Better support for OIDC4VP

[yhuard]

• I'm submitting a ... [ ] bug report [x] feature request [ ] question about the decisions made in the repository [ ] question about how to use this project

• Summary

Hi! In the OIDC4VP specs, the presentation_submission object is either in the id_token or in the vp_token itself. If I want to evaluate a VP using @sphereon/pex, I have to preprocess the verifiablePresentation param of the evaluatePresentation function. IMHO, it would be better to provide 2 separate params: 1 for presentation_submission, the other for verifiablePresentation. But this not my main request.

Right now, the evaluatePresentation requires the second param (verifiablePresentation) to be an IPresentation. How am I supposed to pass a JWT VP then? In my case, I would have a presentation_submission like:

        "presentation_submission": {
            "id": "Selective disclosure example presentation",
            "definition_id": "Selective disclosure example",
            "descriptor_map": [
                {
                    "id": "Ontario Health Insurance Plan",
                    "format": "jwt_vp",
                    "path": "$.presentation",
                    "path_nested": {
                        "format": "jwt_vc",
                        "path": "$.presentation.vp.verifiableCredential[0]"
                    }
                }
            ]
        }

And pass a verifiablePresentation object like this:

{
    "presentation":
        "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDpleGFtcGxlOmFiZmUxM2Y3MTIxMjA0
        MzFjMjc2ZTEyZWNhYiNrZXlzLTEifQ.eyJzdWIiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxY
        zI3NmUxMmVjMjEiLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsImlzc
        yI6Imh0dHBzOi8vZXhhbXBsZS5jb20va2V5cy9mb28uandrIiwibmJmIjoxNTQxNDkzNzI0LCJpYXQiO
        jE1NDE0OTM3MjQsImV4cCI6MTU3MzAyOTcyMywibm9uY2UiOiI2NjAhNjM0NUZTZXIiLCJ2YyI6eyJAY
        29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd
        3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZ
        UNyZWRlbnRpYWwiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjd
        CI6eyJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IjxzcGFuIGxhbmc9J2ZyL
        UNBJz5CYWNjYWxhdXLDqWF0IGVuIG11c2lxdWVzIG51bcOpcmlxdWVzPC9zcGFuPiJ9fX19.KLJo5GAy
        BND3LDTn9H7FQokEsUEi8jKwXhGvoN3JtRa51xrNDgXDb0cq1UTYB-rK4Ft9YVmR1NI_ZOF8oGc_7wAp
        8PHbF2HaWodQIoOBxxT-4WNqAxft7ET6lkH-4S6Ux3rSGAmczMohEEf8eCeN-jC8WekdPl6zKZQj0YPB
        1rx6X0-xlFBs7cl6Wt8rfBP_tZ9YgVWrQmUWypSioc0MUyiphmyEbLZagTyPlUyflGlEdqrZAv6eSe6R
        txJy6M1-lD7a5HTzanYTWBPAUHDZGyGKXdJw-W_x0IWChBzI8t3kpG253fg6V3tPgHeKXE94fz_QpYfg
        --7kLsyBAfQGbg"
}

In other terms, the evaluatePresentation should not make any assumption about the shape of the verfiablePresentation. It should only process it based on the information given by the new presentationSubmission param.

Or maybe I've missed some features of this lib. If it can already process JWT VP properly, please show me how. :)

Thanks!

[sksadjad]

Hi Yannick and thanks for contacting us. We will look into it and implement the support for it as soon as possible. In the mean time you can decode the JWT which should be acceptable as an ICredential.

[yhuard]

Hi @sksadjad, thanks for your feedback.

I also realise that the the lib doesn't support VC JWT either. So I have to fully decode both the JWT VP and each of the JWT VCs. I was hoping that @sphereon/pex would do it out of the box.

[nklomp]

Hi Yannick,

That is correct. Unfortunately we are lacking a bit on the JWT side of things. It is something we will be fixing soon and should be part of the next minor release (1.1.x).

I also agree with the separation of the VP and the submission BTW

[yhuard]

Thanks @nklomp, I'll keep an eye on the future releases :)