Credential Issuer Metadata

The Credential Issuer Metadata, defined by the OID4VC spec, provides detailed information about the issuer's technical and operational capabilities, supported credential types, interaction endpoints, encryption standards, and localization options for display information.

Using the waltid-issuer-api/config/credential-issuer-metadata.conf file, you can customize the supported credential types and their related cryptographic binding methods, credential signing alg values, and more. This way you can enable the issuance of any custom credential type with specific options. You can either simply add another row defining your custom credential to the supportedCredentialTypes array already defined in the config file or use the expanded syntax to specify other options next to the credential type.

Please make sure to restart the issuer API service for changes to take effect.

1. Custom Credential Type Simple

Use the blow syntax if you want to only specify the credential type, other options like cryptographic_binding_methods_supported, credential_signing_alg_values_supported and more will be automatically generated by the issuer API. If you want to explicitly set those options, please refer to the next section "Custom Credential Type Expanded".

CustomCredential = [VerifiableCredential, CustomCredential]
  • key The name of the credential
  • array: Type of the credential. Every W3C credential type is represented by an array, where the first type is always VerifiableCredential followed by your custom credential name.

2. Custom Credential Type Expanded

Using the expanded syntax you can specify the credential type that needs to be supported next to the:

  • format
  • cryptographic_binding_methods_supported
  • credential_signing_alg_values_supported
  • credential_definition
  • doctype
  • vct
  • doctype

depending on the credential format. You can find examples for the different credential formats we support below.

W3C Example
SD-JWT VC Example
mDL Example
W3C Example with Credential Display
"BankId_jwt_vc_json" = {
        format = "jwt_vc_json"
        cryptographic_binding_methods_supported = ["jwk"]
        credential_signing_alg_values_supported = ["ES256"]
        credential_definition = { 
          types = ["VerifiableCredential", "BankId"] 
        }
}

3. Using External VCT URLs

For SD-JWT VC credentials, you can configure your own VCT (Verifiable Credential Type) URL instead of using a local or auto-generated one. This is particularly useful for:

  • Ecosystem setups: When multiple issuers need to reference a shared schema repository
  • Compliance requirements: When your organization requires using specific VCT URLs that conform to regulatory standards
  • Interoperability: When working with partners who use standardized VCT schemas

To use an external VCT URL, simply provide a fully qualified URL in the vct field:

"identity_credential_vc+sd-jwt" = {
    format = "vc+sd-jwt",
    cryptographic_binding_methods_supported = ["jwk"]
    credential_signing_alg_values_supported = ["ES256"]
    vct = "https://schema.example.com/vct/identity_credential"
}

Important: When using external VCT URLs, ensure:

  • The URL points to a valid VCT metadata document that conforms to the SD-JWT VC specification
  • The document is accessible and contains a valid JSON schema
  • The credential data you issue conforms to the schema defined in your VCT, as it will be validated during issuance

The VCT metadata document may contain either the schema or schema_uri properties. During credential issuance, the system will validate the credential data against the schema defined in your VCT.

Example Config

You can also find it in walt.id repo.

credential-issuer-metadata.conf
  supportedCredentialTypes = {
      BankId = [VerifiableCredential, BankId],
      KycChecksCredential = [VerifiableCredential, VerifiableAttestation, KycChecksCredential],
      KycCredential = [VerifiableCredential, VerifiableAttestation, KycCredential],
      KycDataCredential = [VerifiableCredential, VerifiableAttestation, KycDataCredential],
      PassportCh = [VerifiableCredential, VerifiableAttestation, VerifiableId, PassportCh],
      PND91Credential = [VerifiableCredential, PND91Credential],
      MortgageEligibility = [VerifiableCredential, VerifiableAttestation, VerifiableId, MortgageEligibility],
      PortableDocumentA1 = [VerifiableCredential, VerifiableAttestation, PortableDocumentA1],
      OpenBadgeCredential = [VerifiableCredential, OpenBadgeCredential],
      VaccinationCertificate = [VerifiableCredential, VerifiableAttestation, VaccinationCertificate],
      WalletHolderCredential = [VerifiableCredential, WalletHolderCredential],
      UniversityDegree = [VerifiableCredential, UniversityDegree],
      VerifiableId = [VerifiableCredential, VerifiableAttestation, VerifiableId],
      CTWalletSameAuthorisedInTime = [VerifiableCredential, VerifiableAttestation, CTWalletSameAuthorisedInTime],
      CTWalletSameAuthorisedDeferred = [VerifiableCredential, VerifiableAttestation, CTWalletSameAuthorisedDeferred],
      CTWalletSamePreAuthorisedInTime = [VerifiableCredential, VerifiableAttestation, CTWalletSamePreAuthorisedInTime],
      CTWalletSamePreAuthorisedDeferred = [VerifiableCredential, VerifiableAttestation, CTWalletSamePreAuthorisedDeferred],
      AlpsTourReservation = [VerifiableCredential, VerifiableAttestation, AlpsTourReservation],
      EducationalID = [VerifiableCredential, VerifiableAttestation, EducationalID],
      HotelReservation = [VerifiableCredential, VerifiableAttestation, HotelReservation],
      Iso18013DriversLicenseCredential = [VerifiableCredential, VerifiableAttestation, Iso18013DriversLicenseCredential],
      TaxReceipt = [VerifiableCredential, VerifiableAttestation, TaxReceipt],
      VerifiablePortableDocumentA1 = [VerifiableCredential, VerifiableAttestation, VerifiablePortableDocumentA1],
      Visa = [VerifiableCredential, VerifiableAttestation, Visa],
      eID = [VerifiableCredential, VerifiableAttestation, eID],
      NaturalPersonVerifiableID = [VerifiableCredential, VerifiableAttestation, NaturalPersonVerifiableID],
      BoardingPass = [VerifiableCredential, VerifiableAttestation, BoardingPass]
      
      "org.iso.18013.5.1.mDL" = {
        format = "mso_mdoc"
        cryptographic_binding_methods_supported = ["cose_key"]
        credential_signing_alg_values_supported = ["ES256"]
        proof_types_supported = { cwt = { proof_signing_alg_values_supported = ["ES256"] } }
        doctype = "org.iso.18013.5.1.mDL"
      }

     "identity_credential_vc+sd-jwt" = {
        format = "vc+sd-jwt",
        cryptographic_binding_methods_supported = ["jwk"]
        credential_signing_alg_values_supported = ["ES256"]
        vct = "http://localhost:22222/identity_credential"
     }
      
     "BankId_jwt_vc_json" = {
        format = "jwt_vc_json"
        cryptographic_binding_methods_supported = ["jwk"]
        credential_signing_alg_values_supported = ["ES256"]
        credential_definition = { 
          types = ["VerifiableCredential", "BankId"] 
        }
     }
     "identity_credential_vc+sd-jwt" = {
         format = "vc+sd-jwt",
         cryptographic_binding_methods_supported = ["jwk"]
         credential_signing_alg_values_supported = ["ES256"]
         types = ["identity_credential_vc+sd-jwt"],
         doctype = "identity_credential_vc+sd-jwt",
         vct = "https://example.org/identity_credential",
         display = [{
            name = "Test Credential",
             locale = "en-US",
             description = "This is a test credential",
             logo = {
                 url = "https://example.com/logo.png",
                 altText = "Logo"
             },
             backgroundColor = "#FFFFFF",
             textColor = "#000000"
         }],
         sdJwtVcTypeMetadata = {
             vct = "https://example.org/identity_credential",
             name = "Identity Credential",
             description = "The Identity Verifiable Credential"
         }
     }

  }
Last updated on November 18, 2025
FeaturesIssuer Service