Verifier calculating encodedSessionTranscript

[dalebowie]

A Holder performing a presentation uses this library's helper functions of the form usingSessionTranscript_____. Under the covers these construct appropriately formed CBOR-encodings of a DataItem using custom extensions to an external CBOR library. Without access to those custom CBOR extensions, how can a Verifier make the same calculation?

I could see two potential solutions:

1. the library exports its cborEncode function so that verifiers can use it to calculate what the session transcript bytes should be; or
2. additional helper functions like the usingSessionTranscript_____ on DeviceResponse are added to the Verifier class so that they can be called instead.

[siacomuzzi]

+1, there is no need for the verifier to know how to construct the session transcript. We are implementing option 2 for v2 (see #16)
In the meantime, you need to install cbor-x as dependency (DataItem is already exported by the lib):

import { DataItem } from '@auth0/mdl';
import { Encoder } from 'cbor-x';

const cborEncode = (
  obj: unknown,
): Buffer => {
  const enc = new Encoder({
    tagUint8Array: false,
    useRecords: false,
    mapsAsObjects: false,
    useTag259ForMaps: false,
  });

  return enc.encode(obj);
};

const getSessionTranscriptBytes = (clId: string, respUri: string, nonce: string, mdocNonce: string) => cborEncode(
  DataItem.fromData([
    null, // DeviceEngagementBytes
    null, // EReaderKeyBytes
    [mdocNonce, clId, respUri, nonce], // Handover = OID4VPHandover
  ]),
);

const verifier = new Verifier(ISSUERS_CERTIFICATES);
await verifier.verify(encodedDeviceResponse, {
  encodedSessionTranscript: getSessionTranscriptBytes(clientId, responseUri, verifierGeneratedNonce, mdocGeneratedNonce),
});