How to use OID4VC in a Client Perspective way

[mschmidt-ffstudios]

Hello together,

OID4VC is as far as I know a User Based flow:

• The entire workflow is based on user interaction and consent management
• A User is using his mobile Wallet but for a Company an automated process (client) would do the work
• A Client should be able to use the same Workflow with a configuration of Interaction Criteras

Is this planned to be added in OID4VC since if this is missing, a Company wallet can not directly use OID4VC
since it is only described for User flows.

If we want to enable Companies, there should be a possibility to develop an Client based Access flow or?

Greetings,
Max

[tlodderstedt]

Hi,

OID4VC was developed with users (natural person) in mind. Most of the protocol components are dedicated to ensure the security of the interaction with the user and are not needed for clients/machines.

For the issuance, you could certainly use the credential issuance endpoint to issue credentials to machines. You would obtain the access token using other grant types, such as "client_credential" or the attestation based client attestation.

Not sure on the presentation side. Could you share your use case(s)? That would help to come up with an idea.

best regards,
Torsten.