a-sit-plus · nodh · Sep 27, 2024 · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,11 @@ Release NEXT:
    - Introudce `OAuth2Client` to extract creating authentication requests and token requests from OID4VCI `WalletService`
    - Refactor `SimpleAuthorizationService` to extract actual authentication and authorization into `AuthorizationServiceStrategy`
  - Implement JWE encryption with AES-CBC-HMAC algorithms
+ - SIOPv2/OpenID4VP: Support requesting and receiving claims from different credentials, i.e. a combined presentation
+   - Require request options on every method in `OidcSiopVerifier`
+   - Move `credentialScheme`, `representation`, `requestedAttributes` from `RequestOptions` to `RequestOptionsCredentials`
+   - In `OidcSiopVerifier` move `responseUrl` from constructor parameter to `RequestOptions`
+   - Add `IdToken` as result case to `OidcSiopVerifier.AuthnResponseResult`, when only an `id_token` is requested and received
 
 Release 4.1.2:
  * In `OidcSiopVerifier` add parameter `nonceService` to externalize creation and validation of nonces, e.g. for deployments in load-balanced environments

diff --git a/dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/PresentationDefinition.kt b/dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/PresentationDefinition.kt
@@ -20,11 +20,13 @@ data class PresentationDefinition(
     val purpose: String? = null,
     @SerialName("input_descriptors")
     val inputDescriptors: Collection<InputDescriptor>,
+    @Deprecated(message = "Removed in DIF Presentation Exchange 2.0.0", ReplaceWith("inputDescriptors.format"))
     @SerialName("format")
     val formats: FormatHolder? = null,
     @SerialName("submission_requirements")
     val submissionRequirements: Collection<SubmissionRequirement>? = null,
 ) {
+    @Deprecated(message = "Removed in DIF Presentation Exchange 2.0.0")
     constructor(
         inputDescriptors: Collection<InputDescriptor>,
         formats: FormatHolder

diff --git a/vck-aries/src/commonMain/kotlin/at/asitplus/wallet/lib/aries/PresentProofProtocol.kt b/vck-aries/src/commonMain/kotlin/at/asitplus/wallet/lib/aries/PresentProofProtocol.kt
@@ -1,31 +1,14 @@
 package at.asitplus.wallet.lib.aries
 
+import at.asitplus.dif.*
 import at.asitplus.signum.indispensable.josef.JsonWebKey
 import at.asitplus.signum.indispensable.josef.JwsAlgorithm
 import at.asitplus.wallet.lib.agent.Holder
 import at.asitplus.wallet.lib.agent.Verifier
 import at.asitplus.wallet.lib.data.AriesGoalCodeParser
 import at.asitplus.wallet.lib.data.ConstantIndex
 import at.asitplus.wallet.lib.data.SchemaIndex
-import at.asitplus.dif.Constraint
-import at.asitplus.dif.ConstraintField
-import at.asitplus.dif.ConstraintFilter
-import at.asitplus.dif.DifInputDescriptor
-import at.asitplus.dif.FormatContainerJwt
-import at.asitplus.dif.FormatHolder
-import at.asitplus.dif.PresentationDefinition
-import at.asitplus.wallet.lib.msg.AttachmentFormatReference
-import at.asitplus.wallet.lib.msg.JsonWebMessage
-import at.asitplus.wallet.lib.msg.JwmAttachment
-import at.asitplus.wallet.lib.msg.OutOfBandInvitation
-import at.asitplus.wallet.lib.msg.OutOfBandInvitationBody
-import at.asitplus.wallet.lib.msg.OutOfBandService
-import at.asitplus.wallet.lib.msg.Presentation
-import at.asitplus.wallet.lib.msg.PresentationBody
-import at.asitplus.wallet.lib.msg.RequestPresentation
-import at.asitplus.wallet.lib.msg.RequestPresentationAttachment
-import at.asitplus.wallet.lib.msg.RequestPresentationAttachmentOptions
-import at.asitplus.wallet.lib.msg.RequestPresentationBody
+import at.asitplus.wallet.lib.msg.*
 import com.benasher44.uuid.uuid4
 import io.github.aakira.napier.Napier
 import kotlinx.serialization.encodeToString
@@ -203,6 +186,7 @@ class PresentProofProtocol(
             .also { this.state = State.REQUEST_PRESENTATION_SENT }
     }
 
