Implement OID4VP (OpenID for Verifiable Presentations) verifier endpoint to request and verify W3C VC or mdoc credentials

Steps

1. Construct an OID4VP Authorization Request with response_type=vp_token (or code for response_code flow), client_id (verifier identifier), redirect_uri, nonce, and a presentation_definition JSON describing the required credential type and fields.
2. For JAR (JWT-Secured Authorization Request), sign the Authorization Request as a JWT and either pass it by reference (request_uri) or by value (request parameter); this prevents tampering.
3. The wallet resolves the presentation_definition, selects matching credentials, applies selective disclosure as configured, and returns a vp_token (and optionally presentation_submission) to the redirect_uri or via direct_post.
4. The verifier receives vp_token; if it is a W3C VC presentation it is a JWT or JSON-LD object; if mdoc it is CBOR — parse accordingly based on the format in presentation_submission.
5. Verify the vp_token: check the nonce matches your session, verify the credential issuer signature, verify the holder binding proof, and check credential validity (expiry, revocation status if applicable).