Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Verifying presentations with the /vc/ldp/verify endpoint #2693

Closed
PatStLouis opened this issue Jan 3, 2024 · 10 comments
Closed

[Question] Verifying presentations with the /vc/ldp/verify endpoint #2693

PatStLouis opened this issue Jan 3, 2024 · 10 comments

Comments

@PatStLouis
Copy link
Contributor

The endpoint accepts a "vp" in the body, so I'm assuming it can verify presentations. However, when I provide a vp it returns the following errors:

{
  "vp": {
    "type": [
      "type must include VerifiableCredential"
    ],
    "issuer": [
      "Missing data for required field."
    ],
    "issuanceDate": [
      "Missing data for required field."
    ],
    "credentialSubject": [
      "Missing data for required field."
    ]
  }
}

It looks like its still expecting a vc, is this the intended behavior?
@swcurran
Copy link
Contributor

swcurran commented Jan 3, 2024

Can you add the VP you provided? I’m guessing it did have those fields?

@swcurran
Copy link
Contributor

swcurran commented Jan 3, 2024

Note that a VP embeds an array of VCs in it, so it is not surprising that is expects a VC. Might not be the issue, but hard to tell without seeing the data.

@swcurran swcurran mentioned this issue Jan 3, 2024
Closed
@PatStLouis
Copy link
Contributor Author

PatStLouis commented Jan 4, 2024
edited
Loading

Here's a presentation. It can be verified with the uni verifier but aca-py returns the previous errors

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1"
    ],
    "type": [
        "VerifiablePresentation"
    ],
    "holder": "did:web:trace.opsec.id:organization:test-20",
    "verifiableCredential": [
        {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "type": [
                "VerifiableCredential"
            ],
            "issuer": {
                "id": "did:web:trace.opsec.id:organization:test-20"
            },
            "issuanceDate": "2022-05-01T00:00:00Z",
            "credentialSubject": {
                "id": "did:key:123"
            },
            "id": "urn:uuid:cc173c16-aabb-11ee-a29f-0242ac1b0006",
            "proof": {
                "type": "Ed25519Signature2018",
                "verificationMethod": "did:web:trace.opsec.id:organization:test-20#verkey",
                "proofPurpose": "assertionMethod",
                "created": "2024-01-04T04:43:26Z",
                "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..XNFLfGs2kjPp78CyoVZ0_N8rwrWnB60AAtkZ85pvCKpfi0TUMArEkONROCYL638E0VJu9jSY3PVBHOJS2jg9CA"
            }
        }
    ],
    "proof": {
        "type": "Ed25519Signature2018",
        "verificationMethod": "did:web:trace.opsec.id:organization:test-20#verkey",
        "proofPurpose": "assertionMethod",
        "created": "2024-01-04T04:51:59Z",
        "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..bl4CQueD30oTDiV1JdIPCTDXN_M1LfozScPnI6lOcVK1E5V3GuG4x9kmjzjY-XC_f5zXkv-o0636HThcA3QJAg"
    }
}

@swcurran
Copy link
Contributor

swcurran commented Jan 4, 2024

Definitely looks like the validation is expecting a VC, not a VP. In the embedded VC, all of the “missing items” are present, so it is not checking that.

A bit weird that the issuer is also presenting the credential, but I suppose anything is permitted.

@PatStLouis
Copy link
Contributor Author

I just signed a random presentation of a VC I issued to test the feature, I agree this is a bit redundant.

@PatStLouis
Copy link
Contributor Author

They seem to use the same code so that would make sense:
https://github.com/hyperledger/aries-cloudagent-python/blob/7ea0f1983a820aaf42cfef0b9b369f82aedf4be0/aries_cloudagent/vc/routes.py#L108C11-L108C11

@swcurran
Copy link
Contributor

swcurran commented Jan 4, 2024

@dbluhm — could you please take a quick look at this? Looks like it was part of this PR #2533 . Seems to be copy/paste error — same logic, but needs to be updated from a VC to a VP.

@PatStLouis
Copy link
Contributor Author

It's the de-serialization step, it currently uses the VerifiableCredential class for both the vc and vp de-serialization. Looking at the VerifiablePresentation class, it could use some love and add some assertions to bring it up to par with the VerifiableCredential class and de-serialize properly.

I can take this on.

I think down the line it would be great to decouple vc and vp into their own respective routes (adding /vp/ldp/issue+verify and limiting the /vc/ldp/issue+verify for vc exclusively).

I would also not get rid of the jsonld routes until issuance of a vp is enabled since the jsonld route can do that currently.

@swcurran
Copy link
Contributor

swcurran commented Jan 5, 2024

Thanks @PatStLouis . Agree on the /vc and /vp routes.

@PatStLouis PatStLouis mentioned this issue Jan 15, 2024
Merged
@PatStLouis
Copy link
Contributor Author

closing since #2710 was merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@swcurran @PatStLouis