Added policies to verifyPresentation in credential-w3c module #990
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## next #990 +/- ##
==========================================
- Coverage 80.83% 80.63% -0.20%
==========================================
Files 116 118 +2
Lines 3981 4090 +109
Branches 867 896 +29
==========================================
+ Hits 3218 3298 +80
- Misses 760 789 +29
Partials 3 3 |
mirceanis
requested changes
Aug 12, 2022
There was a problem hiding this comment.
Kudos for attacking this problem from all fronts (including did-jwt)!
This is a good start but introduces some quirks too:
- the policies are JWT specific
- the new response only deals with JWT presentations, other formats are not handled which makes the API unclear.
- It would also be nice to have a similar approach to VCs too
If you don't mind, I'll mark this PR as draft until all the pieces align and we are able to bring in the policy support from did-jwt.
| return { verified: false, details: e.message } | ||
| } | ||
| else { | ||
| throw e |
There was a problem hiding this comment.
I really like this separation of concerns between legitimate errors and exceptional situations.
However, I'm not yet 100% sure we should be introducing an extra branch, though.
I'm concerned about the usability here where developers have to handle 3 situations: valid response, invalid response and thrown error.
This is not a critique of your approach (which I've also described in the past), but rather me venting my uncertainty :)
There was a problem hiding this comment.
Understandable, how do you propose we approach this issue?
There was a problem hiding this comment.
I suppose the simple answer would be to not re-throw an error in the exceptional case, but to return an object just like for the legitimate failures.
The difference would be that for the legitimate failures we can also identify the cause and populate the errorCode property of the error.
What do you think?
|
@mirceanis I was wondering whether you'd prefer if I create a |
mirceanis
reviewed
Aug 16, 2022
| return { verified: false, details: e.message } | ||
| } | ||
| else { | ||
| throw e |
There was a problem hiding this comment.
I suppose the simple answer would be to not re-throw an error in the exceptional case, but to return an object just like for the legitimate failures.
The difference would be that for the legitimate failures we can also identify the cause and populate the errorCode property of the error.
What do you think?
mirceanis
requested changes
Aug 16, 2022
There was a problem hiding this comment.
There are still some quirks left to be fixed:
- the policies are forwarded as-is to the lower levels
- The new result type is only returned for JWT presentations. Non-JWT presentation types should also be covered to have a usable API.
If you are willing to create different PR(s) to cover the non-JWT types, please say so, but otherwise we'll have to fix it in this PR.
I also made some comment suggestions and a compatibility suggestion for the new IError type
packages/core/src/types/IError.ts
Outdated
| /** | ||
| * The details of the error being throw or forwarded | ||
| */ | ||
| errorMessage?: string |
There was a problem hiding this comment.
let's use message to be compatible with native Error objects
Suggested change
| errorMessage?: string | |
| message: string |
Yes, that sounds like a good idea, although |
|
I think even if I proceed to create separate PRs for the |
|
If we align on the approach, then I think it would not take long to implement similar logic for all the |
Merged
mirceanis
added a commit
that referenced
this pull request
Sep 22, 2022
* chore(deps): update dependency openapi-types to v9.3.1 * fix(deps): update all non-major dependencies * fix(deps): update dependency express-handlebars to v6 * chore(deps): update devdeps * fix(deps): update dependency typeorm to v0.2.41 * fix(deps): update dependency did-jwt to v5.12.0 * JSON-LD Signature Support (#525) * feat(utils): add `@veramo/utils` package * feat(core): add common type definitions for credentials and presentations * feat(credential-ld) add `@veramo/credential-ld` packages * feat(credential-ld): added EcdsaSecp256k1RecoverySignature2020 and Ed25519Signature2018 credential signature and verification. * feat(credential-ld): added presentation creation and verification. * fix(credential-w3c): delegate `lds` proof types to `@veramo/credential-ld` if available. * fix(data-store): fixed save operation for LD credentials * feat(did-provider-key): fixed did:key dependencies, supporting only ed25519 x25519 and secp256k1 for now. * feat(credential-ld): included credential context from transmute library * refactor(credential-ld): simplify `CredentialIssuerLD` plugin initialization API * feat(credential-ld): proper mapping from local database keys to DID document verificationMethods * feat(cli): update default config to use `CredentialIssuerLD` module * feat(credential-w3c): autoselect presentation audience if it's a