OID4VP: `submission` in `DifPexCredentialsForRequestRequirement` for `presentationDefinition`s with `pick` `submission_requirements`
DJHunn39 opened this issue · 1 comments
Credo version: 0.5.9
tl;dr
Presentation definitions with pick
requirements result in malformed presentationExchange
s because of logic defined here, where getSubmissionRequirementRulePick
assigns all satisfiedSubmissions
to the submission
property, instead of submissionEntry
.
Description
I'm currently building an OID4VP presentation flow where the presentation definition has some submission_requirements
. Here's what the presentation definition looks like:
{
id: 'someId',
purpose: 'Some purpose',
submission_requirements: [
{
name: 'Some name',
rule: 'pick',
count: 1,
from: 'someGroup'
}
],
input_descriptors: [
{
id: 'someInputDescriptorId',
group: ['someGroup'],
constraints: {
limit_disclosure: 'required',
fields: [
{
path: ['$.vct'],
filter: {
type: 'string',
pattern: 'someType'
}
},
{
path: ['$.someDisclosedAttribute']
}
]
}
},
{
id: 'someOtherInputDescriptorId',
group: ['someGroup'],
constraints: {
limit_disclosure: 'required',
fields: [
{
path: ['$.vct'],
filter: {
type: 'string',
pattern: 'someOtherType'
}
},
{
path: ['$.someDisclosedAttribute']
}
]
}
},
]
}
The presentation request is built as expected, and can be resolved by a Holder agent, but the single requirement
in resolvedPresentationRequest.presentationExchange.credentialsForRequest
does not match the DifPexCredentialsForRequestRequirement
type - what we would expect to be present under submissionEntry
is actually found in the submission
property, i.e:
{
"requirements": [
{
"rule": "pick",
"needsCount": 1,
"name": "Some name",
"submissionEntry": [], // This is empty
"isRequirementSatisfied": true,
"submission": [ // I'd expect this to be found under `submissionEntry`
{
"inputDescriptorId": "SomeInputDescriptorId",
"verifiableCredentials": [
{
"type": "vc+sd-jwt",
"credentialRecord": {
"_tags": {
"alg": "EdDSA",
"sdAlg": "sha-256",
"vct": "someType"
},
"metadata": {},
"id": "fcbcebd0-9577-4626-a2b3-730af7a89150",
"createdAt": "2024-08-05T15:08:59.583Z",
"compactSdJwtVc": "ey..........",
"updatedAt": "2024-08-05T15:08:59.583Z"
},
"disclosedPayload": {
"vct": "someType",
"exp": 1893456000000,
"validTo": 1893456000000,
"cnf": {
"kid": "did:key:..."
},
"iss": "did:key:...",
"iat": 1722870539,
"someDisclosedAttribute": "someDisclosedValue",
}
},
{
"type": "vc+sd-jwt",
"credentialRecord": {
"_tags": {
"alg": "EdDSA",
"sdAlg": "sha-256",
"vct": "someOtherType"
},
"metadata": {},
"id": "8aa3894c-c5e6-4344-896e-d872ff5dab17",
"createdAt": "2024-08-05T12:45:56.179Z",
"compactSdJwtVc": "ey........",
"updatedAt": "2024-08-05T12:45:56.179Z"
},
"disclosedPayload": {
"vct": "someOtherType",
"exp": 1754397955855,
"cnf": {
"kid": "did:key:..."
},
"iss": "did:key:...",
"iat": 1722861955,
"someDisclosedAttribute":"someDisclosedValue"
}
}
]
}
]
}
],
"areRequirementsSatisfied": true,
"purpose": "Some purpose"
}
This means that, for this type of presentationDefinition
, presentationExchangeService.selectCredentialsForRequest
cannot be used, as it leads to a No verifiable presentations created
error, as selectCredentialsForRequest
returns {}
.
If I build my own selectCredentialsForRequest
function, I need to adjust some types as Property 'submission' does not exist on type 'DifPexCredentialsForRequestRequirement'.
^ opened the above PR to cover the fix if it is as simple as changing that property from submission
to submissionEntry