Unable to verify credential using local setup

[virajpatva]

Credential verification is failing on mobile after setting up the local environment and using Ngrok with this repository https://github.com/eu-digital-identity-wallet/eudi-srv-web-verifier-endpoint-23220-4-kt. The QR code for the presentation request is generated successfully, but the process fails with an error, as shown in the screenshot below.

here is log :

verifier-backend | 2025-01-30T06:32:08.784Z INFO 1 --- [or-http-epoll-2] EVENTS : Verifier initialized transaction - tx: _QpzW5bm9DQ_xxLErVBNxVEDRql2Crx4d5kHcj7h0X2foQJhiNMUHmOiNBuf7aWqc1Uaza_ZLXcw3Qadyex4kg
verifier-backend | 2025-01-30T06:32:08.784Z INFO 1 --- [or-http-epoll-2] e.e.e.e.v.e.a.input.web.VerifierApi : Initiated transaction tx _QpzW5bm9DQ_xxLErVBNxVEDRql2Crx4d5kHcj7h0X2foQJhiNMUHmOiNBuf7aWqc1Uaza_ZLXcw3Qadyex4kg
verifier-backend | 2025-01-30T06:32:24.081Z INFO 1 --- [ parallel-2] e.e.e.e.v.e.adapter.input.web.WalletApi : Handling GetRequestObject for mhpixvTNzTMKSMNrhWs-eWlcRCOv1khPOEpklu0rg7EPOqveijczSkfIz00NjqvcWSAuB24exAnIOGXZmbKSWg ...
verifier-backend | 2025-01-30T06:32:24.167Z INFO 1 --- [ parallel-2] EVENTS : Wallet retrieved Request Object - tx: _QpzW5bm9DQ_xxLErVBNxVEDRql2Crx4d5kHcj7h0X2foQJhiNMUHmOiNBuf7aWqc1Uaza_ZLXcw3Qadyex4kg

[dzarras]

Dear @virajpatva,

Could you please provide some more information about your setup?
For instance:

1. Which version of Verifier Endpoint are you using?
2. How is Verifier Endpoint configured?
3. Which version of the Mobile App are you using?
4. Could you provide logs from the Mobile App as well?

Kind regards.

[virajpatva]

Hi @dzarras ,
I am using the docker compose setup in this repo for the verification, locally. For Public URL I am exposing port 8080 using ngrok.
For Wallet I am using the latest application (2025.01.21 (21)) , the same credential verification goes on if I try using https://verifier.eudiw.dev/home.

[dzarras]

Hi @virajpatva,

Thanks for the input.

When using ngrok, which URL are you using to access the Verifier? Is this the same URL as VERIFIER_PUBLICURL?

Also FYI, the service deployed at https://verifier.eudiw.dev uses the x509_san_dns client id scheme, while the one in docker compose uses the pre-registered client id scheme. Their setup is quite different.

The Wallet appears to be rejecting the Authorization Request from the Verifier. Without logs from the Wallet though, we can't say for sure. Hence we can only provide hints about what to check.

Kind regards.

[virajpatva]

@dzarras ,

I am setting up the local verifier using Docker Compose and exposing its port via Ngrok. The Ngrok URL is being used as the VERIFIER_PUBLICURL.

Here are the wallet logs:
https://drive.google.com/file/d/17H_4uCibuJZkbM03ICialC6UtBNUTLFa/view?usp=sharing

the logs read out : Invalid resolution: InvalidJarJwt(cause=JAR is signed with RS256 which is not supported).

[dzarras]

Hi @virajpatva,

Thanks for the input. What you encountered has also been discussed in #231 as well.

Verifier Endpoint by default generates an RSA key and uses RS256 to sign JARs. main contains a commit that changes this behavior and we now generate an EC key and use ES256 to sign JARs by default. See also #238 for details.

