Closed mmatteo23 closed 1 year ago
Let me setup a test later today. I am assuming that the object is not a string somehow
Wow, something for sure is wrong with that request:
Indeed it is an object instead of a string.
Could you happen to provide the input params you used or the builder code you used?
Thank you @nklomp.
Sure! Here you are.
This is my OP object setup:
OP.builder()
.withExpiresIn(6000)
.addDidMethod("ethr")
.addDidMethod("key")
.withIssuer(ResponseIss.SELF_ISSUED_V2)
.withInternalSignature(this._keys.hexPrivateKey, this._keys.did, this._keys.didKey, this._keys.alg)
.build();
And this is the other one for RP:
RP.builder()
.withRedirectUri(AuthRequestCallback)
.withRequestByValue()
.withRevocationVerification(RevocationVerification.NEVER)
.withInternalSignature(
this._keys.hexPrivateKey,
this._keys.did,
this._keys.didKey,
this._keys.alg
)
.addDidMethod("ethr")
.addDidMethod("key")
.withSupportedVersions([
SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1
])
.withClientMetadata({
idTokenSigningAlgValuesSupported: [SigningAlgo.EDDSA],
passBy: PassBy.VALUE,
requestObjectSigningAlgValuesSupported: [SigningAlgo.EDDSA, SigningAlgo.ES256],
responseTypesSupported: [ResponseType.ID_TOKEN],
vpFormatsSupported: { jwt_vc: { alg: [SigningAlgo.EDDSA] } },
scopesSupported: [Scope.OPENID_DIDAUTHN, Scope.OPENID],
subjectTypesSupported: [SubjectType.PAIRWISE],
subject_syntax_types_supported: ["did:ethr:", "did:key:", "did"]
})
.withPresentationDefinition({
definition: {
"id": "1234-1234-1234-1234",
"input_descriptors": [
{
"id": "ExampleInputDescriptor",
"schema": [
{
"uri": "https://did.itsourweb.org:3000/smartcredential/Ontario-Health-Insurance-Plan"
}
]
}
]
}
})
.build();
Let me know if you need more information
Thanks that will do. Will have a look at it later today though
Okay the issue is that it defaults to take the DID supplied as clientId if no clientId is specifically set. It does this after checking the registration metadata. This means in most cases you do not have to set a client_id, as it will pick it up automatically.
However when checking for the registration metadata, it takes the whole registration object instead if the the client_id from the registration object. Given that object will always be filled, even if it does not contain a client_id the DID fallback will never be triggered. Then the JWT generation process simply kicks in and that is happy to encode and sign the whole object. Only on the other side when decoding everything you run into issues, as the client_id is not a string as it should be.
Working on a fix and test. A new version will be released shortly
0.3.1 has been released fixing the issue. https://github.com/Sphereon-Opensource/SIOP-OID4VP/releases/tag/v0.3.1
Thanks for reporting
No problem. Thanks to you for the quick fix 💪
Hi all, I was trying your library following your tutorial but I'm stuck at "OP Auth Request verification" point.
I'm using your
"@sphereon/did-auth-siop": "^0.3.0"
library version.I was able to create an
AuthorizationRequest
correctly, obtain theencodedURI
and return it.This is an example:
Then when I try to verify it using the method
OP.verifyAuthorizationRequest()
passing the URI above it gives me this error:It's a function from Typescript String library, so I don't know what the problem could be. Any ideas?