Closed rigwild closed 1 year ago
Hi 👋
When trying to request multiple VCs in one call, I noticed that only the last VC in the call is actually requested. After digging a bit, the issue comes from the redirection that uses the same ids for the different schemas.
Example (requesting VerifiableId + proofOfResidence): http://localhost:8080/verifier-api/present/?walletId=walt.id&schemaUri=https://raw.githubusercontent.com/walt-id/waltid-ssikit-vclib/master/src/test/resources/schemas/ProofOfResidence.json&schemaUri=https://api.preprod.ebsi.eu/trusted-schemas-registry/v1/schemas/0xb77f8516a965631b4f197ad54c65a9e2f9936ebfb76bae4906d33744dbcc60ba
Gets redirected to:
http://localhost:8080/api/wallet/siopv2/initPresentation/?response_type=id_token&response_mode=form_post&client_id=http://localhost:8081/verifier-api/verify&redirect_uri=http://localhost:8081/verifier-api/verify&scope=openid&nonce=387a2ca4-bdc3-48c3-9a30-786f3818a75d&claims={"vp_token"+:+{"presentation_definition"+:+{"format"+:+null,+"id"+:+"1",+"input_descriptors"+:+[{"constraints"+:+null,+"format"+:+null,+"group"+:+null,+"id"+:+"1",+"name"+:+null,+"purpose"+:+null,+"schema"+:+{"uri"+:+"https://raw.githubusercontent.com/walt-id/waltid-ssikit-vclib/master/src/test/resources/schemas/ProofOfResidence.json"}},+{"constraints"+:+null,+"format"+:+null,+"group"+:+null,+"id"+:+"1",+"name"+:+null,+"purpose"+:+null,+"schema"+:+{"uri"+:+"https://api.preprod.ebsi.eu/trusted-schemas-registry/v1/schemas/0xb77f8516a965631b4f197ad54c65a9e2f9936ebfb76bae4906d33744dbcc60ba"}}],+"name"+:+null,+"purpose"+:+null,+"submission_requirements"+:+null}}}&state=387a2ca4-bdc3-48c3-9a30-786f3818a75d
the claims fields contains (notice vp_token.presentation_definition.input_descriptors[].id are the same):
claims
vp_token.presentation_definition.input_descriptors[].id
{ "vp_token": { "presentation_definition": { "format": null, "id": "1", "input_descriptors": [ { "constraints": null, "format": null, "group": null, "id": "1", "name": null, "purpose": null, "schema": { "uri": "https://raw.githubusercontent.com/walt-id/waltid-ssikit-vclib/master/src/test/resources/schemas/ProofOfResidence.json" } }, { "constraints": null, "format": null, "group": null, "id": "1", "name": null, "purpose": null, "schema": { "uri": "https://api.preprod.ebsi.eu/trusted-schemas-registry/v1/schemas/0xb77f8516a965631b4f197ad54c65a9e2f9936ebfb76bae4906d33744dbcc60ba" } } ], "name": null, "purpose": null, "submission_requirements": null } } }
I tried to change the second id with a MITM proxy, and it fixes the issue.
The redirection is made here:
https://github.com/walt-id/waltid-walletkit/blob/1ed3c546ff1a9fde4a0a644a862dedad7fc15ec5/src/main/kotlin/id/walt/verifier/backend/VerifierController.kt#L83-L94
Issue comes from here, the fix is simply to give a different id to each:
https://github.com/walt-id/waltid-walletkit/blob/1ed3c546ff1a9fde4a0a644a862dedad7fc15ec5/src/main/kotlin/id/walt/verifier/backend/VerifierManager.kt#L60-L65
It is mapped by id, so the first VC gets erased:
https://github.com/walt-id/waltid-walletkit/blob/1ed3c546ff1a9fde4a0a644a862dedad7fc15ec5/src/main/kotlin/id/walt/webwallet/backend/wallet/CredentialPresentation.kt#L71-L77
Hi 👋
When trying to request multiple VCs in one call, I noticed that only the last VC in the call is actually requested. After digging a bit, the issue comes from the redirection that uses the same ids for the different schemas.
Example (requesting VerifiableId + proofOfResidence): http://localhost:8080/verifier-api/present/?walletId=walt.id&schemaUri=https://raw.githubusercontent.com/walt-id/waltid-ssikit-vclib/master/src/test/resources/schemas/ProofOfResidence.json&schemaUri=https://api.preprod.ebsi.eu/trusted-schemas-registry/v1/schemas/0xb77f8516a965631b4f197ad54c65a9e2f9936ebfb76bae4906d33744dbcc60ba
Gets redirected to:
the
claimsfields contains (noticevp_token.presentation_definition.input_descriptors[].idare the same):I tried to change the second id with a MITM proxy, and it fixes the issue.
The redirection is made here:
https://github.com/walt-id/waltid-walletkit/blob/1ed3c546ff1a9fde4a0a644a862dedad7fc15ec5/src/main/kotlin/id/walt/verifier/backend/VerifierController.kt#L83-L94
Issue comes from here, the fix is simply to give a different id to each:
https://github.com/walt-id/waltid-walletkit/blob/1ed3c546ff1a9fde4a0a644a862dedad7fc15ec5/src/main/kotlin/id/walt/verifier/backend/VerifierManager.kt#L60-L65
It is mapped by id, so the first VC gets erased:
https://github.com/walt-id/waltid-walletkit/blob/1ed3c546ff1a9fde4a0a644a862dedad7fc15ec5/src/main/kotlin/id/walt/webwallet/backend/wallet/CredentialPresentation.kt#L71-L77