GithubHelp home page GithubHelp logo

walt-id / waltid-identity Goto Github PK

View Code? Open in Web Editor NEW
94.0 7.0 33.0 15.06 MB

All-in-one open-source identity and wallet toolkit.

License: Apache License 2.0

Kotlin 81.69% Dockerfile 0.28% JavaScript 0.84% TypeScript 3.77% Vue 13.33% CSS 0.02% Shell 0.07%
decentralized-identifiers decentralized-identity eudi-wallet iso-18013-5 mdl mdocs oid4vc openid4vc sd-jwt sd-jwt-vc

waltid-identity's People

Contributors

ahmedsmiai avatar alegomes avatar aridder avatar ayoubagrebi avatar chsavvaidis avatar dependabot[bot] avatar dinkar-jain avatar ivanpagac avatar lucianbuzzo avatar mikeplotean avatar philpotisk avatar sake avatar severinstampler avatar sunrisekcdeveloper avatar superbatata avatar taminobaumann avatar waltid-mikerichardson avatar waltkb avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

lucianbuzzo happy2c0de marinkobabic aridder sanjaykarke istovatis mz0in smandlavdiya kimmormh findyfi sunrisekcdeveloper allenyousef97 y12studio jrayback waltid-mikerichardson ivanpagac matteo-ms andresmontoyat jack-robson matt-verifiedorchestration lil-credits isblocksltd sake smartsensesolutions hrvoje459 muralikrishna009 empiremayur babisroutis vinayak0792 ydanneg

waltid-identity's Issues

Problems verifying (or issuing) a VP with waltid-identity stack

I'm working on a code sample on how to use the new identity stack to issue and verify credentials.

I can already create a VC, sign it and generate a presentation, but I couldn't yet succeed in the verification process. The signed JWT I'm generating for the VP doesn't seem to be in a good format.

It fails at JsonObject.getW3CType() with java.lang.IllegalArgumentException: No `type` supplied:

(this["type"] ?: this["vc"]?.jsonObject?.get("type") ?: this["vp"]?.jsonObject?.get("type")

In fact, the token generated does not have the expected structure.

{
   "iss":null,
   "sub":null,
   "vc":{
      "sub":"did:key:z6MkmpNWgxpZsH4SPytAJn1ezeYMEjWYEXCC2NHxm7QW9xHu",
      "nbf":1704123040,
      "iat":1704123100,
      "jti":"urn:uuid:4a6bad4f-efd7-47a1-86fa-fd7119c59857",
      "iss":"did:key:z6MkmpNWgxpZsH4SPytAJn1ezeYMEjWYEXCC2NHxm7QW9xHu",
      "nonce":"ABC123DEF456GHI789JKL",
      "vp":{
         "@context":[
            "https://www.w3.org/2018/credentials/v1"
         ],
         "type":[
            "VerifiablePresentation"
         ],
         "id":"urn:uuid:4a6bad4f-efd7-47a1-86fa-fd7119c59857",
         "holder":"did:key:z6MkmpNWgxpZsH4SPytAJn1ezeYMEjWYEXCC2NHxm7QW9xHu",
         "verifiableCredential":[
            {
              // (…)
            }
         ]
      }
   }
}

So my hypothesis is that I'm failing to generate the VP's signed JWT token. And so, my question is:

Is JwsSignatureScheme.sign() suitable for VP JWS token generation?

If so, is this structure valid for both VCs and VPs?

            mapOf(
                JwsOption.ISSUER to jwtOptions[JwsOption.ISSUER],
                JwsOption.SUBJECT to jwtOptions[JwsOption.SUBJECT],
                JwsOption.VC to data,
                *(jwtOptions.entries.map { it.toPair() }.toTypedArray())
            )

Last but not least, shouldn't PresentationBuilder.buildAndSign() return a String?

thanks so much and may we have a prosperous 2024
Alexandre Gomes

cross-device presentation redirects wallet to verifier success page on external device

When fulfilling a presentation request from the verifier portal on an external device using the cross-device presentation request (QR code), the wallet on the external device redirects to the success page of the verifier portal, which is not the expected behaviour.
For a cross-device presentation, that wallet should redirect to an internal success page, or back to the main page.
For the same-device flow, the wallet should redirect back to the success page of the verifier portal.