On the other hand the Wallet app has a hardcoded value and requires ES256, ES384, ES512 algorithms for JARs. This is addressed in eu-digital-identity-wallet/eudi-lib-android-wallet-core#132. (Hence why JARs signed with RS256 are rejected)

What you can do to rectify this issue is to switch to x509_san_dns client id scheme and provide your own certificate and EC key to sign JARs. You must use the service mentioned by @babisRoutis here to get a Certificate with an EC key that is trusted by the Wallet app, and use the environment variables mentioned here to configure the keystore from which to load the certificate and signing key.

Please let us know if this works for you.

Kind regards.

[virajpatva]

Hi @dzarras ,
I have added VERIFIER_CLIENTIDSCHEME: "x5c_san_dns" , can you guide me on where to add certificate ? Also the application is crashing.

verifier-backend  |  :: Spring Boot ::                (v3.4.0)
verifier-backend  | 
verifier-backend  | 2025-02-03T04:43:52.590Z  INFO 1 --- [           main] .e.e.e.v.e.VerifierEndpointApplicationKt : Starting VerifierEndpointApplicationKt v0.1.9 using Java 17.0.13 with PID 1 (/workspace/BOOT-INF/classes started by cnb in /workspace)
verifier-backend  | 2025-02-03T04:43:52.593Z  INFO 1 --- [           main] .e.e.e.v.e.VerifierEndpointApplicationKt : No active profile set, falling back to 1 default profile: "default"
verifier-backend  | 2025-02-03T04:43:54.795Z  WARN 1 --- [           main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  | 2025-02-03T04:43:54.811Z  INFO 1 --- [           main] .s.b.a.l.ConditionEvaluationReportLogger : 
verifier-backend  | 
verifier-backend  | Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
verifier-backend  | 2025-02-03T04:43:54.832Z ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed
verifier-backend  | 
verifier-backend  | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1239) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:563) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:224) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveNamedBean(DefaultListableBeanFactory.java:1484) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveNamedBean(DefaultListableBeanFactory.java:1445) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveBean(DefaultListableBeanFactory.java:516) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:371) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:364) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1290) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt$beans$lambda$39$$inlined$bean$default$12.get(BeanDefinitionDsl.kt:1241) ~[classes/:0.1.9]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainInstanceFromSupplier(AbstractAutowireCapableBeanFactory.java:1273) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.obtainInstanceFromSupplier(DefaultListableBeanFactory.java:981) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1233) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:563) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1122) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1093) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1030) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:987) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:66) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierEndpointApplicationKt.main(VerifierEndpointApplication.kt:37) ~[classes/:0.1.9]
verifier-backend  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
verifier-backend  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
verifier-backend  |     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
verifier-backend  |     at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[na:na]
verifier-backend  |     at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102) ~[workspace/:na]
verifier-backend  |     at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64) ~[workspace/:na]
verifier-backend  |     at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40) ~[workspace/:na]
verifier-backend  | Caused by: java.lang.IllegalStateException: Unknown clientIdScheme 'x5c_san_dns'
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt.verifierConfig(VerifierContext.kt:330) ~[classes/:0.1.9]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt.access$verifierConfig(VerifierContext.kt:1) ~[classes/:0.1.9]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt$beans$lambda$39$$inlined$bean$default$42.get(BeanDefinitionDsl.kt:1218) ~[classes/:0.1.9]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainInstanceFromSupplier(AbstractAutowireCapableBeanFactory.java:1273) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.obtainInstanceFromSupplier(DefaultListableBeanFactory.java:981) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1233) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     ... 41 common frames omitted

[dzarras]

Hi @virajpatva,

Please consult the configuration guide here

The Client Id Scheme is x509_san_dns.

Concerning the Certificate and Signing Key, you have to add it to a Keystore file, and then configure the application to use it, using the corresponding environment variables (reference).

Finally you'll have to update the signing algorithm using the VERIFIER_JAR_SIGNING_ALGORITHM environment variable.

