search

walt-id / waltid-identity

All-in-one open-source identity and wallet toolkit.
Apache License 2.0
122 stars 48 forks source link

Entra Presentation of similar credentials with constraints #460

Open JakeFernandes98 opened 5 months ago

JakeFernandes98 commented 5 months ago

This issue is for the wallet API

When attempting a presentation exchange of multiple similar credentials through Microsoft Verified ID using constraints, the behaviour is not as expected. This is reproducible and has been proven to work with the proprietary Microsoft Authenticator application.

Steps to Reproduce:

Intended outcome is that based on the 2 correctly selected credentials which each include one of the requested degrees, the presentation should succeed.

Presentation Request Example:

{
    ...
    "requestedCredentials": [
        {
            "type": "StudentCard",
            "purpose": "To show that you are an expert.",
            "constraints": [
                {
                    "claimName": "degree",
                    "values": [
                        "CompSci"
                    ]
                }
            ],
        },
        {
            "type": "StudentCard",
            "purpose": "To show that you are an expert.",
            "constraints": [
                {
                    "claimName": "degree",
                    "values": [
                        "BioTech"
                    ]
                }
            ],
        }
    ]
}

during the usePresentationRequest process, the API takes a request body like the following, which i have URL decoded and transformed from query parameters to a JSON for legibility

{
    "openid-vc://localhost?response_type": "id_token",
    "client_id": 
    "response_mode": "post",
    "redirect_uri": "https://verifiedid.did.msidentity.com/v1.0/tenants/37a99dab-212b-44d9-9b49-7756cb4dd915/verifiableCredentials/verifyPresentation",
    "scope": "openid",
    "presentation_definition": "{\"id\":\"6d440be0-6e5f-4951-8bef-dbabeb9ef4e3\",\"input_descriptors\":[{\"id\":\"0c67c396-f773-403e-9f25-edc484a34e9f\",\"name\":\"StudentCard\",\"purpose\":\"To test the functionality\",\"constraints\":{\"fields\":[{\"path\":[\"$.vc.credentialSubject.degree\"],\"filter\":{\"type\":\"string\",\"pattern\":\"/^BioTech$/gi\"}}]},\"schema\":[{\"uri\":\"StudentCard\"}]},{\"id\":\"ae95f40c-d9ca-49fd-aeae-84c16de4e882\",\"name\":\"StudentCard\",\"purpose\":\"To test the functionality\",\"constraints\":{\"fields\":[{\"path\":[\"$.vc.credentialSubject.degree\"],\"filter\":{\"type\":\"string\",\"pattern\":\"/^CompSci$/gi\"}}]},\"schema\":[{\"uri\":\"StudentCard\"}]}]}",
    "client_metadata": "{\"client_name\":\"client\",\"subject_syntax_types_supported\":[\"did:ion\"],\"vp_formats\":{\"jwt_vp\":{\"alg\":[\"ES256\",\"ES256K\",\"EdDSA\"]},\"jwt_vc\":{\"alg\":[\"ES256\",\"ES256K\",\"EdDSA\"]}}}",
}

and Microsoft Verified ID responds with

{
    "requestId": "6b109862ca18aa3fd4fc0d17570640f7",
    "date": "Mon, 03 Jun 2024 08:54:03 GMT",
    "mscv": "FFzbnK1ydgTA+xdX.3",
    "error": {
        "code": "unauthorized",
        "message": "The requested resource requires authentication",
        "innererror": {
            "code": "tokenError",
            "message": "expected to find a single descriptor_map for the requested credential but found 2",
            "innererror": {
                "code": "tokenError",
                "message": "expected to find a single descriptor_map for the requested credential but found 2",
                "target": "id_token._vp_token.presentation_submission.descriptor_map"
            }
        }
    }
}
github-actions[bot] commented 3 months ago

This issue has been marked as stale.

github-actions[bot] commented 3 weeks ago

This issue has been marked as stale.