Support request byValue and byReference and presentationDefinition #57
+1,011
−271
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pulledtim
reviewed
May 6, 2025
| @@ -165,6 +208,11 @@ In order to ease the integration into frontends, VCVerifier offers a login-page | |||
|
|
|||
| In order to start a ```same-device```-flow(e.g. the credential is hold by the requestor, instead of an additional device like a mobile wallet) call: | |||
| ```shell | |||
| # scope to be requested from the wallet | |||
pulledtim
reviewed
May 6, 2025
| @@ -258,7 +311,12 @@ configRepo: | |||
|
|
|||
| ### Gaia-X Registry | |||
|
|
|||
| When using the [Gaia-X Digital Clearing House's](https://gaia-x.eu/services-deliverables/digital-clearing-house/) Registry Services, the issuer to be checked needs to fullfill the requirements of a Gaia-X participant. Thus, only did:web is supported for such and they need to provide a valid ```x5u``` location as part of their ```publicKeyJwk```. Usage of such registries can than be configured as following: | |||
| When using the [Gaia-X Digital Clearing House's](https://gaia-x.eu/services-deliverables/digital-clearing-house/) Registry Services, the issuer to be checked needs to fullfill the requirements of | |||
| # scope to be requested from the wallet | |||
pulledtim
reviewed
May 6, 2025
| ``` | ||
| openid4vp://?client_id=did:key:verifier&request_uri=verifier.org/api/v1/request/randomState&request_uri_method=get" | ||
| ``` | ||
| The object than can be retrived via: |
There was a problem hiding this comment.
Suggested change
| The object than can be retrived via: | |
| The object than can be retrieved via: |
pulledtim
reviewed
May 6, 2025
| The object than can be retrived via: | ||
| ```shell | ||
| curl https://verifier.org/api/v1/request/randomState | ||
| ``` |
There was a problem hiding this comment.
Would it help to show an example value of the retrieved data here?
pulledtim
reviewed
May 6, 2025
| @@ -18,6 +18,7 @@ paths: | |||
| - $ref: '#/components/parameters/QueryState' | |||
| - $ref: '#/components/parameters/ClientCallback' | |||
| - $ref: '#/components/parameters/ClientId' | |||
| - $ref: '#/components/parameters/RequestMode' | |||
| operationId: VerifierPageDisplayQRSIOP | |||
| summary: Presents a qr as starting point for the auth process | |||
| description: Returns a rendered html with a QR encoding the login-starting point for the siop flow - e.g. 'openid://?scope=somethign&response_type=rt&response_mode=rm&client_id=ci&redirect_uri=uri&state=state&nonce=nonce' | |||
There was a problem hiding this comment.
Suggested change
| description: Returns a rendered html with a QR encoding the login-starting point for the siop flow - e.g. 'openid://?scope=somethign&response_type=rt&response_mode=rm&client_id=ci&redirect_uri=uri&state=state&nonce=nonce' | |
| description: Returns a rendered html with a QR encoding the login-starting point for the siop flow - e.g. 'openid://?scope=somethign&response_type=rt&response_mode=rm&client_id=ci&redirect_uri=uri&state=state&nonce=nonce&request_mode=urlEncoded' |
pulledtim
reviewed
May 6, 2025
| required: false | ||
| schema: | ||
| type: string | ||
| enum: |
pulledtim
reviewed
May 6, 2025
| @@ -58,6 +58,10 @@ type Logging struct { | |||
| type Verifier struct { | |||
| // did to be used by the verifier | |||
| Did string `mapstructure:"did"` | |||
| // Identification to be used for the verifier | |||
| ClientIdentification ClientIdentification `mapstructure:"clientIdentification"` | |||
| // supported request modes - currently 'urlEncoded', 'byValue' an 'byReference' are available. In case of byValue, the keyPath has to be set. | |||
There was a problem hiding this comment.
Suggested change
| // supported request modes - currently 'urlEncoded', 'byValue' an 'byReference' are available. In case of byValue, the keyPath has to be set. | |
| // supported request modes - currently 'urlEncoded', 'byValue' and 'byReference' are available. In case of byValue, the keyPath has to be set. |
pulledtim
reviewed
May 6, 2025
| } | ||
|
|
||
| func (cs ConfiguredService) GetPresentationDefinition(scope string) PresentationDefinition { | ||
| logging.Log().Warnf("The ScopeEntry %s", logging.PrettyPrintObject(cs.GetScope(scope))) |
There was a problem hiding this comment.
I know its highly unlikely but what if the config from the CCS get updated between these two calls and we return a different config than we log here
pulledtim
reviewed
May 6, 2025
| cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier) | ||
| if hit { | ||
|
|
||
| logging.Log().Warnf("The definition %s", logging.PrettyPrintObject(presentationDefinition)) |
There was a problem hiding this comment.
Suggested change
| logging.Log().Warnf("The definition %s", logging.PrettyPrintObject(presentationDefinition)) | |
| logging.Log().Debugf("The definition %s", logging.PrettyPrintObject(presentationDefinition)) |
pulledtim
reviewed
May 6, 2025
|
|
||
| didSigningKey, err := getRequestSigningKey(verifierConfig.ClientIdentification.KeyPath, verifierConfig.ClientIdentification.Id) | ||
| if (slices.Contains(verifierConfig.SupportedModes, REQUEST_MODE_BY_VALUE) || slices.Contains(verifierConfig.SupportedModes, REQUEST_MODE_BY_REFERENCE)) && err != nil { | ||
| logging.Log().Errorf("Was not able to get a signing key, despite mode %s supported. Err: %v", REQUEST_MODE_BY_VALUE, err) |
There was a problem hiding this comment.
Would it make sense to wrap the error with the additional description and return it?
pulledtim
reviewed
May 6, 2025
| } else { | ||
| err = nil | ||
| } | ||
|
|
||
| logging.Log().Warnf("Initiated key %s.", logging.PrettyPrintObject(key)) |
There was a problem hiding this comment.
can you move this line over the new code so its with the init of the field "key"?
pulledtim
reviewed
May 6, 2025
| requestObject, err := v.createAuthenticationRequestObject(redirectUri, state, clientId) | ||
| loginSession.requestObject = string(requestObject[:]) | ||
|
|
||
| logging.Log().Infof("Store session with id %s", state) |
There was a problem hiding this comment.
Suggested change
| logging.Log().Infof("Store session with id %s", state) | |
| logging.Log().Debugf("Store session with id %s", state) |
pulledtim
reviewed
May 6, 2025
| logging.Log().Errorf("Was not able to get the presentationDefintion for %s. Err: %v", clientId, err) | ||
| return requestObject, err | ||
| } | ||
| logging.Log().Warnf("The definition %s", logging.PrettyPrintObject(presentationDefinition)) |
There was a problem hiding this comment.
Suggested change
| logging.Log().Warnf("The definition %s", logging.PrettyPrintObject(presentationDefinition)) | |
| logging.Log().Debugf("The definition %s", logging.PrettyPrintObject(presentationDefinition)) |
pulledtim
reviewed
May 6, 2025
| } | ||
|
|
||
| headers := jws.NewHeaders() | ||
| headers.Set("typ", REQUEST_OBJECT_TYP) |
There was a problem hiding this comment.
Is the header key correct?
There was a problem hiding this comment.
Yes. (even thought, I'm also always confused about the missing "e")
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Requires CredentialConfigService > 3.x