Kind regards

[VelikiGmaz]

I have a same problem when i use pre-registered client_id_scheme in local setup.
Jwt token doesnt contain client_id_scheme eyJraWQiOiJhZGU4MWJiZS05NDMzLTQwMjktODhmOS1mN2Q3ZTlhZWEyYjAiLCJ0eXAiOiJvYXV0aC1hdXRoei1yZXErand0IiwiYWxnIjoiRVMyNTYifQ.eyJyZXNwb25zZV91cmkiOiJodHRwOi8vMTkyLjE2OC44LjEwMjo4MC93YWxsZXQvZGlyZWN0X3Bvc3QiLCJhdWQiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lL3YyIiwic2NvcGUiOiIiLCJyZXNwb25zZV90eXBlIjoidnBfdG9rZW4iLCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbiI6eyJpZCI6IjQwNmJkZDc1LWNhYzctNGE4NC04MDg2LTQxODVmOWUwYzhiMiIsImlucHV0X2Rlc2NyaXB0b3JzIjpbeyJpZCI6ImYxZjBiNTUzLThhYTUtNDBjNi04NmM2LTA1MWJmM2EyMWE2MyIsIm5hbWUiOiJQZXJzb24gSWRlbnRpZmljYXRpb24gRGF0YSAoUElEKSIsInB1cnBvc2UiOiIiLCJmb3JtYXQiOnsidmMrc2Qtand0Ijp7InNkLWp3dF9hbGdfdmFsdWVzIjpbIkVTMjU2IiwiRVMzODQiXSwia2Itand0X2FsZ192YWx1ZXMiOlsiRVMyNTYiLCJFUzM4NCJdfX0sImNvbnN0cmFpbnRzIjp7ImZpZWxkcyI6W3sicGF0aCI6WyIkLnZjdCJdLCJmaWx0ZXIiOnsidHlwZSI6InN0cmluZyIsImNvbnN0IjoidXJuOmV1LmV1cm9wYS5lYy5ldWRpOnBpZDoxIn19LHsicGF0aCI6WyIkLmZhbWlseV9uYW1lIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5naXZlbl9uYW1lIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5iaXJ0aGRhdGUiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmFnZV9lcXVhbF9vcl9vdmVyLjE4Il0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5hZ2VfaW5feWVhcnMiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmFnZV9iaXJ0aF95ZWFyIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5iaXJ0aF9mYW1pbHlfbmFtZSJdLCJpbnRlbnRfdG9fcmV0YWluIjpmYWxzZX0seyJwYXRoIjpbIiQuYmlydGhfZ2l2ZW5fbmFtZSJdLCJpbnRlbnRfdG9fcmV0YWluIjpmYWxzZX0seyJwYXRoIjpbIiQucGxhY2Vfb2ZfYmlydGgubG9jYWxpdHkiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLnBsYWNlX29mX2JpcnRoLmNvdW50cnkiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLnBsYWNlX29mX2JpcnRoLnJlZ2lvbiJdLCJpbnRlbnRfdG9fcmV0YWluIjpmYWxzZX0seyJwYXRoIjpbIiQucGxhY2Vfb2ZfYmlydGgubG9jYWxpdHkiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmFkZHJlc3MuZm9ybWF0dGVkIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5hZGRyZXNzLmNvdW50cnkiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmFkZHJlc3MucmVnaW9uIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5hZGRyZXNzLmxvY2FsaXR5Il0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5hZGRyZXNzLnBvc3RhbF9jb2RlIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5hZGRyZXNzLnN0cmVldF9hZGRyZXNzIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5hZGRyZXNzLmhvdXNlX251bWJlciJdLCJpbnRlbnRfdG9fcmV0YWluIjpmYWxzZX0seyJwYXRoIjpbIiQuZ2VuZGVyIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5uYXRpb25hbGl0aWVzIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5pYXQiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmV4cCJdLCJpbnRlbnRfdG9fcmV0YWluIjpmYWxzZX0seyJwYXRoIjpbIiQuaXNzdWluZ19hdXRob3JpdHkiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmRvY3VtZW50X251bWJlciJdLCJpbnRlbnRfdG9fcmV0YWluIjpmYWxzZX0seyJwYXRoIjpbIiQuYWRtaW5pc3RyYXRpdmVfbnVtYmVyIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfSx7InBhdGgiOlsiJC5pc3N1aW5nX2NvdW50cnkiXSwiaW50ZW50X3RvX3JldGFpbiI6ZmFsc2V9LHsicGF0aCI6WyIkLmlzc3VpbmdfanVyaXNkaWN0aW9uIl0sImludGVudF90b19yZXRhaW4iOmZhbHNlfV19fV19LCJzdGF0ZSI6Ik80cTVtSlV6OFZoZDFYZUZQdDR3ZWFGZkozRDlQWUlEMjhXVDUyb3poUkFHMmNJd25Ha0J5M1VuUlJHSXZ2cloyLUlMZThfajJiaDREajh1NkFYQW5BIiwiaWF0IjoxNzM4NzU4MTA2LCJub25jZSI6ImE5YjQ5Mjc2LTliNTgtNDc3Yy1hMjRlLWM5NDM0OWJiMTc3MyIsImNsaWVudF9pZCI6IlZlcmlmaWVyIiwiY2xpZW50X21ldGFkYXRhIjp7ImF1dGhvcml6YXRpb25fZW5jcnlwdGVkX3Jlc3BvbnNlX2FsZyI6IkVDREgtRVMiLCJhdXRob3JpemF0aW9uX2VuY3J5cHRlZF9yZXNwb25zZV9lbmMiOiJBMTI4Q0JDLUhTMjU2IiwiaWRfdG9rZW5fZW5jcnlwdGVkX3Jlc3BvbnNlX2FsZyI6IlJTQS1PQUVQLTI1NiIsImlkX3Rva2VuX2VuY3J5cHRlZF9yZXNwb25zZV9lbmMiOiJBMTI4Q0JDLUhTMjU2Iiwiandrc191cmkiOiJodHRwOi8vMTkyLjE2OC44LjEwMjo4MC93YWxsZXQvamFybS9PNHE1bUpVejhWaGQxWGVGUHQ0d2VhRmZKM0Q5UFlJRDI4V1Q1Mm96aFJBRzJjSXduR2tCeTNVblJSR0l2dnJaMi1JTGU4X2oyYmg0RGo4dTZBWEFuQS9qd2tzLmpzb24iLCJzdWJqZWN0X3N5bnRheF90eXBlc19zdXBwb3J0ZWQiOlsidXJuOmlldGY6cGFyYW1zOm9hdXRoOmp3ay10aHVtYnByaW50Il0sImlkX3Rva2VuX3NpZ25lZF9yZXNwb25zZV9hbGciOiJSUzI1NiJ9LCJyZXNwb25zZV9tb2RlIjoiZGlyZWN0X3Bvc3Quand0In0.B6ThSEEBVM4DLcp5XvEWLtuJ8XSb6hYz2Er4TpjYxRZYT_SckOzCRgfwkK2M8awHYAn1E-ABYa-Y8gWxH6dm5g this is token from logs which phone gets and it doesnt have client_id_scheme.

