PEX
PEX copied to clipboard
Better support for OIDC4VP
-
I'm submitting a ... [ ] bug report [x] feature request [ ] question about the decisions made in the repository [ ] question about how to use this project
-
Summary
Hi!
In the OIDC4VP specs, the presentation_submission
object is either in the id_token
or in the vp_token
itself. If I want to evaluate a VP using @sphereon/pex
, I have to preprocess the verifiablePresentation
param of the evaluatePresentation
function. IMHO, it would be better to provide 2 separate params: 1 for presentation_submission
, the other for verifiablePresentation
. But this not my main request.
Right now, the evaluatePresentation
requires the second param (verifiablePresentation
) to be an IPresentation
. How am I supposed to pass a JWT VP then? In my case, I would have a presentation_submission like:
"presentation_submission": {
"id": "Selective disclosure example presentation",
"definition_id": "Selective disclosure example",
"descriptor_map": [
{
"id": "Ontario Health Insurance Plan",
"format": "jwt_vp",
"path": "$.presentation",
"path_nested": {
"format": "jwt_vc",
"path": "$.presentation.vp.verifiableCredential[0]"
}
}
]
}
And pass a verifiablePresentation
object like this:
{
"presentation":
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDpleGFtcGxlOmFiZmUxM2Y3MTIxMjA0
MzFjMjc2ZTEyZWNhYiNrZXlzLTEifQ.eyJzdWIiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxY
zI3NmUxMmVjMjEiLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsImlzc
yI6Imh0dHBzOi8vZXhhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO
jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY
29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd
3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZ
UNyZWRlbnRpYWwiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjd
CI6eyJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IjxzcGFuIGxhbmc9J2ZyL
UNBJz5CYWNjYWxhdXLDqWF0IGVuIG11c2lxdWVzIG51bcOpcmlxdWVzPC9zcGFuPiJ9fX19.KLJo5GAy
BND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp
8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB
1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdqrZAv6eSe6R
txJy6M1-lD7a5HTzanYTWBPAUHDZGyGKXdJw-W_x0IWChBzI8t3kpG253fg6V3tPgHeKXE94fz_QpYfg
--7kLsyBAfQGbg"
}
In other terms, the evaluatePresentation
should not make any assumption about the shape of the verfiablePresentation
. It should only process it based on the information given by the new presentationSubmission
param.
Or maybe I've missed some features of this lib. If it can already process JWT VP properly, please show me how. :)
Thanks!
Hi Yannick and thanks for contacting us.
We will look into it and implement the support for it as soon as possible. In the mean time you can decode the JWT
which should be acceptable as an ICredential
.
Hi @sksadjad, thanks for your feedback.
I also realise that the the lib doesn't support VC JWT either. So I have to fully decode both the JWT VP and each of the JWT VCs. I was hoping that @sphereon/pex
would do it out of the box.
Hi Yannick,
That is correct. Unfortunately we are lacking a bit on the JWT side of things. It is something we will be fixing soon and should be part of the next minor release (1.1.x).
I also agree with the separation of the VP and the submission BTW
Thanks @nklomp, I'll keep an eye on the future releases :)