SD-JWT-VC PID request returns "invalid_proof" (lack of proof of possession)

gfour commented 7 months ago

Based on the example of a valid request in #136, I get an "invalid_proof" error:

My invocation:

curl -s -XPOST http://localhost/pid-issuer/wallet/credentialEndpoint -H 'Content-type: application/json' -H 'Accept: application/json' -H 'Authorization: Bearer ...' --data '{
  "format": "vc+sd-jwt",
  "vct": "eu.europa.ec.eudiw.pid.1",
  "proof": {
    "proof_type": "jwt",
    "jwt": "eyJ0eXAiOiJvcGVuaWQ0dmNpLXByb29mK2p3dCIsImFsZyI6IlJTMjU2IiwiandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwidXNlIjoic2lnIiwia2lkIjoiYTg1YWU5NzctMTIwYi00ZDBmLWJmZGMtMTZjOTk1YjUwMzA2IiwiaWF0IjoxNzEzNDUwNTg1LCJuIjoiaVlBeGFVeEY3VnBvZEMwUGRpZkMwdTJTVTg1NHJYdG5qX01Oa0dpSFhGR0NXLWoyR0NVbUtpWWFYYVV2TlpMNzB5aGxfNW10LWxsVUc4WlJ3LVgwaURVSVRxdFJLaHVCa1JSbWFITjFqMmd2ZlJ6M3RsTzlHNHFlSURaUThoa1dnbm5vb09oaTFDaV8tY3dtcXFwSkg1YjMwbElSVnA0Z3VBWFAyd1dIZ0ZkLVJJcjEyN3BoUnoyYWJORGFCR2tMUWpCSnZfSTRXbm9YVDdYcG1KMEVfVU9zTEVBRUpBMzQ3YnhKa1Y5VlpWZThKeVl2djA0VDhnWDBYclFWLXNyNU1PQUhMd09rT3NFQ2JUOGE2dUJYempDSXVnTlVYN3dzWnBQZno3VkpJYS16V3R3djQ3bFFtVDUwR2FycTc2UVptZUMtRkFRcWFnM2owSHFEWW03dFhRIn19.eyJhdWQiOiJodHRwczovL2xvY2FsaG9zdC9waWQtaXNzdWVyIiwibm9uY2UiOiIwMTI5OWI3Yy05MGE3LTRlMWMtYTFiZi1hZTk2NGUzOTIyYmYiLCJpYXQiOjE3MTM0NTA1ODZ9.hP5C_bNnswr3vMWbKAKA4jvg-240mBPZynql8pDLkLWk5tQVQzxdLdsIBHYPQ0XVrkObdIU4rocc6Mo3SAyGudHBnuuPua9ZPaMm5Hhlvam24x4b_nO04IpTg2PB38SWhZZg_ANVt7cQTGAuf8Zf1z8jxJKl3CVsFRCTB6csDr2Or68oUd0gZHzP104wyvX1A0-h7CgYSuvT8JdE1NYaMIVmBTH24nnGWx5l5b8uf3PR3lR1nhqIZIf0UFa6Xt-kQoO37AHKNZhJ4TSgf-VUHLCtyoHxvQXioiFaNQAqiO3VYcL3zAsy6v8Eah0DSvT4hc9H7NepIYdFzcvViI0hog"
  },
  "credential_response_encryption": {
    "jwk": {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "b4cc97d3-c993-4dc9-9a6f-8ec788b9760f",
      "iat": 1713450586,
      "n": "jaT6TN6YPEvLVPcJChWfF6d6S0LyhXSjw72ZCkE0282hwT0ZjwC2sx1RKIpWzfvci41JTzgOEJb9w14RgspPQ_RlpNzo8hIHhfgS5cJ-HeB_YDZqP197wQJmt5EXQr_nOPdUbUlsc81lMXjY2OOXA-KTqAr6_UlP-HPscG9WC8a-bEGgX30BjtIj2N_GUTBCh3
xAOdXIbnvuoyPQbcnEqu0OmYh0iiSJs4_Fae3LRxTEEycOMhkYPcx4vgs9_F2N6dXsK_-wYWEaI3b9-lI5mS6INxmvduRjdApkFyjk5IwXTmsULDpnY3qQMuZgJZ2ckmxkEBudlRL-6eNZg4Z8iw"
    },
    "alg": "RSA-OAEP-256",
    "enc": "A128CBC-HS256"
  }
}'

and the result:

{
  "error": "invalid_proof",
  "error_description": "The Credential Request must include Proof of Possession",
  "c_nonce": "de2c0ed6-640a-49ce-b015-cf9074b18348",
  "c_nonce_expires_in": 300
}

babisRoutis commented 7 months ago

Hi @gfour

The above example is provided only for illustrating the syntax. Yet it cannot be used as is. The reason is exactly the proof. According to the spec, in order to provide a valid proof you have to include the c_nonce claim provided in a previous step either

As part of the token response (check here), or
As part of the credential issuance response (check here).

This is way you get and invalid_proof special response.

In general, in our implementation issuer communicates the c_nonce value as part of the credential response, simply because we use an unmodified version of Keycloak.

This means that :

After getting the access token (bearer or DPoP), the first request to the credential issuance doesn't contain proof (you don't have c_nonce)
Credential issuance endpoint will communicate the special error response (invalid_proof) that carries the c_nonce
You have to use this c_nonce in order to build the proof and resend the credential request.

PS: You might find useful to check an example using our VCI lib

gfour commented 7 months ago

Thank you @babisRoutis, threading c_nonce between responses and requests fixed my problem. I am closing this issue.

eu-digital-identity-wallet / eudi-srv-pid-issuer

SD-JWT-VC PID request returns "invalid_proof" (lack of proof of possession) #144