managed DID, for verification * feat(cli): add CLI methods to verify credentials and presentations Co-authored-by: Simonas Karuzas <simonas@not.cat> Co-authored-by: Mircea Nistor <mirceanis@gmail.com> fixes #273 fixes #756 relates to #586 relates to #588 * fix(credential-ld): include LDDefaultContexts in npm bundle * fix(credential-ld): include credential context and fix context loader Map * fix(deps): update dependency did-jwt-vc to v2.1.8 * chore(deps): update devdeps * feat(credential-ld): add option to fetch remote contexts This pattern is not recommended, but useful sometimes for debugging. This is a foot-gun. * docs: link to social (#764) * docs: update badges * fix(deps): update builders-and-testers * fix(remote-server): api-key-auth (#772) fixes #771 * fix(remote-server): web-did-doc-router options (#777) * fix(deps): update builders-and-testers * docs: rewrite readme and fix links fixes #785 * chore(deps): update dependency openapi-types to v10 * fix(deps): update dependency openapi-types to v10 * fix: fix inquirer prompt for subject DID during SDR fixes #790 * fix(deps): update builders-and-testers * fix(deps): update builders-and-testers * fix(deps): update dependency @ethersproject/random to v5.5.1 * fix(did-resolver): use interface `Resolvable` instead of the `Resolver` class and update dependencies * fix(deps): update dependency dotenv to v12 * chore(deps): update dependency ts-jest to v27.1.3 * chore: upgrade ethr-did-resolver * chore(deps): update devdeps * chore(deps): update dependency semantic-release to v19 * fix(deps): update dependency dotenv to v14 * chore(deps): update devdeps * fix(deps): update dependency commander to v9 * fix(key-manager): add missing uuid dependency (#807) * chore(deps): fix lockfile * test: add headless browser testing (#809) * version added, test:browser script added. * github workflows updated * fix(deps): pin dependencies * fix(deps): update did-libraries * chore(deps): pin dependencies * fix(deps): pin dependency typescript to 4.5.5 * fix(deps): update dependency dotenv to v16 * chore(deps): update devdeps * fix(deps): update all non-major dependencies * fix(deps): update dependency inquirer-autocomplete-prompt to v2 * chore(deps): update devdeps * fix(deps): update all non-major dependencies * chore(deps): update actions/setup-node action to v3 * fix(deps): update all non-major dependencies * chore(deps): update devdeps * feat(date-store-json): add JSON object storage implementation (#819) * feat(data-store-json): add JSON backed storage option * feat(data-store-json): add private-key-store * feat(data-store-json): use the same JSON object backend for all the data stores * feat(data-store-json): simplify JSON store APIs convert integration test to use a plain file as the backend for the JSON storage. * test(browser): use data-store-json in browser tests and unlock more test scenarios * test(browser): link local packages during browser tests * feat(core): define IDataStoreORM interface at the `@veramo/core` level * docs(core): add some inline documentation for the `IDataStoreORM` plugin interface. * docs(data-store-json): add some inline documentation for types defined in data-store-json * chore: commit updated schemas * chore(deps): pin dependencies * fix(deps): pin dependencies * chore(deps): update actions/checkout action to v3 * fix(deps): update builders-and-testers * feat: add key type definitions: 'Bls12381G1Key2020' and 'Bls12381G2Key2020' (#839) * Add key types: 'Bls12381G1Key2020' and 'Bls12381G2Key2020' Co-authored-by: Ilie Circiumaru <ici@zurich.ibm.com> * fix(deps): update dependency typescript to v4.6.3 * chore(deps): update devdeps * feat(utils): add 2 utility functions for inspecting ethr dids (#842) * feat(utils): Add 2 utility functions for inspecting ethr dids * chore: regenerate plugin schemas (#843) * chore: Regenerate did-comm plugin schema (#844) Co-authored-by: Nick Reynolds * fix(deps): update did-libraries * fix(deps): update builders-and-testers * chore(deps): update actions/cache action to v3 * chore(deps): update dependency ts-json-schema-generator to v1 * fix(deps): update dependency @types/react-dom to v18 * fix(deps): update dependency ts-json-schema-generator to v1 * fix(deps): update dependency web-did-resolver to v2.0.15 * chore(deps): update devdeps * fix(deps): update builders-and-testers * fix(data-store-json): structuredClone * fix(core): plugin schema * chore(deps): update devdeps * fix(deps): update builders-and-testers * fix(deps): update dependency web-did-resolver to v2.0.16 * chore(deps): update node.js to v18 * chore(deps): update devdeps * fix(deps): update dependency typescript to v4.6.4 * fix(deps): update dependency openapi-types to v11 * fix(deps): update dependency yaml to v2 * chore(deps): update devdeps * fix(deps): update dependency @microsoft/api-extractor to v7.23.1 * feat(credential-status): add credential status check plugin for Veramo (#874) * feat: add credential status plugin * chore: fixes according the feedback * chore: bump 'credential-status' dependency version * chore: update plugin's schema * fix(deps): update dependency @types/react to v18 * chore(deps): update devdeps * fix(data-store-json): structuredClone (#885) Fixes #857 * feat(did-provider-ethr): Using meta account * fix(credential-w3c): forward domain and challenge args to createVerifiablePresentationJwt (#887) * feat: create DIDComm JWE with multiple recipients (#888) * fix(deps): update dependency @ungap/structured-clone to v1 * fix(deps): update react monorepo to v18 * fix(credential-ld): remove fs dependency for JSON LD default contexts (#868) * remove fs dependency for JSON LD default contexts * add contexts/*.json files in the build output fixes #837 * feat: add partial match for dids and aliases in did discovery provider for data store * fix (deps) : update dependency typeorm to v0.3.6 (#901) Co-authored-by: ludovic duranteau <ludovic.duranteau@signaturelnd.com> * feat(cli): add choices when selecting credential Subject in CLI (#898) * Add choices when selecting credential Subject in CLI * Change from list input type to autocomplete * Remove validation when choosing subject DID * fix(deps): update all non-major dependencies * chore(deps): update devdeps * feat: update did-discover-provider to search by DID likeness in addition to name * chore: fix didDiscovery error test * chore(build): rename jest config file (#908) * fix(credential-status): simplify credential-status scripts * chore: rebuild lockfile * fix(cli): fix typo in command description (#913) * fix(credential-ld): fix EcdsaSecp256k1RecoverySignature2020 suite context (#909) * feat(data-store-json): BrowserLocalStorageStore (#914) * feat: CredentialIssuerEIP712 (#899) * fix(credential-eip712): update plugin schema (#915) * feat(credential-ld): add support for browser environments (#916) * fix(credential-ld): use @digitalcredentials instead of @digitalbazaar packages for better browser compatibility * test: add test-utils package and move `fake-did-provider` there * fix(credential-ld): bump @transmute and did-resolver dependencies * fix(credential-ld): include default `@contexts` in build * test(browser): use `stream-browserify` to enable `did:key` (from the @transmute implementation) * test(browser): enable all integration test suites in the browser test * fix(data-store-json): enable `dom` lib in `tsconfig.json` * test(browser): move browser sample app to packages/ to simplify package linking * chore(deps): update all non-major dependencies * chore(deps): update devdeps * fix(cli): update default CLI config to account for renamed class (#919) BREAKING CHANGE: ProfileDiscoveryProvider has been renamed to DataStoreDiscoveryProvider in #597. Please update your config accordingly * fix: update and fix inline documentation of all exported types (#921) * fix(build): use correct cross-package imports * chore(build): split build scripts for better granularity * docs(data-store-json): fix and augment inline documentation for public exports * docs(key-manager): add missing inline docs to exported classes * docs(kms-local): update inline docs for public classes * docs(message-handler): fix JSDoc links and update plugin documentation * docs(remote-server): fix inline docs * docs(url-handler): add description to UrlMessageHandler * docs(core): update and fix inline docs for @veramo/core exports * docs(selective-disclosure): update inline docs for @veramo/selective-disclosure exports * docs(credential-w3c): update inline docs for @veramo/credential-w3c exports * docs(data-store): fix and augment inline documentation for `@veramo/data-store` exports * docs(did-discovery): update and fix inline docs for @veramo/did-discovery exports * docs(did-comm): update and fix inline docs for @veramo/did-comm exports * docs(credential-eip712): update and fix inline docs for @veramo/credential-eip712 exports * fix(credential-status): update and fix type definitions and inline docs * docs(credential-ld): update and fix inline docs * fix(deps): bump api-extractor tools * docs(did-manager): update inline docs * docs(did-provider-key): add some inline docs * docs(did-resolver): update inline docs * docs(remote-client): add inline documentation for exports * fix(build): update lockfile and autogen tests * fix(deps): update did-libraries * fix(deps): use did-jwt v6 and ethr-did-resolver v6 (#925) * fix(deps): bump did-jwt to v6 and all related deps to latest closes #923 closes #848 * chore(deps): use ganache instead of ganache-cli This speeds up testing * fix(docs): fix relevant errors and warnings in TSDoc to enable proper docs generation on `@next` branch * fix(deps): update builders-and-testers (#930) * chore(ci): adjust renovate bot schedule to reduce CI spam * chore(ci): disable automatic pinning of dependencies * chore(deps): update dependency ganache to v7.3.0 * chore(deps): update devdeps (major) (#881) * chore(deps): update devdeps * fix(build): adjust browser-tests for jest v28 * force `jsonld` to resolve to `@digitalbazaar/jsonld` * run