Skip to content

Verification

This article provides a detailed overview of the OID4VP protocol steps managed by Partisia's credential verification service. All these steps are entirely carried out by Partisia's credential verification service, relieving the verifier of these tasks.

The following explanation, thus, expands on step number five in this diagram:

verifier diagram

Wallet retrieves the request object

At this point in the flow, the wallet has received the request URI from your application.

After the holder approves the interaction, the wallet retrieves the request object from the credential verification service. This is done through a secure API call, signaling the credential verification service to proceed with the presentation process.

For example, the wallet might send the following:

curl -X 'GET' \
'https://verifier.example.org/presentation/oid4vp/authorization-request/02a61fbd1ac7c23f90a48a6b9107a45bbd9b05b09b' \
-H 'accept: application/json'

Credential verification service returns request object

The credential verification service responds to the wallet's request by sending the following key components:

  • DCQL Query: A object specifying the rules and requirements for the verifiable presentation.
  • Response URI: The endpoint to which the wallet must later send the completed presentation.
  • Client metadata: Information about the verifier, for the wallet to present to the user.
  • Nonce: A unique identifier to maintain the integrity of the interaction.

For example, the response body might look like this:

{
    "dcql_query": {
        "credentials": [
            {
                "id": "example_credential",
                "format": "jwt_vc_json-ld",
                "meta": {},
                "claims": [
                    {
                        "id": "firstName",
                        "path": ["credentialSubject", "firstName"]
                    }
                ]
            }
        ]
    },
    "response_uri": "https://verifier.example.org/presentation/oid4vp/authorization-response/02c025eb679059d80cf88a7adcf1d357185a19e161",
    "client_metadata": {
        "client_name": "Partisia Verifier",
        "logo_uri": "https://verifier.example.org/static/logo"
    },
    "nonce": "FOuK4_lFesM6-rBkoHkrng=="
}

The wallet uses the DCQL query to guide the holder in selecting and preparing the required credentials for presentation.

User Confirmation in the Wallet

The wallet prompts the user to confirm their intent to proceed. The user must swipe to confirm or approve the preparation and submission of the verifiable presentation.

Wallet submits the Verifiable Presentation

Once confirmed, the wallet prepares and submits the Verifiable Presentation to the credential verification service. This is typically done via an HTTP POST request to the response_uri:

The verifiable presentation includes:

  • The credentials requested in the DCQL query.
  • Proofs to verify the wallet's and the credential issuer's authenticity.

Credential verification service runs its verification

Upon receiving the Verifiable Presentation, the credential verification service processes the submission. It performs the following checks:

  • Signature Verification: Ensures the presentation is signed by the wallet and the credentials by the respective issuers.
  • Credential Validation: Confirms that the submitted credentials meet the rules specified in the DCQL query.
  • Integrity Check: Validates the nonce and request ID to ensure no tampering occurred.

The credential verification service then returns the verification result to the customer application, completing the presentation flow.