diff --git a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt
index 6d19c184aeb553e790b33afbc460a2363452a232..bf9ff8db4c77c81da480121c46ae19f52ac3f5dc 100644
--- a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt
+++ b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt
@@ -24,6 +24,9 @@ import at.asitplus.wallet.lib.jws.JwsHeader
 import at.asitplus.wallet.lib.jws.JwsService
 import at.asitplus.wallet.lib.jws.JwsSigned
 import at.asitplus.wallet.lib.jws.VerifierJwsService
+import at.asitplus.wallet.lib.oidc.OpenIdConstants.ID_TOKEN
+import at.asitplus.wallet.lib.oidc.OpenIdConstants.URN_TYPE_JWK_THUMBPRINT
+import at.asitplus.wallet.lib.oidc.OpenIdConstants.VP_TOKEN
 import com.benasher44.uuid.uuid4
 import io.github.aakira.napier.Napier
 import kotlinx.datetime.Clock
@@ -106,13 +109,13 @@ class OidcSiopProtocol(
         val metadata = RelyingPartyMetadata(
             redirectUris = arrayOf(relyingPartyUrl),
             jsonWebKeySet = JsonWebKeySet(arrayOf(agentPublicKey)),
-            subjectSyntaxTypesSupported = arrayOf("urn:ietf:params:oauth:jwk-thumbprint", "did:key"),
+            subjectSyntaxTypesSupported = arrayOf(URN_TYPE_JWK_THUMBPRINT, "did:key"),
             vpFormats = FormatHolder(
                 jwtVp = FormatContainerJwt(algorithms = arrayOf(JwsAlgorithm.ES256.text)),
             ),
         )
         return AuthenticationRequestParameters(
-            responseType = "id_token vp_token", // TODO Extract constants
+            responseType = "$ID_TOKEN $VP_TOKEN",
             clientId = relyingPartyUrl,
             redirectUri = relyingPartyUrl,
             scope = "openid profile",
@@ -181,17 +184,17 @@ class OidcSiopProtocol(
         val audience = params.clientMetadata?.jsonWebKeySet?.keys?.get(0)?.identifier
             ?: return null
                 .also { Napier.w("Could not parse audience") }
-        if ("urn:ietf:params:oauth:jwk-thumbprint" !in params.clientMetadata.subjectSyntaxTypesSupported)
+        if (URN_TYPE_JWK_THUMBPRINT !in params.clientMetadata.subjectSyntaxTypesSupported)
             return null
                 .also { Napier.w("Incompatible subject syntax types algorithms") }
         if (params.clientId != params.redirectUri)
             return null
                 .also { Napier.w("client_id does not match redirect_uri") }
-        if ("id_token" !in params.responseType)
+        if (ID_TOKEN !in params.responseType)
             return null
-                .also { Napier.w("response_type is not \"id_token\"") }
+                .also { Napier.w("response_type is not \"$ID_TOKEN\"") }
         // TODO "claims" may be set by the RP to tell OP which attributes to release
-        if ("vp_token" !in params.responseType && params.presentationDefinition == null)
+        if (VP_TOKEN !in params.responseType && params.presentationDefinition == null)
             return null
                 .also { Napier.w("vp_token not requested") }
         if (params.clientMetadata.vpFormats == null)
diff --git a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt
index f31ca8e21ab52b69e838f9d1829b58d392235b0d..cd2d2aaff73ed6fde2cf65a6feae9df3b4b6ecf1 100644
--- a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt
+++ b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt
@@ -2,7 +2,9 @@ package at.asitplus.wallet.lib.oidc
 
 object OpenIdConstants {
 
-    const val ID_TOKEN = "idToken"
+    const val ID_TOKEN = "id_token"
+
+    const val VP_TOKEN = "vp_token"
 
     const val GRANT_TYPE_CODE = "code"
 
@@ -10,6 +12,8 @@ object OpenIdConstants {
 
     const val TOKEN_TYPE_BEARER = "bearer"
 
+    const val URN_TYPE_JWK_THUMBPRINT = "urn:ietf:params:oauth:jwk-thumbprint"
+
     const val PATH_WELL_KNOWN_CREDENTIAL_ISSUER = "/.well-known/openid-credential-issuer"
 
     /**
@@ -25,7 +29,6 @@ object OpenIdConstants {
         const val JWT = "jwt"
 
         const val JWT_HEADER_TYPE = "openid4vci-proof+jwt"
-
     }
 
     /**
@@ -50,4 +53,4 @@ object OpenIdConstants {
         const val INVALID_PROOF = "invalid_or_missing_proof"
     }
 
-}
\ No newline at end of file
+}
diff --git a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt
index a39494aa2cda4ccc6e1d983febd27de2de0435db..f56882f5408784be8543bd2ed756d78e8390b395 100644
--- a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt
+++ b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt
@@ -11,6 +11,7 @@ import at.asitplus.wallet.lib.oidc.OpenIdConstants.Errors
 import at.asitplus.wallet.lib.oidc.OpenIdConstants.ProofTypes
 import at.asitplus.wallet.lib.oidc.OpenIdConstants.TOKEN_PREFIX_BEARER
 import at.asitplus.wallet.lib.oidc.OpenIdConstants.TOKEN_TYPE_BEARER
+import at.asitplus.wallet.lib.oidc.OpenIdConstants.URN_TYPE_JWK_THUMBPRINT
 import io.ktor.http.URLBuilder
 import kotlin.coroutines.cancellation.CancellationException
 
@@ -41,7 +42,7 @@ class IssuerService(
                 format = CredentialFormatEnum.JWT_VC,
                 id = it.vcType,
                 types = arrayOf(VERIFIABLE_CREDENTIAL, it.vcType),
-                supportedBindingMethods = arrayOf("did:key", "jwk-thumbprint"),
+                supportedBindingMethods = arrayOf("did:key", URN_TYPE_JWK_THUMBPRINT),
                 supportedCryptographicSuites = arrayOf(JwsAlgorithm.ES256.text),
             )
         }