Idea:
When generating the presentation request and the underlying session, the verifier should respond with two URLs, one for the cross-device flow and one (optional) or multiple (for each supported web wallet) for the same-device flow. The base URLs of the supported known wallets for the same device flow could be a configuration option of the verifier portal backend, or given as a request property in the verify API call.

SD-JWT VC spec

As I just looked through the verifiable-credential lib, I noticed the W3CVC class is issuing W3C credentials as SD-JWT with the vc+sd-jwt type, which is not entirely correct.

The vc+sd-jwt credential format is NOT the same as a W3C credential issued as SD-JWT, as pointed out in the SD-JWT VC spec:

... Note: This specification does not utilize the W3C's Verifiable Credentials Data Model v1.0, v1.1, or v2.0.

Correcting Credential Identifier Assignment in Waltid Web Wallet

Hi there,

The proper way to assign a credential identifier, according to W3C VC Data Model 2.0, is via vc.credentialSubject.id instead of vc.id. This adjustment is needed within the Waltid-Identity codebase, precisely at this file and line. Proposed change:

val credentialId = credentialJwt.payload["vc"]!!.jsonObject["credentialSubject"]!!.jsonObject["id"]?.jsonPrimitive?.content?.takeIf { it.isNotBlank() }
    ?: randomUUID()

This issue leads to a org.sqlite.SQLiteException: [SQLITE_CONSTRAINT_PRIMARYKEY] A PRIMARY KEY constraint failed (UNIQUE constraint failed: credentials.wallet, credentials.id) error due to the credentialId not being unique.

Although I'm capable of creating a merge request to address this simple fix, but it is so simple :)

Verification method id in did documents not correctly constructed using key id

In the did documents (did:web and did:key), the verification method id is not constructed using the key id.
This makes the other methods reference a non-existing key.

e.g. a valid document would look like this (note the verificationMethod[0].id):

{
  "id": "did:web:entra.walt.id:holder",
  "verificationMethod": [
    {
      "id": "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf",
      "type": "JsonWebKey2020",
      "controller": "did:web:entra.walt.id:holder",
      "publicKeyJwk": {
        "kty": "EC",
        "use": "sig",
        "crv": "secp256k1",
        "kid": "48d8a34263cf492aa7ff61b6183e8bcf",
        "x": "TKaQ6sCocTDsmuj9tTR996tFXpEcS2EJN-1gOadaBvk",
        "y": "0TrIYHcfC93VpEuvj-HXTnyKt0snayOMwGSJA1XiDX8"
      }
    }
  ],
  "assertionMethod": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "authentication": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "capabilityInvocation": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "capabilityDelegation": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "keyAgreement": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ]
}

Erroneous did document for did:web not accepted by MS Entra

did:web documents as generated by DidService are erroneous, as the verification method #0 id does not correspond to the referenced ids of the other methods.
The document as created by the DidService is therefore not accepted by MS Entra, whereas if the method id is corrected it will be accepted:

Faulty document:

{
  "id": "did:web:entra.walt.id:holder",
  "verificationMethod": [
    {
      "id": "did:web:entra.walt.id:holder",
      "type": "JsonWebKey2020",
      "controller": "did:web:entra.walt.id:holder",
      "publicKeyJwk": {
        "kty": "EC",
        "use": "sig",
        "crv": "secp256k1",
        "kid": "48d8a34263cf492aa7ff61b6183e8bcf",
        "x": "TKaQ6sCocTDsmuj9tTR996tFXpEcS2EJN-1gOadaBvk",
        "y": "0TrIYHcfC93VpEuvj-HXTnyKt0snayOMwGSJA1XiDX8"
      }
    }
  ],
  "assertionMethod": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "authentication": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "capabilityInvocation": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "capabilityDelegation": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "keyAgreement": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ]
}

Correct document:

