openwallet-foundation · auer-martin · Jan 27, 2025 · Jan 27, 2025 · Jan 28, 2025 · Jan 28, 2025
@@ -0,0 +1,5 @@
+---
+'@credo-ts/openid4vc': minor
+---
+
+feat(openid4vc): openid4vp alpha
@@ -0,0 +1,5 @@
+---
+'@credo-ts/openid4vc': minor
+---
+
+feat(openid4vc): add support for new dcql query syntax for oid4vp
@@ -0,0 +1,6 @@
+---
+'@credo-ts/askar': patch
+'@credo-ts/core': patch
+---
+
+allow A128GCM as allowed value for ECDH encryption
@@ -0,0 +1,5 @@
+---
+'@credo-ts/core': patch
+---
+
+feat: add `claimFormat` to `Mdoc`, `MdocDeviceResponse` and `SdJwtVc` to allow for easier type narrowing
@@ -1,10 +1,13 @@
-import type { OpenId4VciResolvedCredentialOffer, OpenId4VcSiopResolvedAuthorizationRequest } from '@credo-ts/openid4vc'
+import type {
+  OpenId4VciMetadata,
+  OpenId4VciResolvedCredentialOffer,
+  OpenId4VcSiopResolvedAuthorizationRequest,
+} from '@credo-ts/openid4vc'
 
 import { AskarModule } from '@credo-ts/askar'
 import {
   W3cJwtVerifiableCredential,
   W3cJsonLdVerifiableCredential,
-  DifPresentationExchangeService,
   Mdoc,
   DidKey,
   DidJwk,
@@ -64,7 +67,7 @@ export class Holder extends BaseAgent<ReturnType<typeof getOpenIdHolderModules>>
     return await this.agent.modules.openId4VcHolder.resolveCredentialOffer(credentialOffer)
   }
 
-  public async resolveIssuerMetadata(credentialIssuer: string) {
+  public async resolveIssuerMetadata(credentialIssuer: string): Promise<OpenId4VciMetadata> {
     return await this.agent.modules.openId4VcHolder.resolveIssuerMetadata(credentialIssuer)
   }
 
@@ -192,21 +195,27 @@ export class Holder extends BaseAgent<ReturnType<typeof getOpenIdHolderModules>>
   }
 
   public async acceptPresentationRequest(resolvedPresentationRequest: OpenId4VcSiopResolvedAuthorizationRequest) {
-    const presentationExchangeService = this.agent.dependencyManager.resolve(DifPresentationExchangeService)
-
-    if (!resolvedPresentationRequest.presentationExchange) {
-      throw new Error('Missing presentation exchange on resolved authorization request')
+    if (!resolvedPresentationRequest.presentationExchange && !resolvedPresentationRequest.dcql) {
+      throw new Error('Missing presentation exchange or dcql on resolved authorization request')
     }
 
     const submissionResult = await this.agent.modules.openId4VcHolder.acceptSiopAuthorizationRequest({
       authorizationRequest: resolvedPresentationRequest.authorizationRequest,
-      presentationExchange: {
-        credentials: presentationExchangeService.selectCredentialsForRequest(
-          resolvedPresentationRequest.presentationExchange.credentialsForRequest
-        ),
-      },
+      presentationExchange: resolvedPresentationRequest.presentationExchange
+        ? {
+            credentials: this.agent.modules.openId4VcHolder.selectCredentialsForPresentationExchangeRequest(
+              resolvedPresentationRequest.presentationExchange.credentialsForRequest
+            ),
+          }
+        : undefined,
+      dcql: resolvedPresentationRequest.dcql
+        ? {
+            credentials: this.agent.modules.openId4VcHolder.selectCredentialsForDcqlRequest(
+              resolvedPresentationRequest.dcql.queryResult
+            ),
+          }
+        : undefined,
     })
-
     return submissionResult.serverResponse
   }
 

@@ -5,7 +5,7 @@ import type {
   OpenId4VciResolvedCredentialOffer,
 } from '@credo-ts/openid4vc'
 
-import { DifPresentationExchangeService, Mdoc } from '@credo-ts/core'
+import { Mdoc } from '@credo-ts/core'
 import { preAuthorizedCodeGrantIdentifier } from '@credo-ts/openid4vc'
 import console, { clear } from 'console'
 import { textSync } from 'figlet'
@@ -217,24 +217,47 @@ export class HolderInquirer extends BaseInquirer {
     const proofRequestUri = await this.inquireInput('Enter proof request: ')
     this.resolvedPresentationRequest = await this.holder.resolveProofRequest(proofRequestUri)
 
