OpenID Connect

OpenID Connect (OIDC) is the identity layer built on top of OAuth 2.0. OAuth 2.0 is about delegated authorization ("let this app call that API on my behalf"); OIDC adds identity claims ("here's who the authenticated user is"). The result is the "Sign in with Google / Microsoft / Apple" flow that most web apps offer.

OIDC introduces the ID token — a JWT that asserts who the user is, when they authenticated, what scopes they consented to. OIDC also defines discovery metadata (the /.well-known/openid-configuration endpoint) that clients use to bootstrap.

OpenID4VCI and OpenID4VP — the two specifications LearnCoin plans to implement for EUDI Wallet alignment — are extensions to the OIDC flow. Instead of issuing an ID token (which just identifies the user), the issuer returns a verifiable credential. Instead of presenting an ID token to the verifier, the holder presents a VP. Same OAuth-style handshake, different payloads.