OID4VC-demo Errors in SIOP flow using Sphereom Wallet

Errors in SIOP flow using Sphereom Wallet

Open flarocca opened this issue 11 months ago • 1 comments

Hello! For educational and self-learning purposes I started to build my own rudimentary implementation of a Relying Party that uses SIOP protocol. I am using the latest version of Sphereom Wallet and this demo branched off of main in parallel with my custom implementation.

The issue I am facing is on the wallet side, after scanning the QR code and getting the Auth Request, the Wallet Application shows the following error:

Unable to retrieve information.
Error: Request claims can't have 'presentation_definition' and 'presentation_definition_uri'

I started using my own implementation until I got stuck, then I turned to the Demo example, when I also got stuck with the same issue. There seems to be a discrepancy between the SIOP Draft version the App uses and the one the Demo uses, but I am not being able to detect it. The QR code renders this link:

openid://?request_uri=http%3A%2F%2F192.168.1.36%3A5003%2Fsiop%2Fdefinitions%2FsphereonGuest%2Fauth-requests%2F4446e50e-b54b-4293-8bfe-cbeba8722d06

And the result of that request uri looks like this:

JWT Encoded

eyJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lJMlNsUXhNa2RLYlU1S09XVkdPWHA0TjE5SFFtMVNla1I0VGpWNmVqRXhhRkZQTW5Sc1RFVXRaV0ZSSWl3aWVTSTZJbEIxVGxab0xWZHlTaTA1YjNSTWRrcFRXRTVZVFZGcE0zbzVjakZ3Um1zNFgwOVRkRTAyYW1oeWJFVWlmUSMwIiwidHlwIjoiSldUIn0.eyJpYXQiOjE3MTA4NzE4NDYsImV4cCI6MTcxMDg3MTk2NiwicmVzcG9uc2VfdHlwZSI6InZwX3Rva2VuIiwic2NvcGUiOiJvcGVuaWQiLCJjbGllbnRfaWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lJMlNsUXhNa2RLYlU1S09XVkdPWHA0TjE5SFFtMVNla1I0VGpWNmVqRXhhRkZQTW5Sc1RFVXRaV0ZSSWl3aWVTSTZJbEIxVGxab0xWZHlTaTA1YjNSTWRrcFRXRTVZVFZGcE0zbzVjakZ3Um1zNFgwOVRkRTAyYW1oeWJFVWlmUSIsInJlc3BvbnNlX3VyaSI6Imh0dHA6Ly8xOTIuMTY4LjEuMzY6NTAwMy9zaW9wL2RlZmluaXRpb25zL3NwaGVyZW9uR3Vlc3QvYXV0aC1yZXNwb25zZXMvNDQ0NmU1MGUtYjU0Yi00MjkzLThiZmUtY2JlYmE4NzIyZDA2IiwicmVzcG9uc2VfbW9kZSI6InBvc3QiLCJub25jZSI6ImYxOThiOWYyLWJmOWItNDA4ZS1iZDM4LTE4OWMyOTZiOWY5MSIsInN0YXRlIjoiNDQ0NmU1MGUtYjU0Yi00MjkzLThiZmUtY2JlYmE4NzIyZDA2IiwiY2xpZW50X21ldGFkYXRhIjp7ImlkX3Rva2VuX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRWREU0EiLCJFUzI1NiIsIkVTMjU2SyJdLCJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVkRFNBIiwiRVMyNTYiLCJFUzI1NksiXSwicmVzcG9uc2VfdHlwZXNfc3VwcG9ydGVkIjpbImlkX3Rva2VuIl0sInNjb3Blc19zdXBwb3J0ZWQiOlsib3BlbmlkIGRpZF9hdXRobiJdLCJzdWJqZWN0X3R5cGVzX3N1cHBvcnRlZCI6WyJwYWlyd2lzZSJdLCJzdWJqZWN0X3N5bnRheF90eXBlc19zdXBwb3J0ZWQiOlsiZGlkOmlvbiIsImRpZDp3ZWIiLCJkaWQ6andrIl0sInZwX2Zvcm1hdHMiOnsiand0X3ZjIjp7ImFsZyI6WyJFZERTQSIsIkVTMjU2SyJdfSwiand0X3ZwIjp7ImFsZyI6WyJFUzI1NksiLCJFZERTQSJdfX19LCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbiI6eyJpZCI6InNwaGVyZW9uR3Vlc3QiLCJwdXJwb3NlIjoiV2Ugd2FudCB0byBrbm93IHlvdXIgbmFtZSBhbmQgZS1tYWlsIGFkZHJlc3MgKHdpbGwgbm90IGJlIHN0b3JlZCkiLCJpbnB1dF9kZXNjcmlwdG9ycyI6W3siaWQiOiJjMjgzNGQwZS0zYzk1LTQ3MjEtYjIxYS00MGUzZDdlYTI1NDkiLCJuYW1lIjoiREJDIERJSVAgaW50ZXJvcCIsInB1cnBvc2UiOiJUbyBpc3N1ZSBhIG5ldyBjcmVkZW50aWFsIHlvdXIgREJDIERJSVAgR3Vlc3QgY3JlZGVudGlhbCBpcyByZXF1aXJlZC4iLCJjb25zdHJhaW50cyI6eyJmaWVsZHMiOlt7InBhdGgiOlsiJC5jcmVkZW50aWFsU3ViamVjdC5uYW1lIiwiJC52Yy5jcmVkZW50aWFsU3ViamVjdC5uYW1lIl0sImZpbHRlciI6eyJ0eXBlIjoic3RyaW5nIiwicGF0dGVybiI6Il5EQkMuKiQifX1dfX1dfSwibmJmIjoxNzEwODcxODQ2LCJqdGkiOiI3OTlmZTk5Yi0wMTM3LTQ2MjMtOTc5My0xMTQwZjcyMTZjYTEiLCJpc3MiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lJMlNsUXhNa2RLYlU1S09XVkdPWHA0TjE5SFFtMVNla1I0VGpWNmVqRXhhRkZQTW5Sc1RFVXRaV0ZSSWl3aWVTSTZJbEIxVGxab0xWZHlTaTA1YjNSTWRrcFRXRTVZVFZGcE0zbzVjakZ3Um1zNFgwOVRkRTAyYW1oeWJFVWlmUSIsInN1YiI6ImRpZDpqd2s6ZXlKaGJHY2lPaUpGVXpJMU5rc2lMQ0oxYzJVaU9pSnphV2NpTENKcmRIa2lPaUpGUXlJc0ltTnlkaUk2SW5ObFkzQXlOVFpyTVNJc0luZ2lPaUkyU2xReE1rZEtiVTVLT1dWR09YcDROMTlIUW0xU2VrUjRUalY2ZWpFeGFGRlBNblJzVEVVdFpXRlJJaXdpZVNJNklsQjFUbFpvTFZkeVNpMDViM1JNZGtwVFdFNVlUVkZwTTNvNWNqRndSbXM0WDA5VGRFMDJhbWh5YkVVaWZRIn0.H_EhUZtxipr_xUqyIyt1O_bnxWuEwkCbwhPQTU9PmOFox6RYkgUQhiwh48_0yPfg_50XA6gvJEKaCMsohv4VtA

