Authorization using Verifiable Credentials

To successfully negotiate an OAuth2 access token, the token issuer (OAuth2 Authorization Server) will ask the client to present Verifiable Credentials. Nuts uses DIF Presentation Exchange for requesting and presenting credentials during authentication. It ~~is specified~~used by ~~OpenID4VP~~service-to-service ~~and the~~ (vp_token bearer OAuth2 ~~flow.~~flow) and user flow (OpenID4VP).

Presentation Definition

The party requesting a presentation, typically during access token negotiation, provides a Presentation Definition to the credential wallet. The Presentation Definition specifies which credentials the wallet must provide. If the wallet can't fulfill the definition, access token negotiation will fail.

An example Presentation ~~Definitions~~Definition ~~are used for communicating the required credentials for~~specifying a ~~certain~~NutsOrganizationCredential, ~~requested~~not ~~scope~~restricted ~~during~~to ~~access~~a ~~token~~specific ~~negotiation~~issuer ~~(both~~could ~~service-to-service~~look ~~flow~~as ~~and user flow). They are also used by Discovery Services (more on that in another chapter).~~follows:

Scope Policy

The following example requires a

See the DIF Presentation Exchange specification for more information.