{
  "id": "did:web:entra.walt.id:holder",
  "verificationMethod": [
    {
      "id": "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf",
      "type": "JsonWebKey2020",
      "controller": "did:web:entra.walt.id:holder",
      "publicKeyJwk": {
        "kty": "EC",
        "use": "sig",
        "crv": "secp256k1",
        "kid": "48d8a34263cf492aa7ff61b6183e8bcf",
        "x": "TKaQ6sCocTDsmuj9tTR996tFXpEcS2EJN-1gOadaBvk",
        "y": "0TrIYHcfC93VpEuvj-HXTnyKt0snayOMwGSJA1XiDX8"
      }
    }
  ],
  "assertionMethod": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "authentication": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "capabilityInvocation": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "capabilityDelegation": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ],
  "keyAgreement": [
    "did:web:entra.walt.id:holder#48d8a34263cf492aa7ff61b6183e8bcf"
  ]
}

Error: Unsupported config option for services: 'verifier-api'

  1. https://github.com/walt-id/waltid-identity.git

  2. cd docker-compose && docker-compose up

Produces the following error:

ERROR: The Compose file './docker-compose.yaml' is invalid because:
Unsupported config option for services: 'verifier-api'

I am on ubuntu

SQL exception not handled at the `wallet/useOfferRequest` endpoint

At the http://{{wallet-server}}/wallet-api/wallet/{{wallet}}/exchange/useOfferRequest endpoint, when the wallet already have a claimed VC.

org.sqlite.SQLiteException: [SQLITE_CONSTRAINT_PRIMARYKEY] A PRIMARY KEY constraint failed (UNIQUE constraint failed: credentials.wallet, credentials.id)

Shouldn't this exception be handled and friendly translated to the end user?

Java implementation issue with Keys abstract class.

Hi Team,
I am experiencing this issue when extending the Keys class (id.walt.crypto.keys) from waltid-crypto-jvm-0.2.0.jar. The issue occurs only with the following methods since the java de-compiler adds a postfix (verifyRaw-0E7RQCE) with a dash character that Java does not support.
I would appreciate it if you could check and let me know.

  1. public abstract Object verifyRaw_0E7RQCE/* $FF was: verifyRaw-0E7RQCE*/(@NotNull byte[] var1, @nullable byte[] var2, @NotNull Continuation var3);
  2. public abstract Object verifyJws_gIAlu_s/* $FF was: verifyJws-gIAlu-s*/(@NotNull String var1, @NotNull Continuation var2);

Compact QR codes

Make use of value-by-reference for credentital offer and presentation definition in cross-device OpenID request urls, for more compact QR codes.

web-wallet: no matching manifest for linux/arm64/v8 in the manifest list entries

System:

Macbook pro M2

Trying to run the web-wallet and following this guide.

➜  docker-compose git:(main) ✗ docker compose up
[+] Running 0/21
 ⠧ vc-repo Pulling                                                                                                           1.7s
 ⠧ ingress Pulling                                                                                                           1.7s
 ⠧ web-portal 8 layers [⠀⠀⠀⠀⠀⠀⠀⠀]      0B/0B      Pulling                                                                    1.7s
   ⠼ 661ff4d9561e Waiting                                                                                                    0.4s
   ⠼ 89059ca18a98 Waiting                                                                                                    0.4s
   ⠼ 9bb776f8ddb0 Waiting                                                                                                    0.4s
   ⠼ ef0b6390b7f1 Waiting                                                                                                    0.4s
   ⠼ a15a9d425880 Waiting                                                                                                    0.4s
   ⠼ 1e712b2c24dd Waiting                                                                                                    0.4s
   ⠼ 8c46756e133c Waiting                                                                                                    0.4s
   ⠼ 9a8e93e2029b Waiting                                                                                                    0.4s
 ⠧ verifier-api 7 layers [⠀⠀⠀⠀⠀⠀⠀]      0B/0B      Pulling                                                                   1.7s
   ⠼ 3dd181f9be59 Pulling fs layer                                                                                           0.4s
   ⠼ 0f838805bddf Pulling fs layer                                                                                           0.4s
   ⠼ dfab58ae8b86 Pulling fs layer                                                                                           0.4s
   ⠼ c6cc1bdab538 Waiting                                                                                                    0.4s
   ⠼ cc590439cbf2 Waiting                                                                                                    0.4s
   ⠼ fca4b39976e3 Waiting                                                                                                    0.4s
   ⠼ 4f4fb700ef54 Waiting                                                                                                    0.4s
 ⠦ issuer-api 1 layers [⠀]      0B/0B      Pulling                                                                           1.7s
   ⠼ b6a121b98e02 Waiting                                                                                                    0.4s
no matching manifest for linux/arm64/v8 in the manifest list entries

