Support for Verifiable Credentials via OIDC4VC and Decentralized Identity

Leverage the next generation of digital identity standards. Keymate is architected to support OpenID for Verifiable Credentials (OIDC4VC) and emerging decentralized identity (DID) models—empowering privacy-preserving, portable credentials.

Future-Ready Identity with Verifiable Credentials and OpenID for VC

Why It Matters

Decentralized Identity (DID) and Verifiable Credentials (VC) are gaining traction in sectors where privacy, sovereignty, and interoperability are paramount.

With OIDC4VC, Keymate enables:

Key Components:

Issuance of Verifiable Credentials from Keycloak or third-party sources

Wallet-based authentication and selective disclosure

DID-based identifiers and signature validation

Backward compatibility with existing OIDC flows

How Verifiable Credential Flows Work in Keymate

User requests a VC from a credential issuer (e.g., Government, HRMS). The VC is issued in accordance with W3C standards and stored in user's wallet. At login, the wallet responds via an OIDC4VC flow. Keymate validates signature and extracts claims. Token is enriched with verified identity and credential scope.

Verifiable Credential Use Cases

Key Components:

National identity-based login via VC wallet

Access control based on verified employment or education

“Bring your own identity” for citizen portals

Extension Highlights — What Makes It Unique

OIDC4VC Provider Support

Built-in compatibility with OpenID for Verifiable Credentials flows

DID-Compliant Credential Parsing

Supports W3C DIDs and JSON-LD credential formats

Selective Disclosure Handling

Accept only relevant attributes from wallet credentials

Compatibility with Existing OIDC RP

No need to reimplement apps — standard OIDC support continues

Planned Support for VC Issuance

Design-ready for issuing VCs from Keymate in future roadmap

Frequently Asked Questions

Support for VC-based login via OIDC4VC is part of our roadmap. Early-access integration is available upon request.

Issuance capabilities are in planning. Currently, Keymate focuses on consumption and validation.

Any wallet that supports the OIDC4VC standard and W3C-compliant VC formats (e.g., EBSI Wallet, Trinsic, Lissi)

We leverage our SPI architecture to add support for VC parsing, DID resolution, and token enrichment—no forks required.

How to Use This Integration

Follow these steps to enable:

Enable OIDC4VC login flow in Keycloak

Register trust anchors and allowed credential schemas

Configure Keymate VC Parser SPI

Connect your wallet app and perform login via VC flow

Inspect enriched ID token with verified attributes

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.