I am also curious why in SignRequestObjectNimbus.kt in private method asClaimSet you only set clientId and i dont see client_id_scheme being set.

[babisRoutis]

Dear @virajpatva

For client_id_scheme, that's a breaking change of the openid4vp specification.
Please check my comment

[VelikiGmaz]

Thank you a lot for help.
I have one more question is there a link where i can see which tag of eudi works with https://github.com/eu-digital-identity-wallet/eudi-srv-web-verifier-endpoint-23220-4-kt

[dzarras]

Thank you a lot for help. I have one more question is there a link where i can see which tag of eudi works with https://github.com/eu-digital-identity-wallet/eudi-srv-web-verifier-endpoint-23220-4-kt

@VelikiGmaz what exactly is this second URL?

[VelikiGmaz]

Sorry i guess i wrote it poorly, i am looking for compatibility table between eudi-wallet and eudi-verifier so i know which tags to use for them

[dzarras]

@VelikiGmaz If possible please correct both links. I just noticed that both of them do not point to github.com.

As for you question, unfortunately, currently no such compatibility table exists.
The Demo_Version=2025.01.21-Demo_Build=21 version of eudi-wallet is compatible with v0.1.9 of eudi-verifier. Both of these support OpenId4VP draft21.
A future release of eudi-wallet will introduce support for OpenId4VP draft22 and later. Please watch the relevant repositories for updates.

