What Is OpenID4VP?

OpenID4VP is a specification from the OpenID Foundation that defines how verifiable credentials (VCs) can be presented securely and selectively by end-users to trusted parties known as verifiers. Built on OAuth 2.0 and OpenID Connect, it supports multiple credential formats and flexible deployment scenarios—from same-device flows to cross-device QR-based handoffs.

• Digital Credential Query Language (DCQL) for querying specific claims.

• Verifiable Presentation (VP) tokens for packaging and delivering credentials.

• Direct post modes (direct_post.jwt) for structured responses.

• Holder binding and selective disclosure for privacy and integrity.

The final 1.0 specification was published on July 9, 2025, after public review and community feedback. Read the final spec here.

How It Works

1. Credential Request: Verifier sends a presentation request using DCQL.

2. Wallet Interaction: User’s wallet receives the request, authenticates the user, and obtains consent.

3. Presentation: The wallet issues a VP token with selected claims via redirect, QR code, or direct_post.jwt.

4. Verification: The verifier checks digital signatures, nonce, issuer validity, and holder binding.

Key Features of OpenID4VP

• Credential Format Flexibility: Supports W3C VC, ISO mDLs (mso_mdoc), and SD-JWT VCs.

• Selective Disclosure: Users share only necessary claims (e.g., age, not full ID).

• Security: Uses nonces, holder binding proofs, and JWE encryption for integrity and privacy.

• Interoperability: Trust frameworks like OpenID Federation support ecosystem compatibility.

mDLs in the Digital Identity Ecosystem

Mobile Driving Licences (mDLs) are digital equivalents of physical driver’s licences, governed by ISO/IEC 18013-5. They are encoded in CBOR and signed using COSE_Sign1, supporting both in-person and online presentations.

• Data format: mso_mdoc

• Cryptographic security: COSE-based signatures and issuer certificates

• Presentation methods: Bluetooth, QR code, or NFC

OpenID4VP + mDLs: How It Works

1. Verifier requests a credential of type org.iso.18013.5.1.mDL and format mso_mdoc.

2. A presentation URL is shared with the wallet (QR code or redirect).

3. Wallet presents a signed Verifiable Presentation.

4. Verifier validates cryptographic proof, doc_type, issuer, and claim contents.

This flow ensures compliance with both OpenID4VP and ISO/IEC 18013-5.

Real-World Pilots and Implementations

• U.S. States: California, Arizona, Louisiana—early mDL deployments, some exploring OpenID4VP.

• Europe: France Identité, eDoklady (CZ), eID.li (Liechtenstein) align with W3C VC and mDL formats.

• Tech Providers: MATTR and walt.id support OpenID4VP APIs and integrations.

Benefits at a Glance

FeatureBenef

itSelective Disclosure: Only reveal necessary claims (e.g., proof of age)

Security: Cryptographic signatures, holder binding, JWE encryption

Interoperability: Multi-format and cross-wallet compatibility

Privacy Compliance: Aligns with GDPR, ISO, and decentralized ID principles

User Experience: Fast, contactless, mobile-first interactions

The Road Ahead

With continued development of interoperability profiles like the OpenID4VC High Assurance Interoperability Profile, OpenID4VP is poised to support not only mDLs but also digital passports, medical credentials, and professional licenses.

Challenges like verifier adoption and device compatibility remain, but the groundwork is laid for a trusted, decentralized identity ecosystem.

Conclusion

OpenID4VP is more than a protocol—it’s a cornerstone of privacy-first digital interactions. Combined with mobile driving licences, it redefines how individuals share identity data—securely, selectively, and seamlessly—ushering in a safer and more efficient digital future.

Driver Codes plans to introduce OpenID4VP features on to its app very soon.