Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

selectFrom method requires all credentials to match all input descriptors #114

Closed
TimoGlastra opened this issue May 30, 2023 · 5 comments
Closed

selectFrom method requires all credentials to match all input descriptors #114

TimoGlastra opened this issue May 30, 2023 · 5 comments
Assignees
@sksadjad
Labels
in progress Work is being done

Comments

@TimoGlastra
Copy link
Contributor

TimoGlastra commented May 30, 2023
edited
Loading

  • I'm submitting a ...
    [x] bug report

  • Summary

It seems that the PEX library (both v1 and v2 it seems), require all credentials to match all input_descriptors. I've created a code sandbox which reproduces the issue: https://replit.com/@timo10/PEX-Playground#index.ts.

It's run with two credentials from two issuers did:web:vc.transmute.world and did:web:animo.id. there's two input descriptors, where the first one requires did:web:animo.id to be the issuer, and the second one did:web:vc.transmute.world. Running it with a single input descriptor, will yield the correct result, as well as changing the input descriptors so a potentional credential will match all input descriptors (so two input_descriptors that match did:web:animo.id.

Maybe I'm completely misunderstanding PEX, but it is not required AFAIK for all credentials to match all input_descriptors. This is how you can request multiple credentials from a holder.

  • Other information (e.g. detailed explanation, stack traces, related issues, suggestions how to fix, links for us to have context, eg. StackOverflow, personal fork, etc.)
Credentials 
[
   {
      "@context":[
         "https://www.w3.org/2018/credentials/v1",
         "https://www.w3.org/2018/credentials/examples/v1"
      ],
      "id":"http://example.gov/credentials/3732",
      "type":[
         "VerifiableCredential",
         "UniversityDegreeCredential"
      ],
      "issuer":"did:web:vc.transmute.world",
      "issuanceDate":"2020-03-16T22:37:26.544Z",
      "credentialSubject":{
         "id":"did:key:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd",
         "degree":{
            "type":"BachelorDegree",
            "name":"Bachelor of Science and Arts"
         }
      },
      "proof":{
         "type":"Ed25519Signature2018",
         "created":"2020-04-02T18:28:08Z",
         "verificationMethod":"did:web:vc.transmute.world#z6MksHh7qHWvybLg5QTPPdG2DgEjjduBDArV9EF9mRiRzMBN",
         "proofPurpose":"assertionMethod",
         "jws":"eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..YtqjEYnFENT7fNW-COD0HAACxeuQxPKAmp4nIl8jYAu__6IH2FpSxv81w-l5PvE1og50tS9tH8WyXMlXyo45CA"
      }
   },
   {
      "@context":[
         "https://www.w3.org/2018/credentials/v1",
         "https://www.w3.org/2018/credentials/examples/v2"
      ],
      "id":"http://example.gov/credentials/1231231",
      "type":[
         "VerifiableCredential",
         "UniversityDegreeCredential"
      ],
      "issuer":"did:web:animo.id",
      "issuanceDate":"2020-03-16T22:37:26.544Z",
      "credentialSubject":{
         "id":"did:key:z6MkjRagNiMu91DduvCvgEsqLZDVzrJzFrwahc4tXLt9DoHd",
         "degree":{
            "type":"BachelorDegree",
            "name":"Bachelor of Fights"
         }
      },
      "proof":{
         "type":"Ed25519Signature2018",
         "created":"2020-04-02T18:28:08Z",
         "verificationMethod":"did:web:animo.id#z6MksHh7qHWvybLg5QTPPdG2DgEjjduBDArV9EF9mRiRzMBN",
         "proofPurpose":"assertionMethod",
         "jws":"eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..YtqjEYnFENT7fNW-COD0HAACxeuQxPKAmp4nIl8jYAu__6IH2FpSxv81w-l5PvE1og50tS9tH8WyXMlXyo45CA"
      }
   }
]
Presentation Definition 
{
   "id":"31e2f0f1-6b70-411d-b239-56aed5321884",
   "purpose":"To check if you have a valid college degree.",
   "input_descriptors":[
      {
         "id":"df2accf9-1ecb-4f4e-af6d-21be152a881b",
         "purpose":"You must have a valid Bachelor Degree issued by Animo.",
         "schema":[
            {
               "uri":"https://www.w3.org/2018/credentials/v1"
            }
         ],
         "constraints":{
            "fields":[
               {
                  "path":[
                     "$.issuer",
                     "$.vc.issuer",
                     "$.iss"
                  ],
                  "filter":{
                     "type":"string",
                     "pattern":"did:web:animo.id"
                  }
               }
            ]
         }
      },
      {
         "id":"867bfe7a-5b91-46b2-9ba4-70028b8d9cc8",
         "purpose":"You must have a valid Bachelor Degree issued by Transmute.",
         "schema":[
            {
               "uri":"https://www.w3.org/2018/credentials/v1"
            }
         ],
         "constraints":{
            "fields":[
               {
                  "path":[
                     "$.issuer",
                     "$.vc.issuer",
                     "$.iss"
                  ],
                  "filter":{
                     "type":"string",
                     "pattern":"did:web:vc.transmute.world"
                  }
               }
            ]
         }
      }
   ]
}
Result 
{
   "errors":[
      {
         "tag":"FilterEvaluation",
         "status":"error",
         "message":"Input candidate failed filter evaluation: $.input_descriptors[0]: $.verifiableCredential[0]"
      },
      {
         "tag":"FilterEvaluation",
         "status":"error",
         "message":"Input candidate failed filter evaluation: $.input_descriptors[1]: $.verifiableCredential[1]"
      },
      {
         "tag":"MarkForSubmissionEvaluation",
         "status":"error",
         "message":"The input candidate is not eligible for submission: $.input_descriptors[0]: $.verifiableCredential[0]"
      },
      {
         "tag":"MarkForSubmissionEvaluation",
         "status":"error",
         "message":"The input candidate is not eligible for submission: $.input_descriptors[1]: $.verifiableCredential[1]"
      }
   ],
   "matches":[
      
   ],
   "areRequiredCredentialsPresent":"error",
   "verifiableCredential":[
      
   ],
   "warnings":[
      
   ]
}

cc @nklomp
@TimoGlastra
Copy link
Contributor Author

This issue might be related to #113

@sksadjad
Copy link
Contributor

sksadjad commented Jun 1, 2023

after reading the part in question again, we are sure that this problem is occurring because of an incorrect assumption on our part and we're expecting (in absence of SubmissionRequirement object) for all the VerifiableCredentials to match all the InputDescriptors, we will release a fix shortly

@TimoGlastra
Copy link
Contributor Author

Thanks a lot @sksadjad! :)

@TimoGlastra
Copy link
Contributor Author

To add some context here. This issue is also present when using submission_requirements with rule: all

@nklomp nklomp added the in progress Work is being done label Jun 28, 2023
@nklomp
Copy link
Contributor

nklomp commented Jul 10, 2023

Should be fixed in release 2.1.0

@nklomp nklomp closed this as completed Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sksadjad sksadjad

Labels
in progress Work is being done
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nklomp @TimoGlastra @sksadjad