# 9 Internal Workflows
## **9.1. Credential Issuance**
### 9.1.1. Credential Issuance via. Authorization Code Flow
This workflow follows the authorization code flow of the OAuth 2.0 authorization framework to authenticate the Holder and then issue a Verifiable Credential.
In this workflow, the Holder initiates the request using the Wallet and authenticates via the Issuer's authorization endpoint. Once authentication is completed and consent is given, the Issuer provides an authorization code specified in [RFC6749](https://www.rfc-editor.org/rfc/rfc6749.html) to issue access tokens. The Wallet can then use the access token to retrieve the credential from the Issuer by calling the credential issuance endpoint.
PlantUML Source
```plant-uml
@startuml
Holder -> Wallet: Holder selects a credential type\nfrom the list of credential types
Wallet -> Issuer: Authorization request\n(for the type of credential to be issued)
group Enduser authentication & consent
Issuer -> Holder: Authentication Challenge
Holder -> Issuer: Challenge Response
Issuer -> Holder: Consent Request
Holder -> Issuer: Consent Response
end
Issuer -> Wallet: Authorization response (code)
Wallet -> Issuer: Token request (code)
Issuer -> Wallet: Token response (Access Token)
Wallet -> Issuer: Credential Request \n(Access Token, proof(s))
Issuer -> Wallet: Credential Response \n(Credential(s) OR Transaction ID)
@enduml
```
### 9.1.2. Credential Issuance via. Pre-authorization Code Flow
This workflow follows the pre-authorization code flow of the OAuth 2.0 authorization framework. Before interacting with the Wallet, the Credential Issuer generates a Verifiable Credential for the Holder and provides a pre-authorization code. The Holder uses this pre-authorization code to obtain the Credentials in the Wallet which is shared as part of the token endpoint to receive an access token, which is then used to retrieve the credentials.
{% hint style="info" %}
The business process for generating the Verifiable Credentials and retrieving the pre-authorization code is out of the scope of this specification.
{% endhint %}
PlantUML Source
```plant-uml
@startuml
Holder -> Issuer: End-User provides information required\nfor the issuance of a certain Credential
Issuer -> Holder: Credential Offering Response (Pre-authorization Code)
@enduml
```
PlantUML Source
```plant-uml
@startuml
Holder -> Wallet: Interacts and shares the pre-authorization code
Wallet -> Issuer: Token request\n(pre-authorization code, tx_code)
Issuer -> Wallet: Token response (Access Token)
Wallet -> Issuer: Credential Request \n(Access Token, proof(s))
Issuer -> Wallet: Credential Response \n(Credential(s) OR Transaction ID)
@enduml
```
## **9.2. Presenting a Credentials**
### 9.2.1. Presenting Credential on the Same Device
In this workflow flow, the Holder presents the credential to a Verifier on the same device where the Holder's Wallet resides.
PlantUML Source
```plant-uml
@startuml
Holder -> Verifier: Interacts with Verifier
Verifier -> Wallet: Authorization Request
group Holder authentication & consent
Wallet -> Holder: Authentication Challenge
Holder -> Wallet: Challenge Response
Wallet -> Holder: Consent Request
Holder -> Wallet: Consent Response
end
Wallet -> Wallet: Generate Verifiable\nPresentation
Wallet -> Verifier: Authorization Response \n(VP Token with Verifiable Presentation(s))
@enduml
```
{% hint style="success" %}
A reference use case for same-device sharing of credentials is available [here](/wallet/1.1.0/use-cases/functional-use-cases.md#e-kyc-on-an-application-on-same-device).
{% endhint %}
### 9.2.2. Presenting Credentials Cross Device
In this workflow, the Holder presents the credential to a Verifier interacting with the Holder on a different device from the Wallet's location.
{% hint style="success" %}
A reference use case for cross-device sharing of credentials is available [here](/wallet/1.1.0/use-cases/functional-use-cases.md#sharing-credentials-while-entering-an-airport).
{% endhint %}
In this flow, the Verifier prepares an Authorization Request and renders it as a QR code. The User then uses the Wallet to scan the QR code to obtain the request URI. Using the request URI, the Wallet retrieves the presentation definition, authenticates the Holder, and captures consent to generate the Verifiable Presentation. The Verifiable Presentations are then sent to the Verifier.
PlantUML Source
```plant-uml
@startuml
Holder -> Verifier: Interacts with Verifier
Verifier -> Wallet: Authorization Request
Wallet -> Verifier: Respond with Request Object\n(Presentation Definition)
group Holder authentication & consent
Wallet -> Holder: Authentication Challenge
Holder -> Wallet: Challenge Response
Wallet -> Holder: Consent Request
Holder -> Wallet: Consent Response
end
Wallet -> Wallet: Generate Verifiable\nPresentation
Wallet -> Verifier: Authorization Response as HTTP POST\n(VP Token with Verifiable Presentation(s))
@enduml
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://specs.govstack.global/wallet/1.1.0/9-workflows.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.