Add Essential OID4VCI Client Scope Configuration Fields to Admin UI

[forkimenjeckayang]

This PR adds essential configuration fields for OID4VCI (OpenID for Verifiable Credentials Issuance) client scopes in the Admin UI.

Added Fields

1. Credential Display (vc.display)

   • JSON textarea field for configuring how credentials are displayed in wallets
   • Includes metadata such as name, logo, colors, and localized descriptions
   • Available for all credential formats

2. Supported Credential Types (vc.supported_credential_types)

   • Text field for specifying credential types (e.g., "VerifiableCredential,UniversityDegreeCredential")
   • Used in the credential definition for both JWT VC and SD-JWT formats
   • Shown when format is jwt_vc or dc+sd-jwt

3. Verifiable Credential Type (vc.verifiable_credential_type)

   • Text field for the credential type identifier (VCT) used in SD-JWT format credentials
   • Required for SD-JWT format per the OID4VCI specification
   • Only shown when format is dc+sd-jwt

Format Dropdown Update

• Removed ldp_vc (LDP VC) option from the format dropdown as it is not currently implemented
• Only dc+sd-jwt (SD-JWT VC) and jwt_vc (JWT VC) formats are now available

Why Not Include Other Fields?

Several other OID4VCI attributes were not added to the UI because they:

• Have working defaults - The backend automatically provides sensible default values
• Are advanced configurations - Typically only needed for specific use cases
• Can be configured via REST API - Available for power users who need fine-grained control

Examples of excluded fields (with defaults):

• vc.proof_signing_alg_values_supported - Defaults to realm's available signing algorithms
• vc.cryptographic_binding_methods_supported - Defaults to "jwk"
• vc.signing_key_id - Optional, defaults to realm's active signing key
• vc.sd_jwt.number_of_decoys - Defaults to 10
• vc.credential_build_config.* - Various SD-JWT build configurations with sensible defaults

This approach keeps the UI simple and focused on essential configuration while maintaining flexibility for advanced users via the REST API.

Closses

• Issue: Verify and Fix OID4VCI Client Scope Configuration in Admin UI #186

[Awambeng]

Hi @forkimenjeckayang,
Thank you for the PR! 🙌 I have a few minor points I’d like you to clarify.

I noticed that some attributes haven’t been included in the UI, which makes sense based on your explanation. However, I was wondering if a few of them might still be useful to include. For example:

1. vc.credential_build_config.token_jws_type – This is used to set the typ parameter in the JWT (e.g., in our case, we use dc+sd-jwt).

2. vc.credential_build_config.sd_jwt.visible_claims – This defines which claims are disclosed in the SD-JWT body. If we ever want to include other claims beyond the defaults, wouldn’t it make sense to integrate this into the UI?

3. vc.signing_key_id – This specifies the key used to sign the credential. Would it be possible (and practical) to have a dropdown listing all registered keys in the realm, allowing users to choose which one to use? I’m not sure how complex this might be, but it could be a nice addition.

[Awambeng]

I have a few comments. Could you please check?

[forkimenjeckayang]

@Awambeng
Changes and suggestions applied.
Please have another look

[Awambeng]

@forkimenjeckayang I’ve added a few comments. Please take a look when you have a moment.

[forkimenjeckayang]

Suggestions applied @Awambeng
Please have another look

[IngridPuppet]

I checked carefully and it looks very good to me. I left a few minor comments though. Could you please check?

[IngridPuppet]

Thank you for the update.