials (like digital IDs or attestations) with relying parties, such as dApps or services, in a secure and privacy-preserving manner.
01
Core Protocol Flow
OID4VP defines a standardized interaction between a Holder (user), a Verifier (relying party), and a Wallet. The flow typically involves:
- Authorization Request: The Verifier requests specific credentials via a structured query.
- Presentation Submission: The Holder's wallet selects and signs the requested credentials, creating a Verifiable Presentation.
- Verification: The Verifier cryptographically validates the presentation's signatures and checks the credential status.
02
Relationship to OIDC & SIOP
OID4VP extends the widely adopted OpenID Connect (OIDC) standard for authentication. It is often used in conjunction with Self-Issued OpenID Provider (SIOP), which allows users to act as their own identity provider using a decentralized identifier (DID). This combination enables passwordless, phishing-resistant logins where users present verifiable credentials instead of sharing personal data.
03
Key Use Cases in Web3
The protocol enables trusted interactions without centralized intermediaries. Primary applications include:
- On-chain KYC/AML: Sharing accredited investor status or proof-of-personhood credentials to access regulated DeFi protocols.
- Gated Access & DAOs: Proving membership, reputation, or token holdings to enter token-gated communities or vote.
- Selective Disclosure: Proving you are over 21 from a driver's license credential without revealing your birth date or address.
05
Interoperability with W3C Standards
OID4VP is designed for maximum interoperability by building on core World Wide Web Consortium (W3C) standards.
- It uses Verifiable Credentials (VCs) as the data format.
- It relies on Decentralized Identifiers (DIDs) for the issuer, holder, and verifier.
- It utilizes JSON-LD or JWT serializations for credentials and presentations. This alignment ensures credentials issued in one ecosystem can be presented to verifiers in another.
06
Adoption Drivers & Challenges
Widespread adoption is driven by the need for user-centric data control and regulatory compliance (e.g., eIDAS 2.0, GDPR). Key challenges remain:
- User Experience: Managing credential wallets and consent flows must be seamless.
- Issuer Trust: Establishing trusted, recognized credential issuers is critical for the ecosystem.
- Network Effects: Value increases as more verifiers accept credentials from a common set of issuers.
security-considerations
OID4VP
Security & Privacy Considerations
OpenID for Verifiable Presentations (OID4VP) is an open standard that enables secure, privacy-preserving digital identity verification using Verifiable Credentials. This section details its core security mechanisms and privacy-enhancing features.
01
Selective Disclosure
A core privacy feature allowing a holder to share only specific, necessary attributes from a Verifiable Credential.
- Example: Proving you are over 21 by revealing only your birth year from a driver's license credential, without disclosing your full name or address.
- This minimizes data exposure and adheres to the data minimization principle.
02
Presentation Definition & Submission
The Verifier (relying party) sends a machine-readable Presentation Definition specifying exactly what data is required and the proof formats accepted. The Holder's wallet evaluates this request and constructs a compliant Verifiable Presentation. This structured exchange prevents ambiguous or overreaching data requests.
03
Holder-Binding & Non-Repudiation
OID4VP ensures the presented credential is bound to the presenter. The Verifiable Presentation is cryptographically signed by the Holder's private key, providing proof of possession and creating non-repudiable evidence that this specific individual presented the claims. This prevents credential theft and replay attacks.
04
Decentralized Identifiers (DIDs)
OID4VP typically uses Decentralized Identifiers (DIDs) as the cryptographic foundation for Holders, Issuers, and Verifiers. DIDs are controlled by the subject via private keys, eliminating reliance on centralized identity providers and reducing single points of failure or correlation.
05
Verifier Authentication & Trust
The Holder must authenticate the Verifier before releasing any data. This is often done by verifying the Verifier's own DID and ensuring it is trusted (e.g., listed on a trusted registry). This mutual authentication prevents phishing and data leakage to malicious parties.
06
Audit Trail & Compliance
The cryptographic proofs in a Verifiable Presentation create a clear, tamper-evident audit trail. Verifiers can cryptographically verify the credential's issuer signature, its status (not revoked), and the holder's binding signature. This supports regulatory compliance (e.g., GDPR, eIDAS) by providing evidence of consent and data provenance.
OID4VP
Frequently Asked Questions (FAQ)
OpenID for Verifiable Presentations (OID4VP) is a protocol that extends OAuth 2.0 to enable the secure request and presentation of cryptographically verifiable credentials. These FAQs address its core mechanisms, use cases, and relationship to other standards.
OpenID for Verifiable Presentations (OID4VP) is a standardized protocol that enables a Relying Party (RP) to request and receive digitally signed, cryptographically verifiable credentials from a user's digital wallet. It is an extension of the OAuth 2.0 and OpenID Connect (OIDC) frameworks, using a familiar authorization flow to request not just access tokens, but structured, machine-verifiable data claims known as Verifiable Presentations (VPs). This allows users to share specific attributes (like age, membership status, or accreditation) from their W3C Verifiable Credentials (VCs) without revealing their entire identity or relying on a central database for verification.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall