Metadata and trust

OpenID4VP relies on verifier and wallet metadata to make the exchange interoperable and safe.

Metadata answers questions like:

• Which presentation formats does the verifier accept?
• How should the wallet validate the verifier’s identity (client_id) and trust anchors?
• What encryption and signing capabilities are supported?

Verifier metadata (client_metadata)

OpenID4VP allows the verifier to include metadata in the authorization request using client_metadata.

This metadata can include:

• Supported presentation formats (vp_formats_supported)
• Cryptographic material (for example, jwks)
• Response encryption preferences and supported algorithms

Note

The specific fields and constraints come from the OpenID4VP specification and related OAuth/OIDC metadata standards. Wallets use this metadata to decide whether and how to respond.

Wallet metadata

A wallet can publish metadata that tells the verifier what it supports.

For example, wallet metadata can indicate whether the wallet supports:

• Specific response modes and encodings
• Specific verifiable presentation formats

Client identifier prefixes

OpenID4VP defines client identifier schemes (prefixes) that change how a wallet interprets client_id and what trust checks it performs.

Examples of client identifier prefixes include:

• pre-registered
• redirect_uri
• openid_federation
• verifier_attestation
• decentralized_identifier
• x509_san_dns
• x509_hash

Which schemes you support affects interoperability with different wallet ecosystems.

Further resources

• OpenID for Verifiable Presentations 1.0
• OpenID Connect Discovery 1.0