# OpenID Connect for Verifiable Presentations
## Overview
**Dentity** provides a way for verifiers to request holders to share their credentials to verify easily and securely using [OpenID Connect](https://openid.net/developers/how-connect-works/) (OIDC). Specifically in this specification we build and follow [OpenID Connect for Verifiable Presentations](https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0-07.html) and [W3C Verifiable Credentials](https://www.w3.org/TR/vc-data-model/#presentations).
## Usage
### Prerequisites
You need some of the following to get started:
* Access to [Denity Business](https://business.dentity.com/) site to create OIDC client. If you didn't, contact us to get support.
* Have a basic understanding of [OpenID Connect](https://openid.net/developers/how-connect-works/) (OIDC) and related concepts.
* Have created OIDC client.
### Configuration
Create OIDC client in [Denity Business](https://business.dentity.com/) site and get the configuration. Configure the OIDC library you use with the parameters below.
Authority URL: `https://oidc.dentity.com/oidc/auth`
Parameter
Description
client_id
A unique string that you receive after creating the client to identify the application
redirect_uri
The URL will be redirected after the user has verified successfully
response_type
code
scope
openidprofile
### Response and vp\_token
After the user successfully verify with their credential you will receive the corresponding sample format below.
{% hint style="info" %}
**vp\_token example**: Notice that the data below has been changed for brevity.
{% endhint %}
```json
{
"access_token": "fkGh6S2437IaX4YfM0Eumv_2QCjbl14Z1MybzUeQf3r",
"expires_in": 86400,
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6...",
"scope": "openid profile",
"token_type": "Bearer",
"vp_token": [
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/bbs/v1",
...
],
"id": "urn:vc",
"type": [
"VerifiedPhoneNumber",
"VerifiableCredential"
],
"credentialSchema": {
"id": "...",
"type": "JsonSchemaValidator2018"
},
"credentialStatus": {
"id": "urn:revocation-registry:dentity:KZswpDQWysmHYy...",
"type": "RevocationList2020Status",
"revocationListCredential": "urn:revocation-registry:dentity:KZswpDQWysmHYy...",
"revocationListIndex": "147"
},
"credentialSubject": {
"id": "urn:vc:subject:0",
"credentialIssuer": "...",
"credentialType": "...",
"holderFullName": "...",
"phoneNumber": "..."
},
"issuanceDate": "2023-07-19T03:02:53Z",
"issuer": "did:ion:test:EiAMNztHqMNA3MrKg-...",
"proof": {
"type": "BbsBlsSignatureProof2020",
"created": "2023-07-19T03:02:53Z",
"nonce": "IZU4ZNyOUzfAqpjCvtgZ...",
"proofPurpose": "assertionMethod",
"proofValue": "ABMH//+V8aQn2fUDpr8a3XGIyosNIVh3LaF0lbjsI...",
"verificationMethod": "did:ion:test:EiAMNztHqMNA3MrKg-dDGJ5...#g2-public"
}
}
]
}
```
The response parameter `vp_token` is defined as follows:
* `vp_token`: a parameter that either directly contains a verifiable presentation or a JSON array with multiple verifiable presentations
* A `vp_token` MUST be provided in the same response as the `id_token` of the respective OpenID Connect transaction. Depending on the response/grant type, this can be either the authentication response or the token response.
* The `vp_token` either contains a single verifiable presentation or an array of verifiable presentations.
### Verify the proof
When the user verifies successfully. You will get vp\_token. Before you start using that data, we recommend you verify it first.
The proof can be verified with:
* Libraries that support VC verifications for [BBS+ signatures](https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html).
* Call [Dentity's API](/reference/wallets-and-credentials/api-endpoints/credential.md#verify-credential-proof) to verify the proof
{% hint style="warning" %}
**Verify the proof:** \
Always verify the proof before making use of its data. You can rely on the return value when verifying to use it for your purposes.
Without verification, the received proof is of no more value than an unsubstantiated claim made by your user.
{% endhint %}
## OIDC client libraries
Currently, there are many libraries/packages that support OIDC client integration for most languages. You can view some of the certified packages from [OpenID Connect](https://openid.net/certified-open-id-developer-tools/):
* `Typescript/Javascript` [oidc-client](https://www.npmjs.com/package/openid-client)
* `C#` [IdentityModel.OidcClient](https://github.com/IdentityModel/IdentityModel.OidcClient2)
* `Golang` [OIDC v0.15.7](https://github.com/zitadel/oidc)
* `Java` [GKIDP Broker 1.0.0](https://www.kinto-technologies.com/)
* `Python` [pyoidc](https://github.com/CZ-NIC/pyoidc)
* `Ruby` [openid\_connect](https://github.com/nov/openid_connect)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.dentity.com/reference/wallets-and-credentials/openid-for-verifiable-credentials/openid-connect-for-verifiable-presentations.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.