Cannot build stack locally

[Lab3ss]

Hi,

Starting from your Readme, and considering I dont have any experience with Flutter nor mobile development, I'm not able to start locally the Altme App using Android Studio.

CONTEXT : We currently are able to issue SD-JWT credentials using openid4vc from our issuer api to the Altme wallet (DIIP V.3 profile) but presentation using openid4vp does not work. I'm trying to run you stack locally to identify the reason.

ISSUE :

• I do not see any dev channel as you mention, only master, main, beta and stable.
• When using flutter 3.7.0, the associated Dart SDK version is 2.19.0 which is considered as incompatible with the project requirements (>=3.1.0 <4.0.0)
• Upgrading the flutter version to latest in order to have a compatible Dart version on MAIN channel generate the following error on build :

  ../../../../.pub-cache/hosted/pub.dev/flutter_slidable-3.1.1/lib/src/notifications_old.dart:88:23: Error: The method 'hashValues' isn't defined for the class 'SlidableRatioNotification'.
  - 'SlidableRatioNotification' is from 'package:flutter_slidable/src/notifications_old.dart' ('../../../../.pub-cache/hosted/pub.dev/flutter_slidable-3.1.1/lib/src/notifications_old.dart').
  Try correcting the name to the name of an existing method, or defining a method named 'hashValues'.
  int get hashCode => hashValues(tag, ratio);

• Upgrading the flutter version to latest in order to have a compatible Dart version on STABLE channel generate the following error on build :

  Execution failed for task ':app:checkDevelopmentDebugAarMetadata'.
  > Could not resolve all files for configuration ':app:developmentDebugRuntimeClasspath'.
  > Failed to transform LiquidCore-0.6.2.aar (com.github.LiquidPlayer:LiquidCore:0.6.2) to match attributes {artifactType=android-aar-metadata, org.gradle.category=library, org.gradle.libraryelements=jar, org.gradle.status=release, org.gradle.usage=java-runtime}.
    > Could not find LiquidCore-0.6.2.aar (com.github.LiquidPlayer:LiquidCore:0.6.2).
      Searched in the following locations:
          https://jitpack.io/com/github/LiquidPlayer/LiquidCore/0.6.2/LiquidCore-0.6.2.aar
          https://jitpack.io/com/github/LiquidPlayer/LiquidCore/0.6.2/LiquidCore-0.6.2.jar

  One more thing, on Linux the script.sh generates the following error : ./script.sh: 15: Syntax error: "}" unexpected

Any hint ? Specially about how you run the project with a 3.7.0 flutter version, associated to a compatible Dart version.

[ThierryThevenet]

@hawkbee1

[ThierryThevenet]

@Lab3ss good to see french devs in SSI now !

[hawkbee1]

@Lab3ss Indeed our readme needs some updates, dev channel doesn't exist anymore. We are currently using flutter 3.22.2 but didkit installation is the tricky part. Which os are you using?

With links to get the credential and present it I could have a look at the error

[ThierryThevenet]

@Lab3ss DIIP V3.0 uses did:jwk as identifiers, if you are on ARF you will need cnf as identifier, so a specific configuration like this one https://wallet-provider.talao.co/configuration/webpage?login=guest@eudi.talao.co&password=MLYGYA&wallet-provider=https://wallet-provider.talao.co/

[Lab3ss]

@hawkbee1 Ok for the flutter version. Should I use this 3.22.2 version everywhere (didkit + altme) ? Could you maybe drop me some infos about the didkit tricky part ? My OS is Ubuntu 24.04.

You can of course try on your side. Here is a link you can use to claim a credential (take "age attestation") : https://app-328189308.dev.archipels.io/issuer-catalog/SMg2h6LXTd2VcqSKT1pyCy (each qrcode is one time usage, so you need to come back on this page if you need to retry) Here is a link that ask for a presentation of age attestation : https://app-328189308.dev.archipels.io/oidc/presentation-request/be121989-2fc1-4419-a2f5-81cf11f0f6c0 (Same, reload the page to obtain a new qrCode each time you scan it. They have 5 min expiration time too)

[ThierryThevenet]

we are looking into it just some comments : header of sd-jwt should not use jwk and kid at the same time, as it one or the other one

  "alg": "ES256",
  "typ": "vc+sd-jwt",
  "jwk": {
    "kty": "EC",
    "crv": "P-256",
    "kid": "an5v-8gJTq65TvRtrkvobTc9mQVBiH4Kzo29-GdJ3KA",
    "x": "0L9AV1Oqc3Olwqm9qP4JAjuLxZt6V9lfVaqlWgYLlDU",
    "y": "3lcQ7Q9E0ohePYr_d0UwVwMWtWlgELvErc0E6W8BRtE"
  },
  "kid": "did:jwk:eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiYW41di04Z0pUcTY1VHZSdHJrdm9iVGM5bVFWQmlINEt6bzI5LUdkSjNLQSIsIngiOiIwTDlBVjFPcWMzT2x3cW05cVA0SkFqdUx4WnQ2VjlsZlZhcWxXZ1lMbERVIiwieSI6IjNsY1E3UTlFMG9oZVBZcl9kMFV3VndNV3RXbGdFTHZFcmMwRTZXOEJSdEUifQ"
}

• In the authorization request (oidc4vp), we should get presentation_definition or presentation_definition_uri but not both at the same time as it is confusing

• "limit_disclosure": "required" not really usefull as there is no claim provided (vct is manadatory anyway).

