search

hyperledger / aries-framework-swift

A Swift framework for Aries.
Apache License 2.0
17 stars 6 forks source link

OOB invitation with credential-offer attachment failed. #12

Closed kukgini closed 1 year ago

kukgini commented 1 year ago

When AF.Swift accepts an OOB invitation including credential-offer from Aca-Py, the credential-request message comes to Aca-Py, but Aca-Py gives the following error.

acapy_1     | 2022-12-20 08:55:11,355 aries_cloudagent.core.conductor ERROR Exception in message handler:
acapy_1     | Traceback (most recent call last):
acapy_1     |   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/asyncio/tasks.py", line 180, in _step
acapy_1     |     result = coro.send(None)
acapy_1     |   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/core/dispatcher.py", line 209, in handle_message
acapy_1     |     await handler(context, responder)
acapy_1     |   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 58, in handle
acapy_1     |     context.message, context.connection_record, oob_record
acapy_1     |   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/issue_credential/v1_0/manager.py", line 548, in receive_request
acapy_1     |     ) from None
acapy_1     | aries_cloudagent.protocols.issue_credential.v1_0.manager.CredentialManagerError: Indy issue credential format can't start from credential request

used Invitation Url was: out-of-band-invitation.txt

and the incomming credential-request message was:

{"@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/request-credential","@id":"92D217E6-F575-4112-9B5B-FBA2F9D4C2D1","~transport":{"return_route":"all"},"~thread":{"thid":"3747d7b3-d0c7-4fc3-81c7-9cadc16293cf"},"requests~attach":[{"@id":"libindy-cred-request-0","mime-type":"application/json","data":{"base64":"eyJwcm92ZXJfZGlkIjoiV0RHWFphUkRUZ2NGQ3dVMjdkOHVtQSIsImNyZWRfZGVmX2lkIjoiU1hZRTNpQlNXckY4amg1N200eWhnYTozOkNMOjYyMDM5NDoyMDIyLjEyLjEzIiwiYmxpbmRlZF9tcyI6eyJ1IjoiNzk0NDI3NDEwODA0ODc5MzE5OTQyODg2MzAwMDE5ODY0NzQ3OTgzNzg2MzI2MjM4NDAxMjY5MzgyMTY5NjQ3Nzk0MTMwMDc3MjE0MjE1MTkzOTM2Mjc0NjYzMTc3MjcwODQ3OTk4OTM3MzMwODg0MTI1MjYyODI4MzQzMjU1MzQyOTEzMzk3NjAxNDcxNzI2OTE0NjI3NjUyMTEwOTkxMDU5Mzg3MTQ4ODIwMDUyMjE2MzM5NzgxOTUxNzY3NTA5MDQ5MDI4NTUzNDg3OTk1NTEyMzAyOTEzMDY3MTU4ODAwMTE2MzgzMDk3NzkwMjI1MzA4NzUyMzIyNjkyMjg1NDI2MDE4NTQ0ODUyOTE3NTk3MDE2MjA3NDQwMTA3MDk2Nzc0NTQ2MTQ1MjI3NTIzNTM4MDc4MjYyNTc4Nzg5MzczNDAyNDk3NDEwMjAzMDk2MjY5NDgyNzI4NzgyNDQxMzU2MTI5Njg3MTk0NjkwNTc0NzcwMTU1MzgxMDk4OTQ0NTAwNjg3OTgyNDE0MzkxMzU2NDMwOTc2MTk3MDc5NDQ0MjA2MDAzOTQ5NTQ5MjIyNTk2NDkwNDI4MzY0NDA5MDc4NjcwNTQ0MDI2MzA5MjI2NDcwNzcyNzEyOTc5Njk0OTAxNzIzMzQ0NDgyMjY5NDgwNjgxNjk0NTkyNTk2OTkyNjAwNjEyNzE0ODAxNzIzODAyOTg3MTE0MDAzODAwNzY3NDk0Njk0NzA4OTc5OTUxOTcwNjY0NzAwMjk5MTUxMTc1MTg0MzAxMzMwMTMxNDYzMDQwNDY0NzM2NzQ3Nzc2Nzk5NDQ0NzYiLCJ1ciI6bnVsbCwiaGlkZGVuX2F0dHJpYnV0ZXMiOlsibWFzdGVyX3NlY3JldCJdLCJjb21taXR0ZWRfYXR0cmlidXRlcyI6e319LCJibGluZGVkX21zX2NvcnJlY3RuZXNzX3Byb29mIjp7ImMiOiI3NTI3ODU4MzYwODg2MDcwOTQ4MjgxMzA4NjUwNzEyNjY0OTIxMTE4MTU1MzgyMDQyOTQyMzQwMzAxMjM3NzIyNjc3Njc2MTIyMjIwNCIsInZfZGFzaF9jYXAiOiI4MDAyMzIxMjY2NzQ3MzQ2NDQ3NzE1OTYzNTIyMjQ4MjY0NDM0NTA4NDIyOTE5NDY1MTE4OTMwNjQwMzA5Nzk1NTgyNTY0MDA5NDY1NzI2NDU4MTUzMDExNzgwOTEwNjI3MTA4MTY2Mjk5NDYxNTM2MjcxOTk0ODM4OTU2Mjk2NzcwMzgzMTgyMDM1NTQ2NDMwNzI0MDUyMDM4Njk4NDUxMTYxMDk1MzAzNTk2MjM3ODA4MjM1MzE5NDY5ODQzMDU1NjUxODY1NTg3NDQ2Mjg5OTUyMTkwMjAxMjc3MjE0MTA4MzE2NzYxMDIxNTg5MjEzMDEwNjc5Njg1NDAzMzAwNjc1NTM0NTQ3NjYyNDAxMjg0ODY0NzE4NDgxMzE0NDk4NDAyNTM4MzU4MzA2MjgyODM0MjMyNTYzMTcwMTUzMTcwNDQ4OTkxNTI0NDM4Njg0ODQ4MzQyOTAzODQxMjI2ODA0OTc0MDQxODA0NDY2MzYyNzEyNTU2OTk1MjQ0NjAzNDYwMjExNjc2NDMwMTQ1NjQ1OTg5MzU1MDE2NDA3NTk3NjkxMzg1MzU3OTYwNDM0OTg2OTI3NTEzNDIzNjYyNjU4MzgyNDAwMjAzMjk3OTg2MTYxMTA3OTgyNDQ5Nzg3OTY4NDgxODQ3MDgyNzgzMzY3NDk0NzU0NzUyNTc4ODUzNDkyNjM3MDQ5MTYzODg4NTAyNTg0NjkwNTc5ODkwMTQ3NTc0ODUzOTExMDE1MTk0ODIwODk2MDk4MjExMDEwMDIyNDc3MDMxNzk4OTAwMTQ3MTcwMTU5NDY4NDE2ODA4MTIxNzI0NzAzOTA0NTM2MzQ3NjQyMjk0MTAwMzY4Nzg0Mzk0MzY1MTIwMDk5ODA5NTAyNzg3NTE1ODU5NTUwMDc5ODAyNzk1NTY4MTgzODIwMzEwNzE3NjA5Mzk3MzM4ODk3NTA0MDU4NjgiLCJtX2NhcHMiOnsibWFzdGVyX3NlY3JldCI6IjI0NTIwMzAyNDc5NDA1OTMwNzc4MzEwNzM4NjI2MzMyMjc1NjYxODEyOTAyNTkzNjY3NTgxMDMxNTE2MzQ1MjM0OTQxNTYxNDc5MTk3Mzg1MzM0MDcyOTAyMDY0NTY4MTQyMzc4OTQ0ODEyMTQ4MDM2MjEyMDE0MDEzMTA2MDAyMzU2NzU2ODczNzQwMDI1NTc3MjM5NDYxMzcwNDQ3MzA5NjYzMjgxNTQ1MzEwMDg1MTMzIn0sInJfY2FwcyI6e319LCJub25jZSI6IjEwNDY2Mzc4NDQxMzA1ODg0Mjg2ODMwNTUifQ==
conanoc commented 1 year ago

Maybe this is the ACA-Py issue the same as AFJ's: https://github.com/hyperledger/aries-framework-javascript/issues/1129

kukgini commented 1 year ago

Maybe it's a bug because pthid is missing. When using aca-py as a holder, the credential-request is processed well. it seems to be the difference is pthid in the ~thread decorator. I am attaching an example of a payload that can be handled.

