bc-wallet-mobile
bc-wallet-mobile copied to clipboard
bcgov
"QR Code is invalid" erro when scanning OOB proof-request
When scanning an out-of-band proof-request, the BC Wallet displays a QR code is invalid error and appears to not complete the processing of the payload. However, after dismissing the camera screen, the proof-request is correctly displayed in the wallet and it can be responded to correctly (assuming the holder possesses the correct credentials to fulfill it).
c.c.: @Jsyro
Example out-of-band proof-request payload:
{
"@id":"c893661e-dadc-4aff-869e-ea4ccb4757e3",
"@type":"https://didcomm.org/out-of-band/1.1/invitation",
"goal_code":"request-proof",
"label":"vc-authn Out-of-Band present-proof authorization request",
"requests~attach":[
{
"@id":"request-0",
"mime-type":"application/json",
"data":{
"json":{
"@id":"c893661e-dadc-4aff-869e-ea4ccb4757e3",
"@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
"request_presentations~attach":[
{
"@id":"libindy-request-presentation-0",
"mime-type":"application/json",
"data":{
"base64":"eyJub25jZSI6ICI3NzQ4MjkyNzUxNjUwNjk2NTE1NDk0ODYiLCAibmFtZSI6ICJwcm9vZl9yZXF1ZXN0ZWQiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsicmVxX2F0dHJfMCI6IHsicmVzdHJpY3Rpb25zIjogW10sICJuYW1lIjogImZpcnN0X25hbWUifSwgInJlcV9hdHRyXzEiOiB7InJlc3RyaWN0aW9ucyI6IFtdLCAibmFtZSI6ICJsYXN0X25hbWUifX0sICJyZXF1ZXN0ZWRfcHJlZGljYXRlcyI6IHt9fQ=="
}
}
],
"comment":"None",
"~service":"None"
}
}
}
],
"services":[
"did:sov:EXrhGcG9VYSV2QA8m66B3P"
]
}
Correct proof-request screen after error:
@esune , @Jsyro, can you provide steps on how to reproduce these error? It can be from a fresh tenant in traction
@amanji, Is this still relevant? I know you made some changes to the mobile app after our original discussions.
@cvarjao you should be able to reproduce by running vc-authn (from the 2.0-development branch) and setting USE_OOB_PRESENT_PROOF to True.
@esune can you provide the steps/API calls using ACA-/traction instead? we are not running vc-authn
Wondering id @nodlesh can help here. Creating an OOB proof-request correctly is not particularly straightforward, so that is why I suggested using vc-authn as it would be just a configuration change. If he can't help, I'll see what I can put together.
I believe this issue can be closed. I have given a full explanation in a comment in #1147 on current results of this case, https://github.com/bcgov/bc-wallet-mobile/issues/1147#issuecomment-1832065321
I tested again with VC-AuthN (currently using ACA-Py 0.10.3) and the issue seems to have indeed been resolved: I was able to scan the QR code with an OOB proof-request and respond successfully. Thanks!
Wondering if this is still an issue, or has become an issue again?
I'm testing out with VCAuthn. This is locally with ngrok and at the lab… so not sure if there's possible interference from that setup, however as shown below this setup is working for connectionless, so I doubt it.
If I set VCAuthN to the OOB mode I get an invalid QR code when scanning with the wallet.
