OID4VCI Pre-Authorized Code

Wallet resolves a credential offer URI, discovers issuer metadata, exchanges a pre-authorized code for an access token with c_nonce, and requests a Verifiable Credential bound to a proof JWT.

Try in Looking Glass
Verifiable CredentialsPre-Authorized CodeProof + c_nonce

Sequence Diagram

Click any step for details

WalletIssuerAuth Server1Resolve Credential Offer2Discover Issuer Metadata3Token Request (Pre-Authorized Code)4Token Response5Credential Request6Credential Response
Request
Response
Redirect
Internal

Step-by-Step Breakdown

1
Resolve Credential Offer
WalletCredential Issuer
2
Discover Issuer Metadata
WalletCredential Issuer
3
Token Request (Pre-Authorized Code)
WalletAuthorization Server
4
Token Response
Authorization ServerWallet
5
Credential Request
WalletCredential Issuer
6
Credential Response
Credential IssuerWallet

Token Inspector

Specs for this flow

Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.