JSON Payload (header and signature skipped for convenience)

{
  "iat": 1710871846,
  "exp": 1710871966,
  "response_type": "vp_token",
  "scope": "openid",
  "client_id": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiI2SlQxMkdKbU5KOWVGOXp4N19HQm1SekR4TjV6ejExaFFPMnRsTEUtZWFRIiwieSI6IlB1TlZoLVdySi05b3RMdkpTWE5YTVFpM3o5cjFwRms4X09TdE02amhybEUifQ",
  "response_uri": "http://192.168.1.36:5003/siop/definitions/sphereonGuest/auth-responses/4446e50e-b54b-4293-8bfe-cbeba8722d06",
  "response_mode": "post",
  "nonce": "f198b9f2-bf9b-408e-bd38-189c296b9f91",
  "state": "4446e50e-b54b-4293-8bfe-cbeba8722d06",
  "client_metadata": {
    "id_token_signing_alg_values_supported": [
      "EdDSA",
      "ES256",
      "ES256K"
    ],
    "request_object_signing_alg_values_supported": [
      "EdDSA",
      "ES256",
      "ES256K"
    ],
    "response_types_supported": [
      "id_token"
    ],
    "scopes_supported": [
      "openid did_authn"
    ],
    "subject_types_supported": [
      "pairwise"
    ],
    "subject_syntax_types_supported": [
      "did:ion",
      "did:web",
      "did:jwk"
    ],
    "vp_formats": {
      "jwt_vc": {
        "alg": [
          "EdDSA",
          "ES256K"
        ]
      },
      "jwt_vp": {
        "alg": [
          "ES256K",
          "EdDSA"
        ]
      }
    }
  },
  "presentation_definition": {
    "id": "sphereonGuest",
    "purpose": "We want to know your name and e-mail address (will not be stored)",
    "input_descriptors": [
      {
        "id": "c2834d0e-3c95-4721-b21a-40e3d7ea2549",
        "name": "DBC DIIP interop",
        "purpose": "To issue a new credential your DBC DIIP Guest credential is required.",
        "constraints": {
          "fields": [
            {
              "path": [
                "$.credentialSubject.name",
                "$.vc.credentialSubject.name"
              ],
              "filter": {
                "type": "string",
                "pattern": "^DBC.*$"
              }
            }
          ]
        }
      }
    ]
  },
  "nbf": 1710871846,
  "jti": "799fe99b-0137-4623-9793-1140f7216ca1",
  "iss": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiI2SlQxMkdKbU5KOWVGOXp4N19HQm1SekR4TjV6ejExaFFPMnRsTEUtZWFRIiwieSI6IlB1TlZoLVdySi05b3RMdkpTWE5YTVFpM3o5cjFwRms4X09TdE02amhybEUifQ",
  "sub": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiI2SlQxMkdKbU5KOWVGOXp4N19HQm1SekR4TjV6ejExaFFPMnRsTEUtZWFRIiwieSI6IlB1TlZoLVdySi05b3RMdkpTWE5YTVFpM3o5cjFwRms4X09TdE02amhybEUifQ"
}

As you can see, there is no such item like presentation_definition_uri in that payload, so I am not really sure where the problem is.

I would really appreciate help in solving it! Thanks!

Mar 19 '24 18:03 flarocca

OID4VC-demo OID4VC-demo copied to clipboard

Errors in SIOP flow using Sphereom Wallet

OID4VC-demo
OID4VC-demo copied to clipboard