Steps to reproduce each case are:
1. Pull vcauthn repo
2. Set the USE_OOB_PRESENT_PROOF value to desired for test case
3. Start up
4. Start up the demo app and login
Scan QR code with freshly opened BC Wallet
Connectionless (USE_OOB_PRESENT_PROOF false)
The QR code resolves to something like https://a33f-207-81-220-83.ngrok-free.app/url/pres_exch/4fe9a2d7-f57f-482f-b82c-5bdb1ec93481
The payload this redirects to is
{
"@id": "874b772e-acca-4e9c-88c6-f6962166c873",
"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
"request_presentations~attach": [
{
"@id": "libindy-request-presentation-0",
"mime-type": "application/json",
"data": {
"base64": "eyJub25jZSI6ICI4ODU1NjQ2MjU3NzI5MTgzOTkyODk3NTMiLCAibmFtZSI6ICJwcm9vZl9yZXF1ZXN0ZWQiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsicmVxX2F0dHJfMCI6IHsibmFtZXMiOiBbImdpdmVuX25hbWVzIiwgImZhbWlseV9uYW1lIiwgImNvdW50cnkiXSwgInJlc3RyaWN0aW9ucyI6IFt7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIkw2QVNqbUREYkRIN3lQTDF0MnlGajkifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJRRXF1QUhrTTM1dzRYVlQzS3U1eWF0In0sIHsic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTTZkaHVGajVVd2JoV2tTTG12WVNQYyJ9XSwgIm5vbl9yZXZva2VkIjogeyJmcm9tIjogMTcwODAyMzg4MywgInRvIjogMTcwODAyMzg4M319fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge319"
}
}
],
"comment": null,
"~service": {
"recipientKeys": [
"6PmHCm4rJWVE1y9u7MxRiro7j6zzo9XWuKYDAChyivbS"
],
"routingKeys": null,
"serviceEndpoint": "https://d6e1-207-81-220-83.ngrok-free.app"
}
}
Out of band (USE_OOB_PRESENT_PROOF false)
Payload from redirect from https://b6c4-207-81-220-83.ngrok-free.app/url/pres_exch/e0e48509-8174-46f7-995c-32d8ad6033cd
{
"@id": "ee52a798-22ff-4f95-ae36-333ada28aa2b",
"@type": "https://didcomm.org/out-of-band/1.1/invitation",
"goal_code": "request-proof",
"label": "vc-authn Out-of-Band present-proof authorization request",
"requests~attach": [
{
"@id": "request-0",
"mime-type": "application/json",
"data": {
"json": {
"@id": "ee52a798-22ff-4f95-ae36-333ada28aa2b",
"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
"request_presentations~attach": [
{
"@id": "libindy-request-presentation-0",
"mime-type": "application/json",
"data": {
"base64": "eyJub25jZSI6ICIzODYyNDkyMjc1MzEyMjk4Mjc5MDQ5MTkiLCAibmFtZSI6ICJwcm9vZl9yZXF1ZXN0ZWQiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsicmVxX2F0dHJfMCI6IHsibmFtZXMiOiBbImdpdmVuX25hbWVzIiwgImZhbWlseV9uYW1lIiwgImNvdW50cnkiXSwgInJlc3RyaWN0aW9ucyI6IFt7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIkw2QVNqbUREYkRIN3lQTDF0MnlGajkifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJRRXF1QUhrTTM1dzRYVlQzS3U1eWF0In0sIHsic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTTZkaHVGajVVd2JoV2tTTG12WVNQYyJ9XSwgIm5vbl9yZXZva2VkIjogeyJmcm9tIjogMTcwODAyNDIzMiwgInRvIjogMTcwODAyNDIzMn19fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge319"
}
}
],
"comment": null,
"~service": null
}
}
}
],
"services": [
"6PmHCm4rJWVE1y9u7MxRiro7j6zzo9XWuKYDAChyivbS"
]
}
I tested from home and am getting the same error - BC Wallet version 1.0.15 Build (1531)
@loneil Can I gen the QR code so that I can try and reproduce with logging on?
That's a bit tricky, since this is running VCAuthN on my local, though it IS using ngrok so I could share a QR code with you maybe. We'd have to coordinate timing, could do over a call. (I could show you how to start up VCAuthN locally as well maybe) The other option is if there's a running VCAuthN env we could flip over the OOB flag. @esune do you know?
Probably the easiest would be to run VC-AuthN locally in demo mode. Instructions are in the repo readme, you'd have to change this line to true before running it to generate an OOB proof-request.
@jleach @cvarjao can we reopen this as it seems like it is broken again? @nodlesh do you still see errors related to this / #1147 in the test harness?
@esune, this is probably an Credo (former AFJ) issue, can you reproduce with just Credo? I've been trying to create a quick way to test over here: https://github.com/cvarjao/afj-perf-test/blob/main/src/lib.ts#L637
@cvarjao I have only tested with BC Wallet since I do not have a Credo agent I can use. Is there boilerplate I could use to run tests/ Otherwise I'll have to get some time to familiarize with the framework and set-up an agent/exchange to test.
