Interface for getting all the VCs when receiving an SDR as JWT

[simibac]

When I as a verifier create an SDR with the endpoint /createSelectiveDisclosureRequest, I get an JWT back. For my understanding, this JWT is sent to the entity (holder) that wants to access my service. The reason for sending the JWT instead the SDR object is because a signed JWT allows the holder to verify that the SDR is issued by the party that he wants to communicate with. Is that correct?

If the holder also uses a Veramo agent and it would be really helpful, if the API would provide an interface that allows the create of an SDR response based on a JWT. Currently, there is only the endpoint /getVerifiableCredentialsForSdr which expects an SDR object (not a JWT). Thus, the verifier has to send the JWT alongside the SDR whereas the JWT already contains all the relevant information.

[jasheal]

Correct, the SDR system is currently based on signed JWTs. Also when sent using DIDComm the payload is encrypted with the subjects public key. The JWT/SDR message handlers decode the message into a message object. The message object retains a copy of the raw JWT data too. Somewhere in your app logic you can run /getVerifiableCredentialsForSdr which will query for VCs that match the request. At this point most likely you will show some UI for the user to choose which credentials to present.

So, to summarise: Veramo doesn't know the JWT is an SDR message until it decodes it and creates the message object.