Skip to content

Errors in SIOP flow using Sphereom Wallet #99

New issue
New issue
Open
Open
Errors in SIOP flow using Sphereom Wallet#99
@flarocca

Description

@flarocca
flarocca
opened on Mar 19, 2024

Hello! For educational and self-learning purposes I started to build my own rudimentary implementation of a Relying Party that uses SIOP protocol.
I am using the latest version of Sphereom Wallet and this demo branched off of main in parallel with my custom implementation.

The issue I am facing is on the wallet side, after scanning the QR code and getting the Auth Request, the Wallet Application shows the following error:

Unable to retrieve information.
Error: Request claims can't have 'presentation_definition' and 'presentation_definition_uri'

I started using my own implementation until I got stuck, then I turned to the Demo example, when I also got stuck with the same issue.
There seems to be a discrepancy between the SIOP Draft version the App uses and the one the Demo uses, but I am not being able to detect it.
The QR code renders this link:

openid://?request_uri=http%3A%2F%2F192.168.1.36%3A5003%2Fsiop%2Fdefinitions%2FsphereonGuest%2Fauth-requests%2F4446e50e-b54b-4293-8bfe-cbeba8722d06

And the result of that request uri looks like this:

JWT Encoded 
eyJhbGciOiJFUzI1NksiLCJraWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lJMlNsUXhNa2RLYlU1S09XVkdPWHA0TjE5SFFtMVNla1I0VGpWNmVqRXhhRkZQTW5Sc1RFVXRaV0ZSSWl3aWVTSTZJbEIxVGxab0xWZHlTaTA1YjNSTWRrcFRXRTVZVFZGcE0zbzVjakZ3Um1zNFgwOVRkRTAyYW1oeWJFVWlmUSMwIiwidHlwIjoiSldUIn0.eyJpYXQiOjE3MTA4NzE4NDYsImV4cCI6MTcxMDg3MTk2NiwicmVzcG9uc2VfdHlwZSI6InZwX3Rva2VuIiwic2NvcGUiOiJvcGVuaWQiLCJjbGllbnRfaWQiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lJMlNsUXhNa2RLYlU1S09XVkdPWHA0TjE5SFFtMVNla1I0VGpWNmVqRXhhRkZQTW5Sc1RFVXRaV0ZSSWl3aWVTSTZJbEIxVGxab0xWZHlTaTA1YjNSTWRrcFRXRTVZVFZGcE0zbzVjakZ3Um1zNFgwOVRkRTAyYW1oeWJFVWlmUSIsInJlc3BvbnNlX3VyaSI6Imh0dHA6Ly8xOTIuMTY4LjEuMzY6NTAwMy9zaW9wL2RlZmluaXRpb25zL3NwaGVyZW9uR3Vlc3QvYXV0aC1yZXNwb25zZXMvNDQ0NmU1MGUtYjU0Yi00MjkzLThiZmUtY2JlYmE4NzIyZDA2IiwicmVzcG9uc2VfbW9kZSI6InBvc3QiLCJub25jZSI6ImYxOThiOWYyLWJmOWItNDA4ZS1iZDM4LTE4OWMyOTZiOWY5MSIsInN0YXRlIjoiNDQ0NmU1MGUtYjU0Yi00MjkzLThiZmUtY2JlYmE4NzIyZDA2IiwiY2xpZW50X21ldGFkYXRhIjp7ImlkX3Rva2VuX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRWREU0EiLCJFUzI1NiIsIkVTMjU2SyJdLCJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVkRFNBIiwiRVMyNTYiLCJFUzI1NksiXSwicmVzcG9uc2VfdHlwZXNfc3VwcG9ydGVkIjpbImlkX3Rva2VuIl0sInNjb3Blc19zdXBwb3J0ZWQiOlsib3BlbmlkIGRpZF9hdXRobiJdLCJzdWJqZWN0X3R5cGVzX3N1cHBvcnRlZCI6WyJwYWlyd2lzZSJdLCJzdWJqZWN0X3N5bnRheF90eXBlc19zdXBwb3J0ZWQiOlsiZGlkOmlvbiIsImRpZDp3ZWIiLCJkaWQ6andrIl0sInZwX2Zvcm1hdHMiOnsiand0X3ZjIjp7ImFsZyI6WyJFZERTQSIsIkVTMjU2SyJdfSwiand0X3ZwIjp7ImFsZyI6WyJFUzI1NksiLCJFZERTQSJdfX19LCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbiI6eyJpZCI6InNwaGVyZW9uR3Vlc3QiLCJwdXJwb3NlIjoiV2Ugd2FudCB0byBrbm93IHlvdXIgbmFtZSBhbmQgZS1tYWlsIGFkZHJlc3MgKHdpbGwgbm90IGJlIHN0b3JlZCkiLCJpbnB1dF9kZXNjcmlwdG9ycyI6W3siaWQiOiJjMjgzNGQwZS0zYzk1LTQ3MjEtYjIxYS00MGUzZDdlYTI1NDkiLCJuYW1lIjoiREJDIERJSVAgaW50ZXJvcCIsInB1cnBvc2UiOiJUbyBpc3N1ZSBhIG5ldyBjcmVkZW50aWFsIHlvdXIgREJDIERJSVAgR3Vlc3QgY3JlZGVudGlhbCBpcyByZXF1aXJlZC4iLCJjb25zdHJhaW50cyI6eyJmaWVsZHMiOlt7InBhdGgiOlsiJC5jcmVkZW50aWFsU3ViamVjdC5uYW1lIiwiJC52Yy5jcmVkZW50aWFsU3ViamVjdC5uYW1lIl0sImZpbHRlciI6eyJ0eXBlIjoic3RyaW5nIiwicGF0dGVybiI6Il5EQkMuKiQifX1dfX1dfSwibmJmIjoxNzEwODcxODQ2LCJqdGkiOiI3OTlmZTk5Yi0wMTM3LTQ2MjMtOTc5My0xMTQwZjcyMTZjYTEiLCJpc3MiOiJkaWQ6andrOmV5SmhiR2NpT2lKRlV6STFOa3NpTENKMWMyVWlPaUp6YVdjaUxDSnJkSGtpT2lKRlF5SXNJbU55ZGlJNkluTmxZM0F5TlRack1TSXNJbmdpT2lJMlNsUXhNa2RLYlU1S09XVkdPWHA0TjE5SFFtMVNla1I0VGpWNmVqRXhhRkZQTW5Sc1RFVXRaV0ZSSWl3aWVTSTZJbEIxVGxab0xWZHlTaTA1YjNSTWRrcFRXRTVZVFZGcE0zbzVjakZ3Um1zNFgwOVRkRTAyYW1oeWJFVWlmUSIsInN1YiI6ImRpZDpqd2s6ZXlKaGJHY2lPaUpGVXpJMU5rc2lMQ0oxYzJVaU9pSnphV2NpTENKcmRIa2lPaUpGUXlJc0ltTnlkaUk2SW5ObFkzQXlOVFpyTVNJc0luZ2lPaUkyU2xReE1rZEtiVTVLT1dWR09YcDROMTlIUW0xU2VrUjRUalY2ZWpFeGFGRlBNblJzVEVVdFpXRlJJaXdpZVNJNklsQjFUbFpvTFZkeVNpMDViM1JNZGtwVFdFNVlUVkZwTTNvNWNqRndSbXM0WDA5VGRFMDJhbWh5YkVVaWZRIn0.H_EhUZtxipr_xUqyIyt1O_bnxWuEwkCbwhPQTU9PmOFox6RYkgUQhiwh48_0yPfg_50XA6gvJEKaCMsohv4VtA
JSON Payload (header and signature skipped for convenience) 
{
  "iat": 1710871846,
  "exp": 1710871966,
  "response_type": "vp_token",
  "scope": "openid",
  "client_id": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiI2SlQxMkdKbU5KOWVGOXp4N19HQm1SekR4TjV6ejExaFFPMnRsTEUtZWFRIiwieSI6IlB1TlZoLVdySi05b3RMdkpTWE5YTVFpM3o5cjFwRms4X09TdE02amhybEUifQ",
  "response_uri": "http://192.168.1.36:5003/siop/definitions/sphereonGuest/auth-responses/4446e50e-b54b-4293-8bfe-cbeba8722d06",
  "response_mode": "post",
  "nonce": "f198b9f2-bf9b-408e-bd38-189c296b9f91",
  "state": "4446e50e-b54b-4293-8bfe-cbeba8722d06",
  "client_metadata": {
    "id_token_signing_alg_values_supported": [
      "EdDSA",
      "ES256",
      "ES256K"
    ],
    "request_object_signing_alg_values_supported": [
      "EdDSA",
      "ES256",
      "ES256K"
    ],
    "response_types_supported": [
      "id_token"
    ],
    "scopes_supported": [
      "openid did_authn"
    ],
    "subject_types_supported": [
      "pairwise"
    ],
    "subject_syntax_types_supported": [
      "did:ion",
      "did:web",
      "did:jwk"
    ],
    "vp_formats": {
      "jwt_vc": {
        "alg": [
          "EdDSA",
          "ES256K"
        ]
      },
      "jwt_vp": {
        "alg": [
          "ES256K",
          "EdDSA"
        ]
      }
    }
  },
  "presentation_definition": {
    "id": "sphereonGuest",
    "purpose": "We want to know your name and e-mail address (will not be stored)",
    "input_descriptors": [
      {
        "id": "c2834d0e-3c95-4721-b21a-40e3d7ea2549",
        "name": "DBC DIIP interop",
        "purpose": "To issue a new credential your DBC DIIP Guest credential is required.",
        "constraints": {
          "fields": [
            {
              "path": [
                "$.credentialSubject.name",
                "$.vc.credentialSubject.name"
              ],
              "filter": {
                "type": "string",
                "pattern": "^DBC.*$"
              }
            }
          ]
        }
      }
    ]
  },
  "nbf": 1710871846,
  "jti": "799fe99b-0137-4623-9793-1140f7216ca1",
  "iss": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiI2SlQxMkdKbU5KOWVGOXp4N19HQm1SekR4TjV6ejExaFFPMnRsTEUtZWFRIiwieSI6IlB1TlZoLVdySi05b3RMdkpTWE5YTVFpM3o5cjFwRms4X09TdE02amhybEUifQ",
  "sub": "did:jwk:eyJhbGciOiJFUzI1NksiLCJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiI2SlQxMkdKbU5KOWVGOXp4N19HQm1SekR4TjV6ejExaFFPMnRsTEUtZWFRIiwieSI6IlB1TlZoLVdySi05b3RMdkpTWE5YTVFpM3o5cjFwRms4X09TdE02amhybEUifQ"
}

As you can see, there is no such item like presentation_definition_uri in that payload, so I am not really sure where the problem is.

I would really appreciate help in solving it!
Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions