credo-controller icon indicating copy to clipboard operation
credo-controller copied to clipboard
Published 2 months ago verified publisher icon credebl

feat: OID4VCI/P with token implementation

Open tipusinghaw opened this issue 5 months ago • 4 comments

What

  • Implemented APIs for OID4VCI and OID4VP
  • Used version 0.6.0-alpha-20250325224513

Summary by CodeRabbit

  • New Features
    • Added OpenID4VC support (issuer, holder, verifier) with new REST endpoints for issuers, issuance/verification sessions, and holder flows.
    • Introduced DidComm module integration for transports, messaging, and OOB flows.
    • Expanded API for basic messages, connections, credentials, proofs via modular endpoints.
  • Bug Fixes
    • Forwarded messages now include original message type for easier tracing.
    • Safer credential format data retrieval prevents crashes on errors.
    • Temporarily disabled unstable presentation validation to avoid intermittent failures.
  • Performance
    • Tenant context lookups now cached to reduce repeated storage hits.
  • Chores
    • Upgraded to Credo TS 0.6 alpha and switched to OpenWallet Askar.
    • Added OpenID4VC dependency.

tipusinghaw avatar Aug 25 '25 05:08 tipusinghaw

[!IMPORTANT]

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Shifts dependencies to Credo TS 0.6 alpha, replaces aries-askar with openwallet-foundation/askar, patches upstream type/runtime behavior, introduces DidComm moduleization, and adds comprehensive OpenID4VC issuer/holder/verifier features with controllers, services, routes, and agent wiring. Several controllers/events migrate imports and access paths from core to didcomm.

Changes

Cohort / File(s) Summary
Dependency upgrades and replacements
package.json		 Bumps @credo-ts packages to 0.6.0-alpha; adds @credo-ts/openid4vc; replaces @hyperledger/aries-askar-nodejs with @openwallet-foundation/askar-nodejs; updates resolutions.
Upstream patches: anoncreds extensibility
patches/@credo-ts+anoncreds+0.6.0-.../001...patch		 Swaps Extensible for CredoExtensible in public types; adds repository type imports; exposes RegisterSchemaReturn; adjusts option types.
Upstream patches: core (0.5.15)
.../core+0.5.15+001...patch, .../003...patch, .../004...patch, .../005...patch		 Adds messageType to ForwardMessage/Plaintext; adds prettyVc?: any to JsonCredential; loosens VersionString to string; comments out validatePresentation; wraps CredentialsApi.getFormatData in try/catch.
Upstream patches: core (0.6 alpha)
.../core+0.6.0-alpha-.../001...patch, .../002...patch		 Adds optional messageType and index signature to PlaintextMessage; changes VersionString to string.
Upstream patches: didcomm (0.6 alpha)
patches/@credo-ts+didcomm+0.6.0-.../001...patch, .../002...patch, .../003...patch		 Adds messageType to ForwardMessage; adds prettyVc?: any; comments out validatePresentation call in DIF PE proof service.
Upstream patches: tenants cache
patches/@credo-ts+tenants+0.5.3+001...patch		 Adds in-memory LRU cache to TenantAgentContextProvider; updates constructor and private fields.
Agent wiring and transports
src/cliAgent.ts, src/utils/agent.ts, src/utils/oid4vc-agent.ts		 Adds DidComm/OOB/Mediation/etc. modules; switches to askar; routes inbound/outbound via didcomm; mounts OID4VC routers; adds credential request-to-credential mapper for OID4VC.
Did/Agent controllers migration
src/controllers/agent/AgentController.ts, src/controllers/did/DidController.ts		 Reads endpoints from didcomm module; mediation routing via modules.mediationRecipient.
DidComm controllers migration
src/controllers/didcomm/.../BasicMessageController.ts, .../connections/ConnectionController.ts, .../credentials/CredentialController.ts, .../outofband/OutOfBandController.ts, .../proofs/ProofController.ts		 Moves imports from core to didcomm; routes all calls via request.agent.modules.*; adjusts invitation retrieval/return; updates OOB config shapes and domains from didcomm config.
OpenID4VC controllers and services
src/controllers/openid4vc/**		 Adds Holder, Issuer, Verifier, IssuanceSessions, and VerificationSessions controllers/services; implements issuance, verification, proof, and holder flows; adds related request/response types.
Events migration
src/events/BasicMessageEvents.ts, src/events/ConnectionEvents.ts, src/events/CredentialEvents.ts, src/events/ProofEvents.ts, src/events/ReuseConnectionEvents.ts		 Moves event types to @credo-ts/didcomm; accesses modules.* for lookups and format data.
Routes and models surface
src/routes/routes.ts		 Registers new OID4VC endpoints; extends generated models (issuance/verifier records, enums, routing, display types); adjusts some existing model fields.
Types, enums, constants
src/controllers/types.ts, src/controllers/examples.ts, src/enums/enum.ts, src/utils/constant.ts		 Updates CustomTenantConfig; adds DisclosureFrame; migrates example type imports; adds SignerMethod enum; adds X509_CERTIFICATE_RECORD.
Config
tsoa.json		 Adds tsconfig reference to spec and routes sections.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Client
  participant HolderApp
  participant Agent
  participant OID4VC Holder Module
  participant Issuer Server