{"@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/request-credential","@id":"eef9d40d-0cad-4e52-9042-38d452e64998","~thread":{"thid":"484c50bf-956d-4fb1-b165-1bd01820a660","pthid":"cfcb01af-ef8b-4243-a9e1-d5896ebbdfca"},"requests~attach":[{"@id":"libindy-cred-request-0","mime-type":"application/json","data":{"base64":"eyJwcm92ZXJfZGlkIjogIlR1dFRGWlM1Sno2SjFuOGo1NlhtNU4iLCAiY3JlZF9kZWZfaWQiOiAiU1hZRTNpQlNXckY4amg1N200eWhnYTozOkNMOjY1NjU0OTpkZWZhdWx0IiwgImJsaW5kZWRfbXMiOiB7InUiOiAiMzA1NTgyMzcxNjAyMTEzNTIxNTQ4OTE1OTc1NTQxODQzODY5MTg5Mzg3NTg2NzY5NzYxMTEyMDY2NzU2MzgwNzI4ODYwMjY5MDY1NDY5ODcyNDQyOTgxODQwOTI2MTA2ODY0ODY0ODE1MjY0NjI5MjEwNDkzMTY4ODkzNzcxNDY1NDUzMjk2MzE4MzUwNTExODc5MTI4OTIyMDQwODUwMzgwOTIxNDU2MTkwNzgwMjU1ODE4NDg3MjE2MjY2NTUwNTk2NDE5ODE0MjY3NzU5MjQzNjcwMDc1NTM3MTIzOTM5MTA0NDI0OTk2MDkxNzQ4ODA5NDE5ODA4MTAxODAzODI2MzEyNjExMzExNDQ2MDgxNjk3MjUwMzgxNjcyMTc4MzUwNDU2NTI0NDMwMDY4MzAzMzM2Mzc2OTk3MjA3OTE5ODI5MjUxMjcxNTEyNTM4NzMyNDAzMTg4NjgwNzg4NTI5NTY5MTIxMTQ4NDIxMjEyMDgzNTUxMjU3Njc0MTU5ODY2ODUwMzk2MTIxMDM5NTcwMjg0MTc5ODkxODY0MjQxOTU4NTk3MjU4NDA5Nzc2NzQxMzc2ODU1NzI0ODYwNDUzMzY1NjEzNTI2ODk0MjEzODgwNjU5ODM2NjYwODQ4NTM2MjI2NDExNTgxMjk2NzA4NjUyNDgzMTk3NDA2MTYyMDQ0NDE2Mjc3NDAxOTA5MzM1MzE2NDM3MDg3OTA1MDg3OTYwODEwODQzNDQ3OTI3ODU2NzM3NzEwMDYwOTkzOTI3NDg1ODc0MDI4MjgwNTMwMTE2ODQxMzQ3OTYyMDc4NzkwMzM4OTQiLCAidXIiOiBudWxsLCAiaGlkZGVuX2F0dHJpYnV0ZXMiOiBbIm1hc3Rlcl9zZWNyZXQiXSwgImNvbW1pdHRlZF9hdHRyaWJ1dGVzIjoge319LCAiYmxpbmRlZF9tc19jb3JyZWN0bmVzc19wcm9vZiI6IHsiYyI6ICIxMDY3NzY0MjgwMTM0OTQxMDAzOTQ0MDMxMTk1MTAyMDgxODIxNjkxMjkyOTA1MDAyMzUxOTEwODU1OTQ0MzQxODI0NTQ3NzI3NzcxNDEiLCAidl9kYXNoX2NhcCI6ICIyMzc0NjI5NTUzNjE4MTQzNzAzODEyMjU1NTEwMDkxMjU1OTIwMTk4NDMwMzM1MjA4NjkyODU4NjEzNjkyMzA5MzE5MDcyNDc2OTQ0MTUwOTMxMTcyMzU4MDEyNjg1NTYzNDY4NTUxNjMzMDgxOTkyMDg1ODkyNDgwNTQyOTY1NTgxODM2ODk5OTM3MzI5NjQ1ODU0MDIwMDM1ODY5Nzc5Nzc5MzkxNTExNDM2NjI2Mzk1NjYwNzMxOTQxOTAxODMwNjI5MzI1MDE5MDA4NDU3OTM3NzQyODQ2NjAxNDU0MTczNjM4MDczODU5MjIxNTYzOTczOTEzNDU1NDE5MjY3Mzg0ODkxMjE2MjkxNzAxNzkyMzM4NjA0NjI1MDU1MTI3MTI1MjU5NTM1ODk0NTE0NDMxNTE2OTc1MTE3OTEwMzE1MTU0MjE3MDk1MjU3NzkzMTcxODU1MDU3MzU2MzEwNDE0MjA4MTA5MjE4MTk2MDM2MjE0ODU1Mzg0MjE3ODIyNTc3ODgyMDY0MDQ1Njc2MjM3NDIwOTY0Mzc5MTc1NDE3NTUzOTc2MjcxODczOTIyMDIyNDI1NDU1NzQ3NTA2NzA1MzQ5ODMwODEzNTY5MTc1MjgyMjcwNTY0NzYxNTgwODg0NjY2MDgwMjE3MDg2OTI0NjMwNjcwNzQ0NjcxMDY1OTY4NDMzMjgxNTc1MTk3MTE0NDM1MTQzNTYzNTk5MTU4NjIwNjAyNzIzNzIxNjI3MTk4NTQyNjI1NjM2NTUwMTk5MDAzODM1MTQ5Mjc2MjQ5MTcyNDUzMDcxODQ2NDgyMTQ5MTIwNDA1MzgzOTAxMTQ3MDM0NzAyMDEwNDM2MTczMjI0NTQ5MDM4MzQzMzc3MDgwNjk2NjE5Mzg1NzU2MjI3NDYxMDI1ODAzMjg1OTc0Njk3MjAwMTg0OTcyMTc2Nzk4NTYwNTE3Njk3IiwgIm1fY2FwcyI6IHsibWFzdGVyX3NlY3JldCI6ICIxOTEyMDY5MjE5OTg0MDMyOTAwNjc3NTA4MjkzNjQ0MzQzNjc2NzgxMDgxOTMzODIyMDUzMTEyMDA0Njc2MDQ3OTc5ODExNjE3MzA2MTY4MDQ0MTI4MTg2MTYzMDQ2MDg3Njk2NDY0NTQ0NjEzNjQ3NjI3Njk4OTA2MzUzMDc4MDU1NDc1NTY3NTQxMzU2MDQwOTQzNTIyNzU5NzY3NDk2MDMwOTYzMDU2MDEwOTE0MTg5MyJ9LCAicl9jYXBzIjoge319LCAibm9uY2UiOiAiOTc5NTY1MjQwNzg1OTMxNDE2ODI2ODEifQ=="}
conanoc commented 1 year ago

