credo-ts icon indicating copy to clipboard operation
credo-ts copied to clipboard

Published 20 hours ago verified publisher icon openwallet-foundation

Unable to share specific credential in a multi credential definition proof challenge.

Open trta2352 opened this issue 11 months ago • 6 comments

Wallet has 4 credentials. 2 times name_credential (same credential definition, different data) and 2 times email_credential(same credential definition, but different data). User then receives a proof challenge asking for both types of credentials. To fulfil the proof challenge user has to share 1 name_credential and 1 email_credential. But sine they have 2 of each type they have to choose which ones to share.

Using the following code I accept the proof challenge and I provide it with the filtered proof format containing the credentials I want to share.

   const acceptedRequest = await agent.proofs.acceptRequest({
            proofRecordId: proofRecord.id,
            proofFormats: credentialToShare,
          });

{
	"proofFormats":{
		"indy":{
			"attributes":{
				"f85c5f22-f03c-42cc-b597-1c8b1f292358":[
					{
						"credentialId":"51ce00f7-8351-47da-aa1c-2780f1d92bfb",
						"revealed":true,
						"credentialInfo":{
							"attributes":{
								"email":"[email protected]"
							},
							"credentialDefinitionId":"2jYo5xjBZe682KxZpxUyqY:3:CL:84:email_credential",
							"credentialId":"51ce00f7-8351-47da-aa1c-2780f1d92bfb",
							"schemaId":"2jYo5xjBZe682KxZpxUyqY:2:test_email:1.0",
							"credentialRevocationId":"34",
							"revocationRegistryId":"2jYo5xjBZe682KxZpxUyqY:4:2jYo5xjBZe682KxZpxUyqY:3:CL:84:email_credential:CL_ACCUM:2a79447c-def7-4f85-8f87-9507ae4b053f",
							"methodName":"indy"
						}
					}
				],
				"eed6a94d-e0d9-41a7-8390-34e1e55873d9":[
					{
						"credentialId":"fc89abd0-d4b6-4449-b436-950aad03558b",
						"revealed":true,
						"credentialInfo":{
							"attributes":{
								"name":"Miha Novak"
							},
							"credentialDefinitionId":"2jYo5xjBZe682KxZpxUyqY:3:CL:83:name_credential",
							"credentialId":"fc89abd0-d4b6-4449-b436-950aad03558b",
							"schemaId":"2jYo5xjBZe682KxZpxUyqY:2:test_name:1.0",
							"credentialRevocationId":"45",
							"revocationRegistryId":"2jYo5xjBZe682KxZpxUyqY:4:2jYo5xjBZe682KxZpxUyqY:3:CL:83:name_credential:CL_ACCUM:dfc725b9-b9ca-49cf-8c54-20c833c0667c",
							"methodName":"indy"
						}
					}
				]
			},
			"predicates":{
				
			}
		}
	}
}

Agent in this case completely disregards what I added in the proofFormats parameter and defaults to the credentials it deems that fulfil the proof challenge.

Using this code:

  const _credentialsForRequest = await agent.proofs.getCredentialsForRequest({
        proofRecordId: proofExchangeRecord[0].id,
      });

I get this:

{
	"proofFormats":{
		"indy":{
			"attributes":{
				"966cdcce-c812-4e3d-97d9-1a4be00acdd0":[
					{
						"credentialId":"186946ff-823f-4c05-8362-6f3ff0fdcd43",
						"revealed":true,
						"credentialInfo":{
							"attributes":{
								"email":"[email protected]"
							},
							"credentialDefinitionId":"2jYo5xjBZe682KxZpxUyqY:3:CL:84:email_credential",
							"credentialId":"186946ff-823f-4c05-8362-6f3ff0fdcd43",
							"schemaId":"2jYo5xjBZe682KxZpxUyqY:2:test_email:1.0",
							"credentialRevocationId":"33",
							"revocationRegistryId":"2jYo5xjBZe682KxZpxUyqY:4:2jYo5xjBZe682KxZpxUyqY:3:CL:84:email_credential:CL_ACCUM:2a79447c-def7-4f85-8f87-9507ae4b053f",
							"methodName":"indy"
						}
					},
					{
						"credentialId":"51ce00f7-8351-47da-aa1c-2780f1d92bfb",
						"revealed":true,
						"credentialInfo":{
							"attributes":{
								"email":"[email protected]"
							},
							"credentialDefinitionId":"2jYo5xjBZe682KxZpxUyqY:3:CL:84:email_credential",
							"credentialId":"51ce00f7-8351-47da-aa1c-2780f1d92bfb",
							"schemaId":"2jYo5xjBZe682KxZpxUyqY:2:test_email:1.0",
							"credentialRevocationId":"34",
							"revocationRegistryId":"2jYo5xjBZe682KxZpxUyqY:4:2jYo5xjBZe682KxZpxUyqY:3:CL:84:email_credential:CL_ACCUM:2a79447c-def7-4f85-8f87-9507ae4b053f",
							"methodName":"indy"
						}
					}
				],
				"dba5129c-f1f5-4014-9b10-1072d2ff95a8":[
					{
						"credentialId":"41a30307-7aef-4b6e-83ca-0e847a5da442",
						"revealed":true,
						"credentialInfo":{
							"attributes":{
								"name":"Name 2"
							},
							"credentialDefinitionId":"2jYo5xjBZe682KxZpxUyqY:3:CL:83:name_credential",
							"credentialId":"41a30307-7aef-4b6e-83ca-0e847a5da442",
							"schemaId":"2jYo5xjBZe682KxZpxUyqY:2:test_name:1.0",
							"credentialRevocationId":"44",
							"revocationRegistryId":"2jYo5xjBZe682KxZpxUyqY:4:2jYo5xjBZe682KxZpxUyqY:3:CL:83:name_credential:CL_ACCUM:dfc725b9-b9ca-49cf-8c54-20c833c0667c",
							"methodName":"indy"
						}
					},
					{
						"credentialId":"fc89abd0-d4b6-4449-b436-950aad03558b",
						"revealed":true,
						"credentialInfo":{
							"attributes":{
								"name":"Miha Novak"
							},
							"credentialDefinitionId":"2jYo5xjBZe682KxZpxUyqY:3:CL:83:name_credential",
							"credentialId":"fc89abd0-d4b6-4449-b436-950aad03558b",
							"schemaId":"2jYo5xjBZe682KxZpxUyqY:2:test_name:1.0",
							"credentialRevocationId":"45",
							"revocationRegistryId":"2jYo5xjBZe682KxZpxUyqY:4:2jYo5xjBZe682KxZpxUyqY:3:CL:83:name_credential:CL_ACCUM:dfc725b9-b9ca-49cf-8c54-20c833c0667c",
							"methodName":"indy"
						}
					}
				]
			},
			"predicates":{
				
			}
		}
	}
}

So even though Aries knows that multiple credentials fulfil the proof challenge it automatically reverts to the first credential that was added per credential definition. In this case for name_credential thats "Name 2" and for email_credential is "[email protected]".

trta2352 avatar Mar 08 '24 11:03 trta2352