Refactor openid4vc library

Currently, the openid4vc library provides interfaces that are more geared towards being a framework for use in the Wallet Kit than providing the necessary isolated functions as expected by the Issuer API and Verifier API, manifesting itself through needing various hacks to map outside data around the openid4vc library as to being able to run through the flows. This is currently a blocking issue for continuing with the cloud platform.

Classes and implementations thereof like OpenIDCredentialIssuer should not be needed, and no internal representation of state should exist within the library, as this then stops adhering to the definition of library and moves towards being a not flexible enough framework. For example open class CIProvider : OpenIDCredentialIssuer( ... ) with ... being various configuration is not flexible enough for dynamic usage as e.g. in the Cloud platform.

After the refactor, the openid4vc library should (only) provide:

  • serializable data classes for protocol requests and responses [probably already fine?]
  • isolated functions with state completely being provided through their arguments and the full mutated state being returned
  • no interfaces that require implementation of predefined functions (all of this shall be provided from the outside function caller instead of being invoked within the library) -> e.g. currently there are functions in the interface OpenIDCredentialIssuer that have to be implemented, with most of them not being flexible enough to not need hacks to bring in additional data, e.g. doGenerateCredential only having type, did, and nonce as arguments; the nonce not referring to the session state exposed to the library user / caller)
  • no hard dependencies to any platforms, web servers, or cryptography libraries (functions should be able to be called no matter what web server is used, should not require platform specific functionality, and cryptographic operations will be done by the library caller outside of the openid4vc library) [mostly already the case?]
  • no session and other state handling (call shall be able to define when/how/if to set & remove a session or view the different versions of the session object over time, handle session expiration conditions themselves)
  • by not having any internal state (all state provided from outside) all functions should be thread-safe/concurrency-safe

-> Mainly refers to OpenIDCredentialIssuer, OpenIDCredentialWallet, and OpenIDCredentialVerifier.

End deliverable/result is a single Kotlin function (which can already serve as unit test) which contains the function calls that can run through the whole flow (Issuer -> issues -> Wallet -> presents -> Verifier) by passing around the OIDC4VC data objects between functions (not doing real HTTP requests, you can make comments what HTTP endpoint would be called in that place).

2024-02-09 15:08:38 1221 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "push": com.sksamuel.hoplite.ConfigException: Error loading config because:

I am following the guide: https://github.com/walt-id/waltid-identity/tree/main/docker-compose
to run docker compose up

docker-compose-wallet-api-1 failed to start with following error:

