search

bcgov / vc-authn-oidc

Apache License 2.0
119 stars 69 forks source link

Fix Out-Of-Band invitation option for QR codes #556

Closed loneil closed 4 weeks ago

loneil commented 1 month ago

Fixes https://github.com/bcgov/vc-authn-oidc/issues/545

Instead of building up a OOB invitation with code in VCAuth controller (this was not working, error boiled down to recipient keys not being added), call ACA-Py to use out-of-band/create-invitation with the resultant presentation exchange. Use the invitation returned from that as the QR code linked payload.

Note this should only be used in QR code mode at the moment (which is what we configure in all envs for USE_OOB_PRESENT_PROOF) as doing it as a deep link runs into the 'too many characters' issue. A OOB is bigger than a Connections type so there's not really room for the actual proof unless it's narrowed to something as minimal as it gets. This will be solved by https://github.com/bcgov/vc-authn-oidc/issues/504 anyways, so we won't be using the current deep link paradigm much longer anyways.

Sample payload

{
    "@id": "3d2fca0b-39d1-4580-8744-cecb7a155bf3",
    "@type": "https://didcomm.org/out-of-band/1.1/invitation",
    "goal_code": "request-proof",
    "label": "VC-AuthN Agent",
    "requests~attach": [
        {
            "@id": "request-0",
            "mime-type": "application/json",
            "data": {
                "json": {
                    "@type": "https://didcomm.org/present-proof/1.0/request-presentation",
                    "@id": "a6f0d822-9ae0-4408-b324-2ac1cbe95b1a",
                    "~thread": {
                        "pthid": "3d2fca0b-39d1-4580-8744-cecb7a155bf3"
                    },
                    "request_presentations~attach": [
                        {
                            "@id": "libindy-request-presentation-0",
                            "mime-type": "application/json",
                            "data": {
                                "base64": "eyJuYW1lIjogInByb29mX3JlcXVlc3RlZCIsICJ2ZXJzaW9uIjogIjAuMC4xIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJyZXFfYXR0cl8wIjogeyJuYW1lcyI6IFsiZ2l2ZW5fbmFtZXMiLCAiZmFtaWx5X25hbWUiLCAiY291bnRyeSJdLCAicmVzdHJpY3Rpb25zIjogW3sic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTDZBU2ptRERiREg3eVBMMXQyeUZqOSJ9LCB7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIlFFcXVBSGtNMzV3NFhWVDNLdTV5YXQifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJNNmRodUZqNVV3YmhXa1NMbXZZU1BjIn1dLCAibm9uX3Jldm9rZWQiOiB7ImZyb20iOiAxNzE4NzQwMzE0LCAidG8iOiAxNzE4NzQwMzE0fX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbmNlIjogIjExMTYxNzY0NDU2MDk1NTE4Mzc1NzUwMjAifQ=="
                            }
                        }
                    ]
                }
            }
        }
    ],
    "services": [
        {
            "recipientKeys": [
                "did:key:z6MkiyHJfTKAYHypgzVHAPzKxjw8Nknxsk8LNbP59zdikvPZ#z6MkiyHJfTKAYHypgzVHAPzKxjw8Nknxsk8LNbP59zdikvPZ"
            ],
            "routingKeys": null,
            "serviceEndpoint": "https://88db-23-16-82-223.ngrok-free.app",
            "id": "#inline",
            "type": "did-communication",
            "priority": 0
        }
    ]
}