Sending a proof in an OOB invitation works on Camera/QR Code, but not ?_url deep-link

loneil commented 3 months ago

Description of problem

Using a https://didcomm.org/out-of-band/1.1/invitation with the proof attached is how we are doing OOB proofs in VCAuth-N. This is working successfully when scanning a QR code with the BC Wallet camera. But using the same link that the QR code resolves to, but packed into the ?_url deep-link handler results in an "Unable to handle deep link" error:

I've only tried this on Android.

Expected behavior

The link that fetches the OOB envelope works in a deep link the same as it works in the QR code, and opens the proof in the BC Wallet.

Steps to reproduce

Can use VCAuth-N with the ?_url handler enabled and the OOB invitation mode on to reproduce this. Or some other setup that will provide a redirect link to an OOB envelope with a proof request in it.

Have the BC Wallet open already (otherwise you may run into https://github.com/bcgov/bc-wallet-mobile/issues/2052)
Nav to a deep link with a format like bcwallet://aries_proof-request?_url=<base64 encoded redirect url to OOB proof>
The app opens with an error shown above

Screenshots and/or log output

OOB Deep Link with VCAuth-N

Shows the error, then the deep link URL, the redirect URL passed to the app, and the OOB that redirect gets.

https://github.com/bcgov/bc-wallet-mobile/assets/17445138/17d10b27-c093-4fc6-8a26-3a96b7a82010

bcwallet://aries_proof-request?_url=aHR0cHM6Ly9lNjE4LTEwOC0xODAtMTcxLTI4Lm5ncm9rLWZyZWUuYXBwL3VybC9wcmVzX2V4Y2gvMWM5ZDQyZWItMzFhNi00NTZhLWFjZGYtNWIyZWUxOTA2NDEw

https://e618-108-180-171-28.ngrok-free.app/url/pres_exch/1c9d42eb-31a6-456a-acdf-5b2ee1906410

{
    "@id": "1418af22-fb96-490d-af6e-98a26522eeef",
    "@type": "https://didcomm.org/out-of-band/1.1/invitation",
    "goal_code": "request-proof",
    "label": "VC-AuthN Agent",
    "requests~attach": [
        {
            "@id": "request-0",
            "mime-type": "application/json",
            "data": {
                "json": {
                    "@type": "https://didcomm.org/present-proof/1.0/request-presentation",
                    "@id": "446b708b-262e-4bcf-bb2b-04dc986ba394",
                    "~thread": {
                        "pthid": "1418af22-fb96-490d-af6e-98a26522eeef"
                    },
                    "request_presentations~attach": [
                        {
                            "@id": "libindy-request-presentation-0",
                            "mime-type": "application/json",
                            "data": {
                                "base64": "eyJuYW1lIjogInByb29mX3JlcXVlc3RlZCIsICJ2ZXJzaW9uIjogIjAuMC4xIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJyZXFfYXR0cl8wIjogeyJuYW1lcyI6IFsiZ2l2ZW5fbmFtZXMiLCAiZmFtaWx5X25hbWUiLCAiY291bnRyeSJdLCAicmVzdHJpY3Rpb25zIjogW3sic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTDZBU2ptRERiREg3eVBMMXQyeUZqOSJ9LCB7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIlFFcXVBSGtNMzV3NFhWVDNLdTV5YXQifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJNNmRodUZqNVV3YmhXa1NMbXZZU1BjIn1dLCAibm9uX3Jldm9rZWQiOiB7ImZyb20iOiAxNzIwNDE3Mjk5LCAidG8iOiAxNzIwNDE3Mjk5fX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbmNlIjogIjMyNDAwNDQ3NTkzMjQ4ODI0ODExMTgzMyJ9"
                            }
                        }
                    ]
                }
            }
        }
    ],
    "services": [
        {
            "recipientKeys": [
                "did:key:z6MkrKNsaqDooff89jVHEB2geXVdi5hSKQA6UcVsX7gdK4iZ#z6MkrKNsaqDooff89jVHEB2geXVdi5hSKQA6UcVsX7gdK4iZ"
            ],
            "routingKeys": null,
            "serviceEndpoint": "https://c019-108-180-171-28.ngrok-free.app",
            "id": "#inline",
            "type": "did-communication",
            "priority": 0
        }
    ]
}