  Client->>HolderApp: POST /authorization-request (credentialOfferUri, credentials[])
  HolderApp->>Agent: resolveCredentialOffer(uri)
  Agent->>OID4VC Holder Module: initiateAuthorization(credentials)
  OID4VC Holder Module-->>HolderApp: {action, authorizationUrl?, codeVerifier?}

  alt Pre-Authorized
    HolderApp->>Agent: requestCredential(offer, preAuthCode/txCode)
    Agent->>Issuer Server: Token + Credential Requests
    Issuer Server-->>Agent: Credentials
    Agent-->>HolderApp: Stored credential references
  else Auth Code
    Client->>Issuer Server: Authorization (redirect)
    Issuer Server-->>HolderApp: code
    HolderApp->>Agent: requestCredential(offer, code, codeVerifier)
    Agent->>Issuer Server: Token + Credential Requests
    Issuer Server-->>Agent: Credentials
    Agent-->>HolderApp: Stored credential references
  end

sequenceDiagram
  autonumber
  participant VerifierApp
  participant Agent
  participant OID4VC Verifier Module
  participant UserWallet

  VerifierApp->>Agent: createVerifier / createAuthorizationRequest
  Agent->>OID4VC Verifier Module: build auth request (PEX)
  OID4VC Verifier Module-->>VerifierApp: authorizationRequestUri

  UserWallet->>OID4VC Verifier Module: Submit authorization response (presentations)
  OID4VC Verifier Module-->>Agent: Verification session updated
  Agent-->>VerifierApp: GET verification-session → normalized presentations

sequenceDiagram
  autonumber
  participant Sender
  participant EnvelopeService
  participant Router
  participant Recipient

  Sender->>EnvelopeService: Forward(message with @type)
  EnvelopeService->>EnvelopeService: forwardMessage.messageType = message["@type"]
  EnvelopeService->>Router: send(forwardMessage)
  Router-->>Recipient: deliver(forwardMessage)

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related issues

  • credebl/platform#1306 — Implements OpenID4VC issuance flows with issuer/controllers, issuance sessions, and routing.
  • credebl/platform#1308 — Adds OpenID4VC verifier controllers, verification sessions, and related service/types.

Suggested labels

feature

Suggested reviewers

  • GHkrishna
  • RinkalBhojani
  • shitrerohit

Poem

I thump my paws in tidy glee,
New routes hop in: OID4VC!
DidComm burrows, modules bloom,
Issuers, verifiers zoom.
Carrots cached, credentials stack—
Forward hops keep message track.
Ship it swift—then nibble snack! 🥕🐇

✨ Finishing touches
🧪 Generate unit tests
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment
  • [ ] Commit unit tests in branch feat/OID4VC-OID4VP-with-token-implementation

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Aug 25 '25 05:08 coderabbitai[bot]

@coderabbitai review

tipusinghaw avatar Aug 25 '25 08:08 tipusinghaw

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai[bot] avatar Aug 25 '25 08:08 coderabbitai[bot]

Quality Gate Passed Quality Gate passed

Issues
44 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
1.4% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Sep 12 '25 05:09 sonarqubecloud[bot]