OpenID for Verifiable Presentations with DCQL-first request contracts
Verifier creates a signed authorization request object with DCQL query and publishes a request_uri. Wallet fetches the request, evaluates the query, and posts vp_token to response_uri using direct_post (OID4VP §5, §8.2).
Verifier creates a signed authorization request and publishes request_uri. Wallet fetches it, creates an encrypted JWE response containing a signed inner JWT (typ=oauth-authz-resp+jwt) with vp_token, and posts to response_uri. Verifier decrypts and validates (OID4VP §5, §8.3.1).
DCQL-first Requests
Request Object (JAR)
direct_post Transport