You can now verify mDOC credentials over OpenID4VP based on ISO 18013-7 Annex B. You can now add mDOC credentials to a presentation template, and combine this with SD-JWT VC credentials. mDOC verification is fully integrated with trusted entities, allowing you to configure your trusted issuer X.509 certificates. Issuance of X.509 based credentials for SD-JWT VC and mDOC usign OpenID4VCI will follow soon.
The addition of mDOC verification is a big step towards alignment with European Digital Identity, but also global interoperability.
You can read more in the Presentation Templates docs.
Support for OpenID4VP response encryption
With the addition of support for mDOC verification, we also added support for OpenID4VP response encryption using JWT Secured Authorization Response Mode (JARM). When response encryption is enabled, the response_mode
will be set to direct_post.jwt
instead of direct_post
. For OpenID4VC verification requests including an mDOC credential, response encryption will be enabled by default as it is required based on ISO 18013-7, and an error will be thrown if it is explicitly disabled. For other OpenID4VC verification requests response encryption must be manually enabled (for now) to avoid breaking changes.
Response encryption can be configured using the requireResponseEncryption
parameter in the Create OpenID4VC verification request endpoint.
Bugfixes and improvements
- The
client_id
is now included in OpenID4VP authorization request URIs - The
request_uri
for OpenID4VP authorization requests when fetched now correctly returns theapplication/oauth-authz-req+jwt
content type response header