Description

Flow "User initiates Issuance from Keycloak Portal" from this discussion (with a note that "Keycloak Portal" can be 3rd-party web portal application secured by Keycloak).

User authenticates to some portal (for example university portal), which is Keycloak application. Portal presents available credentials for self-issuance (For example "education-certificate"). User selects some credential and then is redirected to Keycloak OIDC authorization code flow, which would possibly re-authenticate him (if needed) and then present him page with credential offer (QR code or deep-link). User can then claim the credential to his wallet, which might be on same or different device than the mentioned web portal application

Note: This might be implemented with AIA . Keycloak application can redirect to Keycloak with AIA and Keycloak will be able to display the screen with credential offer (QR code for wallet on different device, deep-link for wallet on the same device)