+    @Suppress("DEPRECATION")
     private fun buildRequestPresentationMessage(
         credentialScheme: ConstantIndex.CredentialScheme,
         parentThreadId: String? = null,

diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt
diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/helper/PresentationFactory.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/helper/PresentationFactory.kt
@@ -2,24 +2,24 @@ package at.asitplus.wallet.lib.oidc.helper
 
 import at.asitplus.KmmResult
 import at.asitplus.catching
-import at.asitplus.signum.indispensable.CryptoPublicKey
-import at.asitplus.signum.indispensable.josef.JwsSigned
-import at.asitplus.signum.indispensable.josef.toJsonWebKey
-import at.asitplus.wallet.lib.agent.CredentialSubmission
-import at.asitplus.wallet.lib.agent.Holder
-import at.asitplus.wallet.lib.agent.toDefaultSubmission
 import at.asitplus.dif.ClaimFormatEnum
 import at.asitplus.dif.FormatHolder
 import at.asitplus.dif.PresentationDefinition
-import at.asitplus.wallet.lib.data.dif.PresentationSubmissionValidator
-import at.asitplus.wallet.lib.jws.JwsService
 import at.asitplus.openid.AuthenticationRequestParameters
-import at.asitplus.wallet.lib.oidc.AuthenticationRequestParametersFrom
 import at.asitplus.openid.IdToken
 import at.asitplus.openid.OpenIdConstants.Errors
 import at.asitplus.openid.OpenIdConstants.ID_TOKEN
 import at.asitplus.openid.OpenIdConstants.VP_TOKEN
 import at.asitplus.openid.RelyingPartyMetadata
+import at.asitplus.signum.indispensable.CryptoPublicKey
+import at.asitplus.signum.indispensable.josef.JwsSigned
+import at.asitplus.signum.indispensable.josef.toJsonWebKey
+import at.asitplus.wallet.lib.agent.CredentialSubmission
+import at.asitplus.wallet.lib.agent.Holder
+import at.asitplus.wallet.lib.agent.toDefaultSubmission
+import at.asitplus.wallet.lib.data.dif.PresentationSubmissionValidator
+import at.asitplus.wallet.lib.jws.JwsService
+import at.asitplus.wallet.lib.oidc.AuthenticationRequestParametersFrom
 import at.asitplus.wallet.lib.oidvci.OAuth2Exception
 import io.github.aakira.napier.Napier
 import kotlinx.datetime.Clock
@@ -44,7 +44,7 @@ internal class PresentationFactory(
         val credentialSubmissions = inputDescriptorSubmissions
             ?: holder.matchInputDescriptorsAgainstCredentialStore(
                 inputDescriptors = presentationDefinition.inputDescriptors,
-                fallbackFormatHolder = presentationDefinition.formats ?: clientMetadata?.vpFormats,
+                fallbackFormatHolder = clientMetadata?.vpFormats,
             ).getOrThrow().toDefaultSubmission()
 
         presentationDefinition.validateSubmission(
@@ -129,9 +129,9 @@ internal class PresentationFactory(
             }
 
             val constraintFieldMatches = holder.evaluateInputDescriptorAgainstCredential(
-                inputDescriptor,
-                submission.value.credential,
-                fallbackFormatHolder = this.formats ?: clientMetadata?.vpFormats,
+                inputDescriptor = inputDescriptor,
+                credential = submission.value.credential,
+                fallbackFormatHolder = clientMetadata?.vpFormats,
                 pathAuthorizationValidator = { true },
             ).getOrThrow()
 

diff --git a/...st/kotlin/at/asitplus/wallet/lib/oidc/AuthenticationRequestParameterFromSerializerTest.kt b/...st/kotlin/at/asitplus/wallet/lib/oidc/AuthenticationRequestParameterFromSerializerTest.kt
@@ -1,8 +1,8 @@
 package at.asitplus.wallet.lib.oidc
 
 import at.asitplus.openid.AuthenticationRequestParameters
-import at.asitplus.wallet.lib.agent.HolderAgent
 import at.asitplus.wallet.lib.agent.EphemeralKeyWithoutCert
+import at.asitplus.wallet.lib.agent.HolderAgent
 import at.asitplus.wallet.lib.agent.VerifierAgent
 import at.asitplus.wallet.lib.data.ConstantIndex
 import at.asitplus.wallet.lib.oidvci.decodeFromUrlQuery
@@ -16,7 +16,6 @@ class AuthenticationRequestParameterFromSerializerTest : FreeSpec({
 
     val relyingPartyUrl = "https://example.com/rp/${uuid4()}"
     val walletUrl = "https://example.com/wallet/${uuid4()}"
-    val responseUrl = "https://example.com/rp/${uuid4()}"
 
     val holderKeyMaterial = EphemeralKeyWithoutCert()
     val oidcSiopWallet = OidcSiopWallet(
@@ -27,7 +26,6 @@ class AuthenticationRequestParameterFromSerializerTest : FreeSpec({
     val verifierSiop = OidcSiopVerifier(
         verifier = VerifierAgent(EphemeralKeyWithoutCert()),
         relyingPartyUrl = relyingPartyUrl,
-        responseUrl = responseUrl,
     )
 
     val representations = listOf(
@@ -39,8 +37,11 @@ class AuthenticationRequestParameterFromSerializerTest : FreeSpec({
 
     representations.forEach { representation ->
         val reqOptions = OidcSiopVerifier.RequestOptions(
-            credentialScheme = ConstantIndex.AtomicAttribute2023,
-            representation = representation,
+            credentials = setOf(
+                OidcSiopVerifier.RequestOptionsCredential(
+                    ConstantIndex.AtomicAttribute2023, representation
+                )
+            )
         )
 
         "URL test $representation" {