You are right. I failed to include the parent thread ID in the message. The OOB spec requires this: https://github.com/hyperledger/aries-rfcs/blob/main/features/0434-outofband/README.md#correlating-responses-to-out-of-band-messages

Can you provide guidance on creating an OOB message with a credential offer attachment in ACA-py? In the case of AFJ, I've created a sample app for this. https://github.com/hyperledger/aries-framework-swift/tree/main/AriesFramework/AriesFrameworkTests/javascript

kukgini commented 1 year ago

Of course. here is steps to build OOB invitation with offer attachment.

STEP 0. Setup, set the following environment variables when starting aca-py so that it can respond to ~transport decorator.

ACAPY_AUTO_ACCEPT_REQUESTS=true
ACAPY_AUTO_RESPOND_CREDENTIAL_REQUEST=true

STEP 1. setup schema POST {{issuerAdminUrl}}/schemas

{
  "schema_name": "<schema name>",
  "schema_version": "<schema version in semver style>",
  "attributes": ["<attribute name>", ... ]
}

STEP 2. setup credential definition POST {{issuerAdminUrl}}/credential-definitions

{
  "schema_id": "<schema id from STEP 1's response>",
  "support_revocation": false,
  "tag": "default"
}

STEP 3. create credential offering POST {{issuerAdminUrl}}/issue-credential/create-offer

{
  "comment": "oob issuance test",
  "cred_def_id": "<cred_def_id from STEP 2's response>",
  "credential_preview": {
    "@type": "issue-credential/1.0/credential-preview",
    "attributes": [
      { "mime-type": "text/plain", "name": "<attribute-name>", "value": "<attribute-value>" },
      ...
    ]
  }
}

STEP 4. create out of band invitation POST {{issuerAdminUrl}}/out-of-band/create-invitation

{
  "alias": "<whatever you want>",
  "handshake_protocols": [
    "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0"
  ],
  "attachments": [
    {
      "id": "<credential_exchange_id from STEP 3's response>",
      "type": "credential-offer"
    }
  ]
}