browser tests with `NODE_OPTIONS=--experimental-vm-modules` * explicitly install some jest packages Co-authored-by: Mircea Nistor <mirceanis@gmail.com> * * fix(deps): pin resolution of @types/eslint to unblock build with conflicting versions (#928) * chore(deps): update all non-major dependencies * fix(deps): pin resolution of @types/eslint to unblock build with conflicting versions Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Mircea Nistor <mirceanis@gmail.com> * feat(kms-web3): add a KMS implementation backed by a web3 provider (#924) closes #688 * chore(deps): fix lockfile * fix(kms-web3): use ethers _signTypedData (#939) fixes #938 * fix(deps): Update dependency web-did-resolver to v2.0.19 * fix(deps): update dependency openapi-types to v12 * fix(deps): replace @transmute/lds-ecdsa-secp256k1-recovery2020 with fork (#953) The fork uses `@digitalcredentials` variants of the JSON-LD libraries and upgrades some other dependencies to more maintained variants closes #952 * fix(deps): Bump `did-jwt`, `did-jwt-vc` as direct package deps (#955) * chore(ci): add PR template (#958) * chore(ci): move the PR template file * chore(ci): simplify the PR template * chore(ci): clarify the PR template * fix(deps): Update dependency @digitalcredentials/vc to v4 * fix(deps): Update dependency ethr-did-resolver to v6.0.2 (#964) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(credential-status): check credential status for all credential types (#949) fixes #934 * fix(did-provider-key) : fix typo in error message for `addKey` (#967) * feat(did-provider-ethr): use multiple networks per EthrDIDProvider (#969) * feat(did-manager): allow DID providers to match multiple prefixes * feat(did-provider-ethr): support multi-network config for EthrDIDProvider fixes #968 fixes #893 * feat(kms-web3): add ability to list provider accounts as keys (#965) fixes #933 * feat(data-store): use DataSource instead of Connection (#970) fixes #947 * feat(cli): in explore, allow copy to clipboard the text of identifier or credential or presentation (#902) * feat(cli): in explore, allow user to copy to clipboard the text of identifier or credential or presentation * feat(cli): add command to output selected credential or presentation * feat(did-manager): add`didManagerUpdate` method for full DID document updates (#974) fixes #971 this is also related to #960 and #948 * chore(core): update plugin schema * fix: deprecate the `save` parameter (#975) closes #966 * chore: create authors.md (#972) This page contains a list of the awesome humans behind Veramo * docs: update Twitter badge * feat: define an interface for credential status manager (#956) partially fixes #937 relates to #981 * feat(credential-status): rename plugin interfaces and methods fixes #981 * feat(credential-status): expect revoked boolean property from StatusMethods docs: fix inline docs broken references docs(kms-web3): add docs to kms-web3 * feat(did-resolver): simplify DIDResolverPlugin constructor (#986) fixes #976 * feat: add support for serviceEndpoint property as defined in latest DID Spec (#988) BREAKING CHANGE: the `did-resolver` and connected libraries change the data-type for `ServiceEndpoint` to `Service` and the previous semantic has changed. Services can have multiple endpoints, not just a single string. * feat(credential-w3c): add override policies to verifyPresentation (#990) relates to #375 relates to #954 * fix(deps): Update dependency did-jwt-vc to v3 * chore(deps): update postgres docker tag to v14 * feat(credential-w3c): align verification API between formats (#996) * feat(credential-w3c): align verification API between formats fixes #935 fixes #954 fixes #375 * test: add test cases for VC/VP verification policies * feat(credential-w3c): add extra options to VC/VP issuance and verification * fix: forward the `fetchRemoteContext` parameter to the document loader fixes #989 * feat(credential-w3c): add ICredentialPlugin interface in core package (#1001) closes #941 The `ICredentialIssuer` interface was moved to the core package, but is reexported by the `credential-w3c` package for compatibility.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What issue is this PR fixing
partially fixes #954
What is being changed
Adding the
IVerifyPresentionResponseinterface in the credential-w3c module to be able to implement better error handling, the new interface allows the errors to be communicated through an Object containing fields,verified,details,errorCode.verifieddefines the state of the verification process, whether it failed or is passed.detailscontains details regarding the failure for the verification process.errorCodecan be used to pass machine readable errorCodes from the lower level modules.Quality
Check all that apply:
yarn,yarn build,yarn test,yarn test:browserlocally.Details
Was unable to find specific verification tests in the
action-handler.test.tsin the credentials-w3c module so created another test suite like in credentialLD module for issue-verify-flow.