2024-02-09 15:08:37 19 [main] INFO id.walt.webwallet.Application - Starting walt.id wallet...
2024-02-09 15:08:37 24 [main] DEBUG id.walt.webwallet.Application - Running in path: /waltid-wallet-api/.
2024-02-09 15:08:37 25 [main] INFO id.walt.webwallet.Application - Setting up...
2024-02-09 15:08:37 835 [main] INFO id.walt.webwallet.Application - Reading configurations...
2024-02-09 15:08:37 837 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configurations...
2024-02-09 15:08:37 842 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "db"...
2024-02-09 15:08:38 1115 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "tenant"...
2024-02-09 15:08:38 1157 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "web"...
2024-02-09 15:08:38 1189 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "push"...
2024-02-09 15:08:38 1221 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "push": com.sksamuel.hoplite.ConfigException: Error loading config because:
2024-02-09 15:08:38 
2024-02-09 15:08:38     - Could not instantiate 'id.walt.webwallet.config.PushConfig' because:
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'pushPublicKey': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'pushPrivateKey': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'pushSubject': Missing from config
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
2024-02-09 15:08:38 at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
2024-02-09 15:08:38 at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:32)
2024-02-09 15:08:38 at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:87)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.main(Application.kt:36)
2024-02-09 15:08:38 
2024-02-09 15:08:38 1221 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "wallet"...
2024-02-09 15:08:38 1235 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "marketplace"...
2024-02-09 15:08:38 1294 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "chainexplorer"...
2024-02-09 15:08:38 1327 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "runtime"...
2024-02-09 15:08:38 1342 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "oidc"...
2024-02-09 15:08:38 1359 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "oidc": com.sksamuel.hoplite.ConfigException: Error loading config because:
2024-02-09 15:08:38 
2024-02-09 15:08:38     - Could not instantiate 'id.walt.webwallet.config.OidcConfiguration' because:
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'enableOidcLogin': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'providerName': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'oidcRealm': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'oidcJwks': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'jwksCache': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'authorizeUrl': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'accessTokenUrl': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'logoutUrl': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'clientId': Missing from config
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'clientSecret': Missing from config
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
2024-02-09 15:08:38 at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
2024-02-09 15:08:38 at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:32)
2024-02-09 15:08:38 at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:87)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.main(Application.kt:36)
2024-02-09 15:08:38 
2024-02-09 15:08:38 1360 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "logins"...
2024-02-09 15:08:38 1368 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "logins": com.sksamuel.hoplite.ConfigException: Error loading config because:
2024-02-09 15:08:38 
2024-02-09 15:08:38     - Could not instantiate 'id.walt.webwallet.config.LoginMethodsConfig' because:
2024-02-09 15:08:38 
2024-02-09 15:08:38         - 'enabledLoginMethods': Missing from config
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
2024-02-09 15:08:38 at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
2024-02-09 15:08:38 at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
2024-02-09 15:08:38 at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:32)
2024-02-09 15:08:38 at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:87)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.main(Application.kt:36)
2024-02-09 15:08:38 
2024-02-09 15:08:38 1368 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "db.sqlite"...
2024-02-09 15:08:38 1395 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
2024-02-09 15:08:38 1522 [main] INFO com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Added connection org.sqlite.jdbc4.JDBC4Connection@56f521c6
2024-02-09 15:08:38 1524 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
2024-02-09 15:08:38 1530 [main] INFO id.walt.webwallet.db.Db - Connecting to database at "jdbc:sqlite:/waltid-wallet-api/data/data.db"...
2024-02-09 15:08:38 1581 [main] INFO Exposed - Preparing create tables statements took 22ms
2024-02-09 15:08:38 1586 [main] INFO Exposed - Executing create tables statements took 5ms
2024-02-09 15:08:38 1605 [main] INFO Exposed - Extracting table columns took 19ms
2024-02-09 15:08:38 1667 [main] INFO Exposed - Extracting primary keys took 61ms
2024-02-09 15:08:38 1668 [main] INFO Exposed - Preparing alter table statements took 82ms
2024-02-09 15:08:38 1668 [main] INFO Exposed - Executing alter table statements took 0ms
2024-02-09 15:08:38 1740 [main] INFO Exposed - Index on table 'issuers' differs only in name: in db issuers_name -> in mapping issuers_name_unique
2024-02-09 15:08:38 1741 [main] INFO Exposed - Index on table 'accounts' differs only in name: in db accounts_email -> in mapping accounts_email_unique
