nklomp
commented
1 year ago Let me setup a test later today. I am assuming that the object is not a string somehow
Closed mmatteo23 closed 1 year ago
nklomp
commented
1 year ago Let me setup a test later today. I am assuming that the object is not a string somehow
nklomp
commented
1 year ago Wow, something for sure is wrong with that request:
Indeed it is an object instead of a string.
Could you happen to provide the input params you used or the builder code you used?
mmatteo23
commented
1 year ago Thank you @nklomp.
Sure! Here you are.
This is my OP object setup:
OP.builder()
.withExpiresIn(6000)
.addDidMethod("ethr")
.addDidMethod("key")
.withIssuer(ResponseIss.SELF_ISSUED_V2)
.withInternalSignature(this._keys.hexPrivateKey, this._keys.did, this._keys.didKey, this._keys.alg)
.build();And this is the other one for RP:
RP.builder()
.withRedirectUri(AuthRequestCallback)
.withRequestByValue()
.withRevocationVerification(RevocationVerification.NEVER)
.withInternalSignature(
this._keys.hexPrivateKey,
this._keys.did,
this._keys.didKey,
this._keys.alg
)
.addDidMethod("ethr")
.addDidMethod("key")
.withSupportedVersions([
SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1
])
.withClientMetadata({
idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA],
passBy: PassBy.VALUE,
requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256],
responseTypesSupported: [ResponseType.ID_TOKEN],
vpFormatsSupported: { jwt_vc: { alg: [SigningAlgo.EDDSA] } },
scopesSupported: [Scope.OPENID_DIDAUTHN, Scope.OPENID],
subjectTypesSupported: [SubjectType.PAIRWISE],
subject_syntax_types_supported: ["did:ethr:", "did:key:", "did"]
})
.withPresentationDefinition({
definition: {
"id": "1234-1234-1234-1234",
"input_descriptors": [
{
"id": "ExampleInputDescriptor",
"schema": [
{
"uri": "https://did.itsourweb.org:3000/smartcredential/Ontario-Health-Insurance-Plan"
}
]
}
]
}
})
.build();Let me know if you need more information
nklomp
commented
1 year ago Thanks that will do. Will have a look at it later today though
nklomp
commented
1 year ago Okay the issue is that it defaults to take the DID supplied as clientId if no clientId is specifically set. It does this after checking the registration metadata. This means in most cases you do not have to set a client_id, as it will pick it up automatically.
However when checking for the registration metadata, it takes the whole registration object instead if the the client_id from the registration object. Given that object will always be filled, even if it does not contain a client_id the DID fallback will never be triggered. Then the JWT generation process simply kicks in and that is happy to encode and sign the whole object. Only on the other side when decoding everything you run into issues, as the client_id is not a string as it should be.
Working on a fix and test. A new version will be released shortly
nklomp
commented
1 year ago 0.3.1 has been released fixing the issue. https://github.com/Sphereon-Opensource/SIOP-OID4VP/releases/tag/v0.3.1
Thanks for reporting
mmatteo23
commented
1 year ago No problem. Thanks to you for the quick fix 💪
Hi all, I was trying your library following your tutorial but I'm stuck at "OP Auth Request verification" point.
I'm using your
"@sphereon/did-auth-siop": "^0.3.0"library version.I was able to create an
AuthorizationRequestcorrectly, obtain theencodedURIand return it.This is an example:
Then when I try to verify it using the method
OP.verifyAuthorizationRequest()passing the URI above it gives me this error:It's a function from Typescript String library, so I don't know what the problem could be. Any ideas?