Now, showing the same type of setup as above, but working successfully with a QR code scan

https://github.com/bcgov/bc-wallet-mobile/assets/17445138/dca0db2e-4fc1-4c61-a1cf-c28f4cf34e2a

https://e618-108-180-171-28.ngrok-free.app/url/pres_exch/c4e9ba54-429a-4a55-89bd-354c064d8c66

{
    "@id": "25e7e7be-1abb-43d8-b568-5119c0cd7b61",
    "@type": "https://didcomm.org/out-of-band/1.1/invitation",
    "goal_code": "request-proof",
    "label": "VC-AuthN Agent",
    "requests~attach": [
        {
            "@id": "request-0",
            "mime-type": "application/json",
            "data": {
                "json": {
                    "@type": "https://didcomm.org/present-proof/1.0/request-presentation",
                    "@id": "18ec0283-158a-4685-89de-1665f59192bd",
                    "~thread": {
                        "pthid": "25e7e7be-1abb-43d8-b568-5119c0cd7b61"
                    },
                    "request_presentations~attach": [
                        {
                            "@id": "libindy-request-presentation-0",
                            "mime-type": "application/json",
                            "data": {
                                "base64": "eyJuYW1lIjogInByb29mX3JlcXVlc3RlZCIsICJ2ZXJzaW9uIjogIjAuMC4xIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJyZXFfYXR0cl8wIjogeyJuYW1lcyI6IFsiZ2l2ZW5fbmFtZXMiLCAiZmFtaWx5X25hbWUiLCAiY291bnRyeSJdLCAicmVzdHJpY3Rpb25zIjogW3sic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTDZBU2ptRERiREg3eVBMMXQyeUZqOSJ9LCB7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIlFFcXVBSGtNMzV3NFhWVDNLdTV5YXQifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJNNmRodUZqNVV3YmhXa1NMbXZZU1BjIn1dLCAibm9uX3Jldm9rZWQiOiB7ImZyb20iOiAxNzIwNDE3MTcyLCAidG8iOiAxNzIwNDE3MTcyfX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbmNlIjogIjg5OTcxNjc4NjI0MDAyMTkwODE0MTU4In0="
                            }
                        }
                    ]
                }
            }
        }
    ],
    "services": [
        {
            "recipientKeys": [
                "did:key:z6MktD3zFPX6TU9xGCka98c5a23hUYuwNmp32LihBNa7Vs8U#z6MktD3zFPX6TU9xGCka98c5a23hUYuwNmp32LihBNa7Vs8U"
            ],
            "routingKeys": null,
            "serviceEndpoint": "https://c019-108-180-171-28.ngrok-free.app",
            "id": "#inline",
            "type": "did-communication",
            "priority": 0
        }
    ]
}

Environment

[x] Occurs on Android
[ ] Occurs on iOS

Build #: 1.0.18 Build(1782)

Android Device Model: Pixel 8

iOS Device Model:

Workaround

Severity

[ ] High
[ ] Medium
[ ] Low

wadeking98 commented 3 months ago

@loneil trying to reproduce this, I'm assuming I need to set some config arguments or something? I'm not running into it with the default configuration

loneil commented 3 months ago

@wadeking98 yeah I would reproduce this with VCAuth-N, think that would be easiest/applicable to the current use case.

If you use VCAuth-N locally you can go into manage and set the USE_OOB_PRESENT_PROOF USE_URL_DEEP_LINK exports to true Then start it up. Depending on lcoal setup might need to start up demo app and then send the link from the QR code page when logging in to your mobile using IP address instead of localhost (that's how I test deep links locally at least)

Or I can set the dev environment up to have those settings as well if you ping me. Then you could just go to a2a-dev on a mobile (but we probably wouldn't want to leave that env permanently set up like that at this time)

wadeking98 commented 3 months ago

I've created a PR to fix this: https://github.com/openwallet-foundation/bifold-wallet/pull/1197. We're still running into an issue due to the acapy / credo empty handshake thing here: https://github.com/bcgov/vc-authn-oidc/issues/583 but once that's fixed then we should be good to go

wadeking98 commented 3 months ago

Jason's changes actually fix this now, but to properly test you'll have to spin up vc-authn locally and comment out the handshake_protocols field from out_of_band.py

loneil commented 3 months ago

👍 Note handshake protocol part was commented out and merged back in https://github.com/bcgov/vc-authn-oidc/pull/582 so just getting from main should suffice

bryce-mcmath commented 1 month ago

fixed in the latest build

bcgov / bc-wallet-mobile