Kind regards.

[dzarras]

@virajpatva Is there anything else we could help you with? If not, could you please close this issue?

[VelikiGmaz]

Hey again,
i have another problem now when i use tags Demo_Version=2025.01.21-Demo_Build=21 version of eudi-wallet and v0.1.9 of eudi verifier.
When i set verifier.jar.signing.key=GenerateRandom and verifier.clientIdScheme=pre-registered
for verifier key gets rejected by wallet app saying:
Invalid resolution: InvalidJarJwt(cause=JAR is signed with RS256 which is not supported)
I looked in VerifierContext.kt it is hardcoded to always produce RSA keys.
fun generateRandom(): RSAKey =
RSAKeyGenerator(4096, false)
.keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key (optional)
.keyID(UUID.randomUUID().toString()) // give the key a unique ID (optional)
.issueTime(Date.from(clock.instant())) // issued-at timestamp (optional)
.generate()

i am going to switch x509_san_dns and try that out and create keypair for ES256 and load it.

[dzarras]

Hey again, i have another problem now when i use tags Demo_Version=2025.01.21-Demo_Build=21 version of eudi-wallet and v0.1.9 of eudi verifier. When i set verifier.jar.signing.key=GenerateRandom and verifier.clientIdScheme=pre-registered for verifier key gets rejected by wallet app saying: Invalid resolution: InvalidJarJwt(cause=JAR is signed with RS256 which is not supported) I looked in VerifierContext.kt it is hardcoded to always produce RSA keys. fun generateRandom(): RSAKey = RSAKeyGenerator(4096, false) .keyUse(KeyUse.SIGNATURE) // indicate the intended use of the key (optional) .keyID(UUID.randomUUID().toString()) // give the key a unique ID (optional) .issueTime(Date.from(clock.instant())) // issued-at timestamp (optional) .generate()

i am going to switch x509_san_dns and try that out and create keypair for ES256 and load it.

@VelikiGmaz Please use this service: https://registry.serviceproviders.eudiw.dev/ to get a certificate and an EC key pair that is trusted by the Wallet.

[virajpatva]

@virajpatva Is there anything else we could help you with? If not, could you please close this issue?

I have created a Certificate from the mentioned link and add to repo under main/resources/ ,

this is my configuration:

    environment:
      VERIFIER_PUBLICURL: "https://347f-14-195-76-134.ngrok-free.app"
      VERIFIER_JAR_SIGNING_KEY: "LoadFromKeystore"
      VERIFIER_RESPONSE_MODE: "DirectPost"
      VERIFIER_JAR_SIGNING_KEY_KEYSTORE: "/tc.p12"
      VERIFIER_JAR_SIGNING_KEY_KEYSTORE_PASSWORD: "---password---"
      VERIFIER_JAR_SIGNING_KEY_KEYSTORE_TYPE: "pkcs12"

still the issue persist.

this are the logs :

verifier-backend  | 2025-02-06T10:28:32.956Z  INFO 1 --- [           main] .e.e.e.v.e.VerifierEndpointApplicationKt : No active profile set, falling back to 1 default profile: "default"
verifier-backend  | 2025-02-06T10:28:34.291Z  INFO 1 --- [           main] e.e.e.e.v.endpoint.VerifierApplication   : Will try to load Keystore from: '/tc.p12'
verifier-backend  | 2025-02-06T10:28:34.296Z  WARN 1 --- [           main] e.e.e.e.v.endpoint.VerifierApplication   : Could not find Keystore at '/tc.p12'. Fallback to '/keystore.jks'
verifier-backend  | 2025-02-06T10:28:34.300Z  WARN 1 --- [           main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  | 2025-02-06T10:28:34.314Z  INFO 1 --- [           main] .s.b.a.l.ConditionEvaluationReportLogger : 
verifier-backend  | 
verifier-backend  | Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
verifier-backend  | 2025-02-06T10:28:34.331Z ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed

[dzarras]

@virajpatva As I understand it, you are using the docker compose setup. To use your own certificate you must use Volumes to make your keystore available inside the docker container.

