overview.puml

@startuml

actor User as U
participant Wallet as W
box Issuer
participant "Setup" as Setup
participant "PAR" as PAR
participant "Authentication" as AS
participant "Token" as T
participant "Credentials API" as P
participant "Poll Credentials API" as I
end box
autoactivate on
hide footbox

U -> W: interact
note over W: Wallet discovers manifest listing\nrequirements to receive\nof a certain credential (Optional)
note over W: Wallet preobtains credentials necessary\nas the input to receive certain credentials (Optional)

alt no presentations required in authorization request
W -> AS: authorization request with desired credential type in the claims parameter
end

alt presentations required in authorization request
W -> AS: issuance request with manifest_id in credential_application
return presentation_nonce as a challenge

W -> W: prepare VCs as VP bound to presentation_nonce
deactivate W

W -> AS: authorizeation request with presentations as input in presentation_submission\n[Can use PAR is the request is too big in the size]

opt W -> PAR: submissing presentations
return request_uri
end

note over AS: Issuer will authenticate user or utilize credentials or assertions to identify user. \noptions: local login, callback to wallet (shown below), federated login (via OpenID or SAML), ...

opt Request credentials as prerequsite for issuance
AS -> W: request for presentation (OIDC4VPs)
return: presentations
end opt

return code

W -> T: code
return access_token

W->P: request issuance by presenting bindable proof (access token has is challenge)

note over P: access token hash is used as challenge

return credential or acceptance token issued
opt Token not yet issued

W->I: credential request with accptance token
return credential
end opt

@enduml