2024-02-09 15:08:38 1741 [main] INFO Exposed - Index on table 'web3wallets' differs only in name: in db web3wallets_address -> in mapping web3wallets_address_unique
2024-02-09 15:08:38 1741 [main] INFO Exposed - Index on table 'wallet_issuers' differs only in name: in db wallet_issuers_wallet_issuer -> in mapping wallet_issuers_wallet_issuer_unique
2024-02-09 15:08:38 1742 [main] INFO Exposed - Index on table 'oidclogins' differs only in name: in db oidclogins_oidcId -> in mapping oidclogins_oidcId_unique
2024-02-09 15:08:38 1743 [main] INFO Exposed - Checking mapping consistence took 75ms
2024-02-09 15:08:38 1758 [main] INFO id.walt.webwallet.Application - Starting web server (binding to 0.0.0.0, listening on port 7001)...
2024-02-09 15:08:38 1787 [DefaultDispatcher-worker-1] INFO ktor.application - Autoreload is disabled because the development mode is off.
2024-02-09 15:08:38 Exception in thread "main" io.ktor.server.plugins.NotFoundException: No loaded configuration: "oidc"
2024-02-09 15:08:38 at id.walt.webwallet.web.controllers.AuthControllerKt.configureSecurity(AuthController.kt:409)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.configurePlugins(Application.kt:50)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.module(Application.kt:62)
2024-02-09 15:08:38 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2024-02-09 15:08:38 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
2024-02-09 15:08:38 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2024-02-09 15:08:38 at java.base/java.lang.reflect.Method.invoke(Method.java:568)
2024-02-09 15:08:38 at kotlin.reflect.jvm.internal.calls.CallerImpl$Method.callMethod(CallerImpl.kt:97)
2024-02-09 15:08:38 at kotlin.reflect.jvm.internal.calls.CallerImpl$Method$Static.call(CallerImpl.kt:106)
2024-02-09 15:08:38 at kotlin.reflect.jvm.internal.KCallableImpl.callDefaultMethod$kotlin_reflection(KCallableImpl.kt:207)
2024-02-09 15:08:38 at kotlin.reflect.jvm.internal.KCallableImpl.callBy(KCallableImpl.kt:112)
2024-02-09 15:08:38 at io.ktor.server.engine.internal.CallableUtilsKt.callFunctionWithInjection(CallableUtils.kt:119)
2024-02-09 15:08:38 at io.ktor.server.engine.internal.CallableUtilsKt.executeModuleFunction(CallableUtils.kt:36)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading$launchModuleByName$1.invoke(ApplicationEngineEnvironmentReloading.kt:332)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading$launchModuleByName$1.invoke(ApplicationEngineEnvironmentReloading.kt:331)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.avoidingDoubleStartupFor(ApplicationEngineEnvironmentReloading.kt:356)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.launchModuleByName(ApplicationEngineEnvironmentReloading.kt:331)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.access$launchModuleByName(ApplicationEngineEnvironmentReloading.kt:32)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading$instantiateAndConfigureApplication$1.invoke(ApplicationEngineEnvironmentReloading.kt:319)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading$instantiateAndConfigureApplication$1.invoke(ApplicationEngineEnvironmentReloading.kt:310)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.avoidingDoubleStartup(ApplicationEngineEnvironmentReloading.kt:338)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.instantiateAndConfigureApplication(ApplicationEngineEnvironmentReloading.kt:310)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.createApplication(ApplicationEngineEnvironmentReloading.kt:150)
2024-02-09 15:08:38 at io.ktor.server.engine.ApplicationEngineEnvironmentReloading.start(ApplicationEngineEnvironmentReloading.kt:277)
2024-02-09 15:08:38 at io.ktor.server.cio.CIOApplicationEngine$initServerJob$1$2.invokeSuspend(CIOApplicationEngine.kt:207)
2024-02-09 15:08:38 at io.ktor.server.cio.CIOApplicationEngine$initServerJob$1$2.invoke(CIOApplicationEngine.kt)
2024-02-09 15:08:38 at io.ktor.server.cio.CIOApplicationEngine$initServerJob$1$2.invoke(CIOApplicationEngine.kt)
2024-02-09 15:08:38 at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:78)
2024-02-09 15:08:38 at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:167)
2024-02-09 15:08:38 at kotlinx.coroutines.BuildersKt.withContext(Unknown Source)
2024-02-09 15:08:38 at io.ktor.server.cio.CIOApplicationEngine$initServerJob$1.invokeSuspend(CIOApplicationEngine.kt:206)
2024-02-09 15:08:38 at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
2024-02-09 15:08:38 at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108)
2024-02-09 15:08:38 at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:115)
2024-02-09 15:08:38 at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:103)
2024-02-09 15:08:38 at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584)
2024-02-09 15:08:38 at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793)
2024-02-09 15:08:38 at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697)
2024-02-09 15:08:38 at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684)
2024-02-09 15:08:38 Exception in thread "DefaultDispatcher-worker-1" io.ktor.server.plugins.NotFoundException: No loaded configuration: "oidc"
2024-02-09 15:08:38 at id.walt.webwallet.web.controllers.AuthControllerKt.configureSecurity(AuthController.kt:409)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.configurePlugins(Application.kt:50)
2024-02-09 15:08:38 at id.walt.webwallet.ApplicationKt.module(Application.kt:62)
2024-02-09 15:08:38 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2024-02-09 15:08:38 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
2024-02-09 15:08:38 Will use sqlite database (jdbc:sqlite:/waltid-wallet-api/data/data.db), working directory: /waltid-wallet-api/.

