Authlete Verifiable Credentials Setup and Configuration

​

Preface

A Verifiable Credential (VC) is a key concept in the OID4VCI specification. It refers to a digitally signed collection of data that represents information about an identifiable entity, such as a user. This data may include attributes like a given name, family name, or birthdate. The term “verifiable” signifies that the credential’s integrity can be confirmed, ensuring that the data has not been altered. This is achieved through digital signatures, which allow relying parties to validate the authenticity and source of the credential. Examples of verifiable credentials include digital driving licenses and health insurance cards stored on a mobile device. These credentials enable secure and tamper-proof identity verification in various digital interactions. Authlete supports verifiable credentials, including features like OpenID for Verifiable Credential Issuance (OID4VCI). When enabled, Authlete’s service facilitates the issuance and management of verifiable credentials in compliance with relevant industry standards, ensuring secure and standardized digital identity verification.

​

Configure Verifiable Credentials Settings in Authlete 3.0

Authlete supports several configuration settings for Verifiable Credentials. This tutorial covers how to configure Verifiable Credentials in the Authlete Management Console.

​

Service Settings

Configure the following service settings in the Authlete Management Console to enable Verifiable Credentials.

​

Enable Verifiable Credentials

To enable Verifiable Credentials:

1. Log in to the Authlete Management Console.
2. Click on your Organization name and choose your Service.
3. Navigate to Service Settings > Verifiable Credentials > General.
4. To turn on Verifiable Credentials, toggle the enable button.
5. Click Save Changes to apply the updates.

Verifiable Credentials

​

Configure Credential Issuer Metadata

To configure Credential Issuer Metadata:

1. Navigate to Service Settings > Verifiable Credentials > Credential Issuer Metadata
2. Go to the "Credential Issuer" property and enter an Issuer Identifier. The value must be a valid URL with the https scheme and without the query part and the fragment part. For example, https://credential-issuer.example.com
3. Go to the "Credential Endpoint" property and enter a URL. Mandatory. e.g., https://credential-issuer.example.com/api/credential
4. Go to "Supported Credentials” property, and enter credentials - Mandatory. e.g., credential_configurations_supported.json. The value must be a JSON object. Non-ASCII characters may be contained, but Authlete limits the maximum number of characters to 16383.
5. Click Save Changes to apply the updates.

Credential Issuer Metadata

​

Configure JWK Set

To configure JWK key Set for Verifiable Credentials:

1. Navigate to Service Settings > Key Management > JWK Set > Verifiable Credentials.
2. Go to the “JWK Set” and enter a Key Set - Mandatory. e.g., vc-issuer_jwk-set.json
3. Click Save Changes to apply the updates.

JWK Set for Verifiable Credentials

​

Configure Supported Grant Types

To configure Supported Grant Types for Verifiable Credentials:

1. Navigate to the Service Settings > Endpoints > Global Settings > General
2. Go to “Supported Grant Types” and check mark the following values:
   • PRE_AUTHORIZED_CODE (if you support the pre-authorized code flow)
3. Click Save Changes to apply the updates.

Supported Grant Types for Verifiable Credentials

​

Configure Supported Authorization Details Types

To configure Supported Authorization Details Types for Verifiable Credentials:

1. Navigate to Service Settings > Endpoints > Authorization > Request Object
2. For the "Supported Authorization Details Types" property, add openid_credential. This is necessary if the client initiates VC issuance using the steps outlined in 2.2.4. Authorization Code Flow + authorization_details.
3. Click Save Changes to apply the updates.

Supported Authorization Details Types for Verifiable Credentials

​

Configure Supported Scopes

To configure Supported Scopes for Verifiable Credentials:

1. Navigate to the Service Settings > Tokens and Claims > Advanced > Scope
2. Go to “Supported Scopes” and add values of scope for “Supported Credentials”. For example, if you use the credential_configurations_supported.json introduced above as an example, add digital_credential, identity_credential and org.iso.18013.5.1.mDL. Adding scope values are required if you support VC issuance using the steps explained in 2.2.5. Authorization Code Flow + scope.
3. Click Save Changes.

Scopes for Verifiable Credentials Scopes for Verifiable Credentials

​

Client Settings

Configure the following client settings in the Authlete Management Console to enable Verifiable Credentials.

​

Configure Supported Grant Types

To configure Supported Grant Types for Verifiable Credentials:

1. Navigate to Client Settings > Endpoints > Global Settings
2. Go to "Supported Grant Types" and check mark PRE_AUTHORIZED_CODE (if the client uses the pre-authorized code flow).
3. Click Save Changes.

Supported Grant Types for Verifiable Credentials

​

Configure Authorization Details Types

To configure Authorization Details Types Verifiable Credentials:

1. Navigate to Client Settings > Tokens and Claims > Advanced > Scope:
2. Go to "Authorization Details Types" and add openid_credential. This is necessary if the client initiates VC issuance using the steps outlined in 2.2.4. Authorization Code Flow + authorization_details.
3. Click Save Changes.

Authorization Details Types for Verifiable Credentials

​

Further Reading

• For In-Depth information about Verifiable Credential (VC), see OpenID for Verifiable Credential Issuance