diff --git a/pkg/openid4ci/interaction.go b/pkg/openid4ci/interaction.go
index 9c0994db..e2b987e8 100644
--- a/pkg/openid4ci/interaction.go
+++ b/pkg/openid4ci/interaction.go
@@ -21,24 +21,20 @@ import (
 	"strings"
 	"time"
 
-	"github.com/trustbloc/vc-go/proof/defaults"
-
-	diderrors "github.com/trustbloc/wallet-sdk/pkg/did"
-	"github.com/trustbloc/wallet-sdk/pkg/did/wellknown"
-
-	"github.com/trustbloc/wallet-sdk/pkg/common"
-
 	"github.com/google/uuid"
 	"github.com/piprate/json-gold/ld"
 	"github.com/trustbloc/vc-go/dataintegrity"
 	"github.com/trustbloc/vc-go/dataintegrity/suite/ecdsa2019"
+	"github.com/trustbloc/vc-go/proof/defaults"
 	"github.com/trustbloc/vc-go/verifiable"
 	"golang.org/x/oauth2"
 
-	"github.com/trustbloc/wallet-sdk/pkg/models/issuer"
-
 	"github.com/trustbloc/wallet-sdk/pkg/api"
+	"github.com/trustbloc/wallet-sdk/pkg/common"
+	diderrors "github.com/trustbloc/wallet-sdk/pkg/did"
+	"github.com/trustbloc/wallet-sdk/pkg/did/wellknown"
 	metadatafetcher "github.com/trustbloc/wallet-sdk/pkg/internal/issuermetadata"
+	"github.com/trustbloc/wallet-sdk/pkg/models/issuer"
 	"github.com/trustbloc/wallet-sdk/pkg/walleterror"
 )
 
@@ -652,7 +648,16 @@ func (i *interaction) issuerBasicTrustInfo() (*basicTrustInfo, error) {
 	jwtKID := i.issuerMetadata.GetJWTKID()
 
 	if jwtKID == nil {
-		return &basicTrustInfo{}, nil
+		var issuerURI *url.URL
+
+		issuerURI, err = url.Parse(i.issuerURI)
+		if err != nil {
+			return nil, fmt.Errorf("parse issuer uri: %w", err)
+		}
+
+		return &basicTrustInfo{
+			Domain: issuerURI.Host,
+		}, nil
 	}
 
 	jwtKIDSplit := strings.Split(*jwtKID, "#")
diff --git a/pkg/openid4ci/issuerinitiatedinteraction_test.go b/pkg/openid4ci/issuerinitiatedinteraction_test.go
index 9224f752..5c2466af 100644
--- a/pkg/openid4ci/issuerinitiatedinteraction_test.go
+++ b/pkg/openid4ci/issuerinitiatedinteraction_test.go
@@ -2092,40 +2092,65 @@ func TestIssuerInitiatedInteraction_VerifyIssuer(t *testing.T) {
 }
 
 func TestIssuerInitiatedInteraction_IssuerTrustInfo(t *testing.T) {
+	issuerServerHandler := &mockIssuerServerHandler{
+		t: t,
+	}
+
+	server := httptest.NewServer(issuerServerHandler)
+	defer server.Close()
+
 	t.Run("Success", func(t *testing.T) {
-		issuerServerHandler := &mockIssuerServerHandler{
-			t: t,
-		}
+		t.Run("Signed metadata", func(t *testing.T) {
+			localKMS, err := localkms.NewLocalKMS(localkms.Config{Storage: localkms.NewMemKMSStore()})
+			require.NoError(t, err)
 
-		server := httptest.NewServer(issuerServerHandler)
-		defer server.Close()
+			_, publicKey, err := localKMS.Create(arieskms.ED25519Type)
+			require.NoError(t, err)
 
-		localKMS, err := localkms.NewLocalKMS(localkms.Config{Storage: localkms.NewMemKMSStore()})
-		require.NoError(t, err)
+			networkDocumentLoaderHTTPTimeout := time.Second * 10
 
-		_, publicKey, err := localKMS.Create(arieskms.ED25519Type)
-		require.NoError(t, err)
+			config := &openid4ci.ClientConfig{
+				DIDResolver:                      &mockResolver{keyWriter: localKMS, pubJWK: publicKey},
+				DisableVCProofChecks:             true,
+				NetworkDocumentLoaderHTTPTimeout: &networkDocumentLoaderHTTPTimeout,
+			}
 
-		networkDocumentLoaderHTTPTimeout := time.Second * 10
+			issuerServerHandler.issuerMetadata = createSignedMetadata(t, localKMS, publicKey, server.URL)
 
-		config := &openid4ci.ClientConfig{
-			DIDResolver:                      &mockResolver{keyWriter: localKMS, pubJWK: publicKey},
-			DisableVCProofChecks:             true,
-			NetworkDocumentLoaderHTTPTimeout: &networkDocumentLoaderHTTPTimeout,
-		}
+			credentialOfferIssuanceURI := createCredentialOfferIssuanceURI(t, server.URL, false, true)
 
-		issuerServerHandler.issuerMetadata = createSignedMetadata(t, localKMS, publicKey, server.URL)
+			interaction, err := openid4ci.NewIssuerInitiatedInteraction(credentialOfferIssuanceURI, config)
+			require.NoError(t, err)
+			require.NotNil(t, interaction)
 
-		credentialOfferIssuanceURI := createCredentialOfferIssuanceURI(t, server.URL, false, true)
+			trustInfo, err := interaction.IssuerTrustInfo()
+			require.NoError(t, err)
+			require.NotNil(t, trustInfo)
+			require.Contains(t, trustInfo.Domain, "trustbloc.local")
+		})
 
-		interaction, err := openid4ci.NewIssuerInitiatedInteraction(credentialOfferIssuanceURI, config)
-		require.NoError(t, err)
-		require.NotNil(t, interaction)
+		t.Run("Origin-based trust", func(t *testing.T) {
+			config := &openid4ci.ClientConfig{
+				DIDResolver: &mockResolver{},
+			}
 
-		trustInfo, err := interaction.IssuerTrustInfo()
-		require.NoError(t, err)
-		require.NotNil(t, trustInfo)
-		require.Contains(t, trustInfo.Domain, "trustbloc.local")
+			issuerServerHandler.issuerMetadata = strings.ReplaceAll(sampleIssuerMetadata, serverURLPlaceholder,
+				server.URL)
+
+			credentialOfferIssuanceURI := createCredentialOfferIssuanceURI(t, server.URL, false, true)
+
+			interaction, err := openid4ci.NewIssuerInitiatedInteraction(credentialOfferIssuanceURI, config)
+			require.NoError(t, err)
+			require.NotNil(t, interaction)
+
+			serverURL, err := url.Parse(server.URL)
+			require.NoError(t, err)
+
+			trustInfo, err := interaction.IssuerTrustInfo()
+			require.NoError(t, err)
+			require.NotNil(t, trustInfo)
+			require.Equal(t, serverURL.Host, trustInfo.Domain)
+		})
 	})
 }