diff --git a/auth/services/oauth/relying_party.go b/auth/services/oauth/relying_party.go index 5b4e8a344d..6960bf6d21 100644 --- a/auth/services/oauth/relying_party.go +++ b/auth/services/oauth/relying_party.go @@ -153,21 +153,23 @@ func (s *relyingParty) RequestRFC021AccessToken(ctx context.Context, requester d // if there's a match, create a VP and call the token endpoint // If the token endpoint succeeds, return the access token // If no presentation definition matches, return a 412 "no matching credentials" error - submission, credentials, err := presentationDefinition.Match(walletCredentials) + builder := presentationDefinition.PresentationSubmissionBuilder() + builder.AddWallet(requester, walletCredentials) + format, err := determineFormat(metadata.VPFormats) + if err != nil { + return nil, err + } + submission, signInstructions, err := builder.Build(format) if err != nil { return nil, fmt.Errorf("failed to match presentation definition: %w", err) } - if len(credentials) == 0 { + if signInstructions.Empty() { return nil, core.Error(http.StatusPreconditionFailed, "no matching credentials") } expires := time.Now().Add(time.Minute * 15) //todo nonce := nutsCrypto.GenerateNonce() - // determine the format to use - format, err := determineFormat(metadata.VPFormats) - if err != nil { - return nil, err - } - vp, err := s.wallet.BuildPresentation(ctx, credentials, holder.PresentationOptions{ + // todo: support multiple wallets + vp, err := s.wallet.BuildPresentation(ctx, signInstructions[0].VerifiableCredentials, holder.PresentationOptions{ Format: format, ProofOptions: proof.ProofOptions{ Created: time.Now(), diff --git a/vcr/pe/presentation_submission.go b/vcr/pe/presentation_submission.go index 5771e4443f..fa858d199a 100644 --- a/vcr/pe/presentation_submission.go +++ b/vcr/pe/presentation_submission.go @@ -75,9 +75,27 @@ type SignInstruction struct { inputDescriptorMappingObjects []InputDescriptorMappingObject } +// Empty returns true if there are no VCs in the SignInstruction. +func (signInstruction SignInstruction) Empty() bool { + return len(signInstruction.VerifiableCredentials) == 0 +} + +// SignInstructions is a list of SignInstruction. +type SignInstructions []SignInstruction + +// Empty returns true if all SignInstructions are empty. +func (signInstructions SignInstructions) Empty() bool { + for _, signInstruction := range []SignInstruction(signInstructions) { + if !signInstruction.Empty() { + return false + } + } + return true +} + // Build creates a PresentationSubmission from the added wallets. // The VP format is determined by the given format. -func (b *PresentationSubmissionBuilder) Build(format string) (PresentationSubmission, []SignInstruction, error) { +func (b *PresentationSubmissionBuilder) Build(format string) (PresentationSubmission, SignInstructions, error) { presentationSubmission := PresentationSubmission{ Id: uuid.New().String(), DefinitionId: b.presentationDefinition.Id,