Authorization using Verifiable Credentials

To successfully negotiate an OAuth2 access token, the token issuer (OAuth2 Authorization Server) will ask the client to present Verifiable Credentials. Nuts uses DIF Presentation Exchange for requesting and presenting credentials during authentication. It used by service-to-service (vp_token bearer OAuth2 flow) and user flow (OpenID4VP).

Presentation Definition

The party requesting a presentation, typically during access token negotiation, provides a Presentation Definition to the credential wallet. The Presentation Definition specifies which credentials the wallet must provide. If the wallet can't fulfill the definition, access token negotiation will fail.

An example Presentation Definition specifying a NutsOrganizationCredential, not restricted to a specific issuer could look as follows:

Scope Policy

The following example requires a

See the DIF Presentation Exchange specification for more information.