OID4VP DCQL + direct_post.jwt
Verifier creates a signed authorization request and publishes request_uri. Wallet fetches it, creates an encrypted JWE response containing a signed inner JWT (typ=oauth-authz-resp+jwt) with vp_token, and posts to response_uri. Verifier decrypts and validates (OID4VP §5, §8.3.1).
OID4VP DCQL + direct_post.jwt
Verifier creates a signed authorization request and publishes request_uri. Wallet fetches it, creates an encrypted JWE response containing a signed inner JWT (typ=oauth-authz-resp+jwt) with vp_token, and posts to response_uri. Verifier decrypts and validates (OID4VP §5, §8.3.1).
Presentation Verificationdirect_post.jwtEncrypted Response
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
Create Signed Request Object
Verifier → Wallet
2
Fetch Request Object
Wallet → Verifier
3
Wallet Encrypted Response
Wallet → Verifier
4
Decrypt + Validate + Policy Decision
Verifier → Verifier
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.