aries-cloudagent-python `Anoncreds` Revoking one credential of many of the same type fails proof

`Anoncreds` Revoking one credential of many of the same type fails proof

Open jamshale opened this issue 9 months ago • 2 comments

With anoncreds specifically. If faber issues multiple credentials to alice of the same type and then revokes any of the credentials, the next proof request will fail verification.

Steps (using demo):

start faber ./run_demo run faber --wallet-type askar-anoncreds --revocation
start alice ./run_demo run alice --wallet-type askar-anoncreds
connect
issue 3 credentials to alice
revoke credential 2
request proof
result will be verified = false

Screencast from 2024-05-07 09:39:59 AM.webm

May 07 '24 16:05 jamshale

Sounds like this is either a bug in ACA-Py’s selection of a default credential to use when there are multiple — should choose the most recent non-revoked one, or in Alice picking the wrong one to use from a set.

May 07 '24 17:05 swcurran

That said, I don’t know how “default” is defined by ACA-Py. Presumably it is the first in the array of candidate VCs that could be used to satisfy the request.

May 07 '24 17:05 swcurran

aries-cloudagent-python aries-cloudagent-python copied to clipboard

`Anoncreds` Revoking one credential of many of the same type fails proof

aries-cloudagent-python
aries-cloudagent-python copied to clipboard