Please consult the docker compose reference documentation here:

1. https://docs.docker.com/reference/compose-file/services/#volumes
2. https://docs.docker.com/reference/compose-file/volumes/

[virajpatva]

Hi @dzarras ,

I was able to load the Cert but it is still failing with the following error :

verifier-backend  | 2025-02-06T11:41:50.429Z  INFO 1 --- [           main] e.e.e.e.v.endpoint.VerifierApplication   : Will try to load Keystore from: 'file:///certs/tc.p12'
verifier-backend  | 2025-02-06T11:41:50.437Z  WARN 1 --- [           main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed

Thanks

[dzarras]

Hi @dzarras ,

I was able to load the Cert but it is still failing with the following error :

verifier-backend  | 2025-02-06T11:41:50.429Z  INFO 1 --- [           main] e.e.e.e.v.endpoint.VerifierApplication   : Will try to load Keystore from: 'file:///certs/tc.p12'
verifier-backend  | 2025-02-06T11:41:50.437Z  WARN 1 --- [           main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed

Thanks

@virajpatva Could you provide the full stacktrace? This doesn't provide enough information. Also have you set in your environment variables the alias and password of the keypair to load?

[virajpatva]

Hi @dzarras ,

I haven't set the alias , what should be value of it ? Also I have set the correct password for VERIFIER_JAR_SIGNING_KEY_KEYSTORE_PASSWORD .

As requested here are the full logs :

verifier-backend  | 2025-02-06T12:02:21.315Z  INFO 1 --- [           main] e.e.e.e.v.endpoint.VerifierApplication   : Will try to load Keystore from: 'file:///certs/tc.p12'
verifier-backend  | 2025-02-06T12:02:21.324Z  WARN 1 --- [           main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  | 2025-02-06T12:02:21.339Z  INFO 1 --- [           main] .s.b.a.l.ConditionEvaluationReportLogger : 
verifier-backend  | 
verifier-backend  | Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
verifier-backend  | 2025-02-06T12:02:21.356Z ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed
verifier-backend  | 
verifier-backend  | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1239) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:563) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:224) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveNamedBean(DefaultListableBeanFactory.java:1484) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveNamedBean(DefaultListableBeanFactory.java:1445) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveBean(DefaultListableBeanFactory.java:516) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:371) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:364) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1290) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt$beans$lambda$39$$inlined$bean$default$12.get(BeanDefinitionDsl.kt:1241) ~[classes/:0.1.9]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainInstanceFromSupplier(AbstractAutowireCapableBeanFactory.java:1273) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.obtainInstanceFromSupplier(DefaultListableBeanFactory.java:981) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1233) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:563) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1122) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1093) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1030) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:987) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:66) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierEndpointApplicationKt.main(VerifierEndpointApplication.kt:37) ~[classes/:0.1.9]
verifier-backend  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
verifier-backend  |     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
verifier-backend  |     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:na]
verifier-backend  |     at java.base/java.lang.reflect.Method.invoke(Unknown Source) ~[na:na]
verifier-backend  |     at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102) ~[workspace/:na]
verifier-backend  |     at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64) ~[workspace/:na]
verifier-backend  |     at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40) ~[workspace/:na]
verifier-backend  | Caused by: java.lang.IllegalStateException: Required key 'verifier.jar.signing.key.alias' not found
verifier-backend  |     at org.springframework.core.env.AbstractPropertyResolver.getRequiredProperty(AbstractPropertyResolver.java:199) ~[spring-core-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.core.env.AbstractEnvironment.getRequiredProperty(AbstractEnvironment.java:578) ~[spring-core-6.2.0.jar:6.2.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt.jarSigningConfig$lambda$49$loadFromKeystore(VerifierContext.kt:281) ~[classes/:0.1.9]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt.jarSigningConfig(VerifierContext.kt:310) ~[classes/:0.1.9]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt.verifierConfig(VerifierContext.kt:323) ~[classes/:0.1.9]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt.access$verifierConfig(VerifierContext.kt:1) ~[classes/:0.1.9]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt$beans$lambda$39$$inlined$bean$default$42.get(BeanDefinitionDsl.kt:1218) ~[classes/:0.1.9]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainInstanceFromSupplier(AbstractAutowireCapableBeanFactory.java:1273) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.obtainInstanceFromSupplier(DefaultListableBeanFactory.java:981) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1233) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     ... 41 common frames omitted

[dzarras]

Hi @dzarras ,

I haven't set the alias , what should be value of it ? Also I have set the correct password for VERIFIER_JAR_SIGNING_KEY_KEYSTORE_PASSWORD .

