Entra Presentation of similar credentials with constraints

[JakeFernandes98]

This issue is for the wallet API

When attempting a presentation exchange of multiple similar credentials through Microsoft Verified ID using constraints, the behaviour is not as expected. This is reproducible and has been proven to work with the proprietary Microsoft Authenticator application.

Steps to Reproduce:

• Issue 3 credentials to the wallet of the same type (say StudentCard, with claim set {firstname, lastname, degree}. The 3 credentials should differ on one of the claims (e.g. degree: CompSci, BioTech, EngLit)
• Generate a Presentation Request via Microsoft Verified ID requesting 2 separate StudentCard credentials, each with a constraint requesting one of the degree types set (e.g. CompSci, BioTech)
• Process the Presentation Exchange with the Authenticator wallet to see a working example, and with the Walt APIs to see the non-working example

Intended outcome is that based on the 2 correctly selected credentials which each include one of the requested degrees, the presentation should succeed.

Presentation Request Example:

{
    ...
    "requestedCredentials": [
        {
            "type": "StudentCard",
            "purpose": "To show that you are an expert.",
            "constraints": [
                {
                    "claimName": "degree",
                    "values": [
                        "CompSci"
                    ]
                }
            ],
        },
        {
            "type": "StudentCard",
            "purpose": "To show that you are an expert.",
            "constraints": [
                {
                    "claimName": "degree",
                    "values": [
                        "BioTech"
                    ]
                }
            ],
        }
    ]
}

during the usePresentationRequest process, the API takes a request body like the following, which i have URL decoded and transformed from query parameters to a JSON for legibility

{
    "openid-vc://localhost?response_type": "id_token",
    "client_id": 
    "response_mode": "post",
    "redirect_uri": "https://verifiedid.did.msidentity.com/v1.0/tenants/37a99dab-212b-44d9-9b49-7756cb4dd915/verifiableCredentials/verifyPresentation",
    "scope": "openid",
    "presentation_definition": "{\"id\":\"6d440be0-6e5f-4951-8bef-dbabeb9ef4e3\",\"input_descriptors\":[{\"id\":\"0c67c396-f773-403e-9f25-edc484a34e9f\",\"name\":\"StudentCard\",\"purpose\":\"To test the functionality\",\"constraints\":{\"fields\":[{\"path\":[\"$.vc.credentialSubject.degree\"],\"filter\":{\"type\":\"string\",\"pattern\":\"/^BioTech$/gi\"}}]},\"schema\":[{\"uri\":\"StudentCard\"}]},{\"id\":\"ae95f40c-d9ca-49fd-aeae-84c16de4e882\",\"name\":\"StudentCard\",\"purpose\":\"To test the functionality\",\"constraints\":{\"fields\":[{\"path\":[\"$.vc.credentialSubject.degree\"],\"filter\":{\"type\":\"string\",\"pattern\":\"/^CompSci$/gi\"}}]},\"schema\":[{\"uri\":\"StudentCard\"}]}]}",
    "client_metadata": "{\"client_name\":\"client\",\"subject_syntax_types_supported\":[\"did:ion\"],\"vp_formats\":{\"jwt_vp\":{\"alg\":[\"ES256\",\"ES256K\",\"EdDSA\"]},\"jwt_vc\":{\"alg\":[\"ES256\",\"ES256K\",\"EdDSA\"]}}}",
}

and Microsoft Verified ID responds with

{
    "requestId": "6b109862ca18aa3fd4fc0d17570640f7",
    "date": "Mon, 03 Jun 2024 08:54:03 GMT",
    "mscv": "FFzbnK1ydgTA+xdX.3",
    "error": {
        "code": "unauthorized",
        "message": "The requested resource requires authentication",
        "innererror": {
            "code": "tokenError",
            "message": "expected to find a single descriptor_map for the requested credential but found 2",
            "innererror": {
                "code": "tokenError",
                "message": "expected to find a single descriptor_map for the requested credential but found 2",
                "target": "id_token._vp_token.presentation_submission.descriptor_map"
            }
        }
    }
}

[github-actions[bot]]

This issue has been marked as stale.