-    const presentationDefinition = this.resolvedPresentationRequest?.presentationExchange?.definition
-    console.log(greenText(`Presentation Purpose: '${presentationDefinition?.purpose}'`))
-
-    if (this.resolvedPresentationRequest?.presentationExchange?.credentialsForRequest.areRequirementsSatisfied) {
-      const selectedCredentials = Object.values(
-        this.holder.agent.dependencyManager
-          .resolve(DifPresentationExchangeService)
-          .selectCredentialsForRequest(this.resolvedPresentationRequest.presentationExchange.credentialsForRequest)
-      ).flatMap((e) => e)
+    if (this.resolvedPresentationRequest.presentationExchange) {
+      const presentationDefinition = this.resolvedPresentationRequest.presentationExchange.definition
       console.log(
-        greenText(
-          `All requirements for creating the presentation are satisfied. The following credentials will be shared`,
-          true
-        )
+        greenText(`Received DIF Presentation Exchange request with purpose: '${presentationDefinition.purpose}'`)
       )
-      selectedCredentials.forEach(this.printCredential)
-    } else {
-      console.log(redText(`No credentials available that satisfy the proof request.`))
+
+      if (this.resolvedPresentationRequest.presentationExchange.credentialsForRequest.areRequirementsSatisfied) {
+        const selectedCredentials = Object.values(
+          this.holder.agent.modules.openId4VcHolder.selectCredentialsForPresentationExchangeRequest(
+            this.resolvedPresentationRequest.presentationExchange.credentialsForRequest
+          )
+        ).flatMap((e) => e)
+        console.log(
+          greenText(
+            `All requirements for creating the presentation are satisfied. The following credentials will be shared`,
+            true
+          )
+        )
+        selectedCredentials.forEach(this.printCredential)
+      } else {
+        console.log(redText(`No credentials available that satisfy the proof request.`))
+      }
+    } else if (this.resolvedPresentationRequest.dcql) {
+      console.log(greenText('Received DCQL request'))
+
+      if (this.resolvedPresentationRequest.dcql.queryResult.canBeSatisfied) {
+        const selectedCredentials = Object.values(
+          this.holder.agent.modules.openId4VcHolder.selectCredentialsForDcqlRequest(
+            this.resolvedPresentationRequest.dcql.queryResult
+          )
+        ).flatMap((e) => e.credentialRecord)
+        console.log(
+          greenText(
+            `All requirements for creating the presentation are satisfied. The following credentials will be shared`,
+            true
+          )
+        )
+        selectedCredentials.forEach(this.printCredential)
+      } else {
+        console.log(redText(`No credentials available that satisfy the proof request.`))
+      }
     }
   }
 
@@ -245,10 +268,10 @@ export class HolderInquirer extends BaseInquirer {
 
     const serverResponse = await this.holder.acceptPresentationRequest(this.resolvedPresentationRequest)
 
-    if (serverResponse.status >= 200 && serverResponse.status < 300) {
+    if (serverResponse && serverResponse.status >= 200 && serverResponse.status < 300) {
       console.log(`received success status code '${serverResponse.status}'`)
     } else {
-      console.log(`received error status code '${serverResponse.status}'. ${JSON.stringify(serverResponse.body)}`)
+      console.log(`received error status code '${serverResponse?.status}'. ${JSON.stringify(serverResponse?.body)}`)
     }
 
     this.resolvedPresentationRequest = undefined

@@ -1,4 +1,4 @@
-import type { DifPresentationExchangeDefinitionV2 } from '@credo-ts/core'
+import type { DcqlQuery, DifPresentationExchangeDefinitionV2 } from '@credo-ts/core'
 import type { OpenId4VcVerifierRecord } from '@credo-ts/openid4vc'
 
 import { AskarModule } from '@credo-ts/askar'
@@ -11,8 +11,92 @@ import { Output } from './OutputClass'
 
 const VERIFIER_HOST = process.env.VERIFIER_HOST ?? 'http://localhost:4000'
 