• cannot resolve did:web:app-api-328189308.dev.archipels.io/did/TnvBQeSp67wAjX34e2uihU ?

[Lab3ss]

@ThierryThevenet Right ! I'm looking into it.

[ThierryThevenet]

@Lab3ss the main issue here is that the verifier use a client_id_scheme = DID. In that case the authorization request must be signed as a jwt with a key from the DID Document. There are 2 problems 1) the DID is not resolvable 2) the request is passed as a value and not as a signed jwt.

[ThierryThevenet]

maybe it is simpler to use a client_id_scheme = redirect_uri and set an iss/client_id = url instead of a DID for the verifier

[Lab3ss]

@ThierryThevenet The did web document can be resolved here : https://app-api-328189308.dev.archipels.io/did/TnvBQeSp67wAjX34e2uihU/.well-known/did.json

My understanding is that resolving a did:web is using https and explicitly add /.well-known/did.json

[ThierryThevenet]

not exactly we resolve with a DID resolver like https://dev.uniresolver.io/?ref=blog.identity.foundation the DID is incorrect as there is no "/" in a DID see https://w3c-ccg.github.io/did-method-web/#example-creating-the-did

[Lab3ss]

Hum OK, let met dig deeper on that and tell you once its fixed. Thanks !

[ThierryThevenet]

see example with client_id_scheme = DID https://talao.co/sandbox/verifier/test_10

[Lab3ss]

Hi @ThierryThevenet, I did some changes on my side, including :

• removing jwk in jwt headers, and keeping only a did:web as kid
• making the did web resolvable via https://dev.uniresolver.io/
• rework authorization request to only have a request_uri that return a presentation request as a jwt. jwt signed with the key found in the did document of course. Good news is I'm still able to issue credentials in Altme (except that signature is considered as invalid). The bad one is that I still have a 404 error when I scan the presentation request.

[ThierryThevenet]

Could you send us the VC (download from Wallet) and is it possible to get sn access to the verifier ?

[Lab3ss]

Here is the credential : eyJhbGciOiJFUzI1NiIsInR5cCI6InZjK3NkLWp3dCIsImtpZCI6ImRpZDp3ZWI6YXBwLWFwaS0zMjgxODkzMDguZGV2LmFyY2hpcGVscy5pbzpkaWQ6Sjh5Ulk3aDZranY5dDFaV0NGRWYxcSJ9.eyJhZ2Vfb3Zlcl8xOCI6InRydWUiLCJhZ2Vfb3Zlcl8xNSI6InRydWUiLCJhZ2Vfb3Zlcl8xMyI6InRydWUiLCJpc3MiOiJkaWQ6d2ViOmFwcC1hcGktMzI4MTg5MzA4LmRldi5hcmNoaXBlbHMuaW86ZGlkOko4eVJZN2g2a2p2OXQxWldDRkVmMXEiLCJjbmYiOnsiandrIjp7Imt0eSI6IkVDIiwidXNlIjoic2lnIiwiY3J2IjoiUC0yNTYiLCJ4IjoiVmU2VkFzclJkRno4MHNUakZsR1MwZHNqZnBmWXliQ0pwWmFxZzBBVG92USIsInkiOiJpRWkxZlpTWml4M2VUeVdPenhZQk5JU1M2MXRGbHVuTFhsbUVnSWt6VmswIiwiYWxnIjoiRVMyNTYiLCJraWQiOiJMclpfVjNFamduQ0FReDNDeEo3RmswLXAwVFhzcmh6T19TUkdxZGVQVG9rIn19LCJ2Y3QiOiJldS5ldXJvcGEuZWMuZXVkaTpvdmVyLW4tZGVtbzoxIiwic3ViIjoiTHJaX1YzRWpnbkNBUXgzQ3hKN0ZrMC1wMFRYc3Joek9fU1JHcWRlUFRvayIsImlhdCI6MTcyODQ2NDUwNywiZXhwIjoxNzYwMDIyMTA3fQ.BG36nhHBRfmeXUMQ-bOW9CWmjfOFVKt73JvQLF24UX0Nh47dHJHTqLyQeHA_SZOdp-EiKMYh2k4jerUh9xUmHA~ Jwt.io considere the signature as valid once I removed the last tild, and if a use as signing key the key behing the did:web. Feel free to get the credential here (new link): https://app-328189308.dev.archipels.io/issuer-catalog/J8yRY7h6kjv9t1ZWCFEf1q And verify it here https://app-328189308.dev.archipels.io/oidc/presentation-request/be121989-2fc1-4419-a2f5-81cf11f0f6c0