@virajpatva Try opening the keystore using Keystore Explorer. The alias is name name of the entry you will see (usually the Common Name). The password of the keypair should be the same as the one of the keystore.

[virajpatva]

Hi @dzarras ,

It still result same error, here is my Docker Compose Config :

 environment:
      VERIFIER_PUBLICURL: "https://1a58-14-195-76-134.ngrok-free.app"
      VERIFIER_JAR_SIGNING_KEY: "LoadFromKeystore"
      VERIFIER_RESPONSE_MODE: "DirectPost"
      VERIFIER_JAR_SIGNING_KEY_KEYSTORE: "file:///certs/tc.p12"
      VERIFIER_JAR_SIGNING_KEY_KEYSTORE_PASSWORD: "<---password---->"
      VERIFIER_JAR_SIGNING_KEY_KEYSTORE_TYPE: "pkcs12"
      VERIFIER_JAR_SIGNING_KEY_ALIAS: "tc"
      VERIFIER_JAR_SIGNING_KEY_PASSWORD: "<---password---->"

this is error log :

verifier-backend  | 2025-02-07T04:18:09.816Z  INFO 1 --- [           main] e.e.e.e.v.endpoint.VerifierApplication   : Will try to load Keystore from: 'file:///certs/tc.p12'
verifier-backend  | 2025-02-07T04:18:10.107Z  WARN 1 --- [           main] onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  | 2025-02-07T04:18:10.120Z  INFO 1 --- [           main] .s.b.a.l.ConditionEvaluationReportLogger : 
verifier-backend  | 
verifier-backend  | Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
verifier-backend  | 2025-02-07T04:18:10.140Z ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed
verifier-backend  | 
verifier-backend  | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'eu.europa.ec.eudi.verifier.endpoint.domain.VerifierConfig#0': Instantiation of supplied bean failed
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1239) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:563) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:224) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveNamedBean(DefaultListableBeanFactory.java:1484) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveNamedBean(DefaultListableBeanFactory.java:1445) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveBean(DefaultListableBeanFactory.java:516) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:371) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:364) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1290) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierContextKt$beans$lambda$39$$inlined$bean$default$12.get(BeanDefinitionDsl.kt:1241) ~[classes/:0.1.9]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainInstanceFromSupplier(AbstractAutowireCapableBeanFactory.java:1273) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.obtainInstanceFromSupplier(DefaultListableBeanFactory.java:981) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.obtainFromSupplier(AbstractAutowireCapableBeanFactory.java:1233) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1176) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:563) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1122) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1093) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1030) ~[spring-beans-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:987) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627) ~[spring-context-6.2.0.jar:6.2.0]
verifier-backend  |     at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:66) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) ~[spring-boot-3.4.0.jar:3.4.0]
verifier-backend  |     at eu.europa.ec.eudi.verifier.endpoint.VerifierEndpointApplicationKt.main(VerifierEndpointApplication.kt:37) ~[classes/:0.1.9]

[dzarras]

Hi @virajpatva,

Some pointers:

1. Has VERIFIER_CLIENTIDSCHEME been set to x509_san_dns?
2. Has VERIFIER_JAR_SIGNING_ALGORITHM been updated appropriately?
3. Since you are aiming to setup x509_san_dns, does the Certificate of the Key Pair you are trying to load contain 1a58-14-195-76-134.ngrok-free.app as a Subject Alternative DNS Name?

You could try and check out the example configuration here.

I'm adding the pending close label to this issue, since it's not a problem with the application, but rather a configuration problem.

Kind regards.