+const universityDegreeDcql = {
+  credential_sets: [
+    {
+      required: true,
+      options: [
+        ['UniversityDegreeCredential-vc+sd-jwt'],
+        ['UniversityDegreeCredential-jwt_vc_json-ld'],
+        ['UniversityDegreeCredential-jwt_vc_json'],
+      ],
+    },
+  ],
+  credentials: [
+    {
+      id: 'UniversityDegreeCredential-vc+sd-jwt',
+      format: 'vc+sd-jwt',
+      meta: {
+        vct_values: ['UniversityDegree'],
+      },
+    },
+    {
+      id: 'UniversityDegreeCredential-jwt_vc_json-ld',
+      format: 'jwt_vc_json-ld',
+      claims: [
+        {
+          path: ['vc', 'type'],
+          values: ['UniversityDegree'],
+        },
+      ],
+    },
+    {
+      id: 'UniversityDegreeCredential-jwt_vc_json',
+      format: 'jwt_vc_json',
+      claims: [
+        {
+          path: ['vc', 'type'],
+          values: ['UniversityDegree'],
+        },
+      ],
+    },
+  ],
+} satisfies DcqlQuery
+
+const openBadgeCredentialDcql = {
+  credential_sets: [
+    {
+      required: true,
+      options: [
+        ['OpenBadgeCredential-vc+sd-jwt'],
+        ['OpenBadgeCredential-jwt_vc_json-ld'],
+        ['OpenBadgeCredential-jwt_vc_json'],
+      ],
+    },
+  ],
+  credentials: [
+    {
+      id: 'OpenBadgeCredential-vc+sd-jwt',
+      format: 'vc+sd-jwt',
+      meta: {
+        vct_values: ['OpenBadgeCredential'],
+      },
+    },
+    {
+      id: 'OpenBadgeCredential-jwt_vc_json-ld',
+      format: 'jwt_vc_json-ld',
+      claims: [
+        {
+          path: ['vc', 'type'],
+          values: ['OpenBadgeCredential'],
+        },
+      ],
+    },
+    {
+      id: 'OpenBadgeCredential-jwt_vc_json',
+      format: 'jwt_vc_json',
+      claims: [
+        {
+          path: ['vc', 'type'],
+          values: ['OpenBadgeCredential'],
+        },
+      ],
+    },
+  ],
+} satisfies DcqlQuery
+
 const universityDegreePresentationDefinition = {
-  id: 'UniversityDegreeCredential',
+  id: 'UniversityDegreeCredential - DIF Presentation Exchange',
   purpose: 'Present your UniversityDegreeCredential to verify your education level.',
   input_descriptors: [
     {
@@ -34,7 +118,7 @@ const universityDegreePresentationDefinition = {
 }
 
 const openBadgeCredentialPresentationDefinition = {
-  id: 'OpenBadgeCredential',
+  id: 'OpenBadgeCredential - DIF Presentation Exchange',
   purpose: 'Provide proof of employment to confirm your employment status.',
   input_descriptors: [
     {
@@ -55,6 +139,11 @@ const openBadgeCredentialPresentationDefinition = {
   ],
 }
 
+export const dcqls = [
+  { id: 'UniversityDegreeCredential - DCQL', dcql: universityDegreeDcql },
+  { id: 'OpenBadgeCredential - DCQL', dcql: openBadgeCredentialDcql },
+]
+
 export const presentationDefinitions = [
   universityDegreePresentationDefinition,
   openBadgeCredentialPresentationDefinition,
@@ -90,16 +179,29 @@ export class Verifier extends BaseAgent<{ askar: AskarModule; openId4VcVerifier:
   }
 
   // TODO: add method to show the received presentation submission
-  public async createProofRequest(presentationDefinition: DifPresentationExchangeDefinitionV2) {
+  public async createProofRequest({
+    presentationDefinition,
+    dcql,
+  }: {
+    presentationDefinition?: DifPresentationExchangeDefinitionV2
+    dcql?: DcqlQuery
+  }) {
     const { authorizationRequest } = await this.agent.modules.openId4VcVerifier.createAuthorizationRequest({
       requestSigner: {
         method: 'did',
         didUrl: this.verificationMethod.id,
       },
       verifierId: this.verifierRecord.verifierId,
-      presentationExchange: {
-        definition: presentationDefinition,
-      },
+      presentationExchange: presentationDefinition
+        ? {
+            definition: presentationDefinition,
+          }
+        : undefined,
+      dcql: dcql
+        ? {
+            query: dcql,
+          }
+        : undefined,
     })
 
     return authorizationRequest

@@ -3,7 +3,7 @@ import { textSync } from 'figlet'
 
 import { BaseInquirer } from './BaseInquirer'
 import { Title, purpleText } from './OutputClass'
-import { Verifier, presentationDefinitions } from './Verifier'
+import { Verifier, presentationDefinitions, dcqls } from './Verifier'
 
 export const runVerifier = async () => {
   clear()
@@ -49,11 +49,15 @@ export class VerifierInquirer extends BaseInquirer {
   }
 
   public async createProofRequest() {
-    const presentationDefinitionId = await this.pickOne(presentationDefinitions.map((p) => p.id))
+    const presentationDefinitionId = await this.pickOne([
+      ...presentationDefinitions.map((p) => p.id),
+      ...dcqls.map((d) => d.id),
+    ])
     const presentationDefinition = presentationDefinitions.find((p) => p.id === presentationDefinitionId)
-    if (!presentationDefinition) throw new Error('No presentation definition found')
+    const dcql = dcqls.find((dcql) => dcql.id === presentationDefinitionId)?.dcql
+    if (!presentationDefinition && !dcql) throw new Error('No presentation definition, or dcql query found')
 
-    const proofRequest = await this.verifier.createProofRequest(presentationDefinition)
+    const proofRequest = await this.verifier.createProofRequest({ presentationDefinition, dcql })
 
     console.log(purpleText(`Proof request for the presentation of an ${presentationDefinitionId}.\n'${proofRequest}'`))
   }