It's also worth noting this worked when I tested on November 29th (unfortunately I don;t seem to have recorded the version of BC Wallet 😓 ).
@esune The OOB Proof Attachment BC Wallet regression tests for both Android and IOS are passing consistently.
@nodlesh is this for connection-less OOB proof requests? Conenction-based proofs might work differently. I might try gathering some info with remote logging.
@esune Yes, I believe this is connectionless. These tests are from before there was goal codes. So there are no goal codes in these tests.
I finally managed to run a test with OOB and remote logging (thanks @jleach, that was super easy!). BC Wallet scans the QR code and tells me it is in invalid URL - things don't work.
Remote logging doesn't show much, just a message about a received message once the QR code is scanned:
The payload returned by VC-AuthN can be seen here:
- The first payload uses a connection-less proof-request, and it works fine
- The second payload is using an OOB proof-request, and doesn't work
I'll try and take a look at AATH to see if I can figure out any differences in the payloads (@nodlesh if you have pointers to where to look or how to extract it let me know), but as-is I am a bit stuck in the investigation.
@esune Is it not the Goal Code that is the difference? Goal Codes are not used in AATH yet.
@esune Is it not the Goal Code that is the difference? Goal Codes are not used in AATH yet.
connection-less does not use goal codes at all. The OOB connection-less does, however I can't see how that would trigger the "invalid URL" bit (but I couldn't figure out what's going on under the hood in the wallet).
@cvarjao here is the vcauthn oob connectionless payload that is being rejected:
{
"@id": "2700f47e-0430-4f45-b34e-5c4057c6265a",
"@type": "https://didcomm.org/out-of-band/1.1/invitation",
"goal_code": "request-proof",
"label": "vc-authn Out-of-Band present-proof authorization request",
"requests~attach": [
{
"@id": "request-0",
"mime-type": "application/json",
"data": {
"json": {
"@id": "2700f47e-0430-4f45-b34e-5c4057c6265a",
"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
"request_presentations~attach": [
{
"@id": "libindy-request-presentation-0",
"mime-type": "application/json",
"data": {
"base64": "eyJub25jZSI6ICIyMDg2Mjk2OTc3ODY1OTA2MDk5MTAwNjMiLCAibmFtZSI6ICJwcm9vZl9yZXF1ZXN0ZWQiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsicmVxX2F0dHJfMCI6IHsibmFtZXMiOiBbImdpdmVuX25hbWVzIiwgImZhbWlseV9uYW1lIiwgImNvdW50cnkiXSwgInJlc3RyaWN0aW9ucyI6IFt7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIkw2QVNqbUREYkRIN3lQTDF0MnlGajkifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJRRXF1QUhrTTM1dzRYVlQzS3U1eWF0In0sIHsic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTTZkaHVGajVVd2JoV2tTTG12WVNQYyJ9XSwgIm5vbl9yZXZva2VkIjogeyJmcm9tIjogMTcxODA0MTcwMywgInRvIjogMTcxODA0MTcwM319fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge319"
}
}
],
"comment": null,
"~service": null
}
}
}
],
"services": [
{
"recipient_keys": [
"2gMSwKkZe1oA8H7jFCHSsGGeCoSH489N6PTc2Qtg8jKJ"
],
"routing_keys": [],
"service_endpoint": "https://0c25-75-156-98-192.ngrok-free.app",
"id": "did:vc-authn-oidc:123456789zyxwvutsr#did-communication",
"type": "did-communication",
"priority": 0
}
]
}
The error it rejects with is No message class found for message type "https://didcomm.org/out-of-band/1.1/invitation"
I searched both orgs (hyperledger and openwallet-foundation) and couldn't find the string "class found for" in any repo
@loneil are we good to close this issue with the fix we found yesterday?
I think we could close it as I believe there's no changes needed on the Wallet side going forward for this and we will make some changes in VCAuth-N (issue to come on that repo)
Relevant issue (and linked PR fix in there) https://github.com/bcgov/vc-authn-oidc/issues/545