Inconsistence in /wallet-api/auth/create

Version tested: v1.0.2401181053-SNAPSHOT

I think /wallet-api/auth/create endpoint could be more specific and consistent in the failed response messages.

Take a look at these four scenarios. They all demonstrate the API call with some missing field. However, the answers vary from one call to another.

Scenario 1. type field omitted.

Request

curl -X 'POST' \
  'http://localhost:4545/wallet-api/auth/create' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Max Mustermann",
  "email": "[email protected]",
  "password": "password"}'

Response

{"exception":"true","status":"Bad Request","code":"400","message":"Polymorphic serializer was not found for missing class discriminator ('null')\nJSON input: {\"name\":\"Max Mustermann\",\"email\":\"[email protected]\",\"password\":\"password\"}"}

Scenario 2. password field omitted

Request

curl -X 'POST' \
  'http://localhost:4545/wallet-api/auth/create' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Max Mustermann",
  "email": "[email protected]",
  "_password": "password",
  "type": "email"
}'

Response

{"exception":"true","status":"Bad Request","code":"400","message":"Field 'password' is required for type with serial name 'email', but it was missing at path: $"}

Scenario 3. email field omitted

Request

curl -X 'POST' \
  'http://localhost:4545/wallet-api/auth/create' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Max Mustermann",
  "_email": "[email protected]",
  "password": "password",
  "type": "email"
}'

Response

{"exception":"true","status":"Bad Request","code":"400","message":"Field 'email' is required for type with serial name 'email', but it was missing at path: $"}

Scenario 4. name field omitted

Request

curl -X 'POST' \
  'http://localhost:4545/wallet-api/auth/create' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "_name": "Max Mustermann",
  "email": "[email protected]",
  "password": "password",
  "type": "email"
}'

Response

{"exception":"true","status":"Internal Server Error","code":"500","message":"Could not register user"}

deflate-related issue when calling Issuer API using fetch()

Running the following JavaScript file using node...

const issueUrl = `https://issuer.waltid.findy.fi/openid4vc/sdjwt/issue`
const requestBody = {
  "issuanceKey": {
    "type": "local",
    "jwk": "{\"kty\":\"OKP\",\"d\":\"mDhpwaH6JYSrD2Bq7Cs-pzmsjlLj4EOhxyI-9DM1mFI\",\"crv\":\"Ed25519\",\"kid\":\"Vzx7l5fh56F3Pf9aR3DECU5BwfrY6ZJe05aiWYWzan8\",\"x\":\"T3T4-u1Xz3vAV2JwPNxWfs4pik_JLiArz_WTCvrCFUM\"}"
  },
  "issuerDid": "did:key:z6MkjoRhq1jSNJdLiruSXrFFxagqrztZaXHqHGUTKJbcNywp",
  "vc": {
    "@context": [
      "https://www.w3.org/2018/credentials/v1",
      "https://purl.imsglobal.org/spec/ob/v3p0/context.json"
    ],
    "id": "urn:uuid:THIS WILL BE REPLACED WITH DYNAMIC DATA FUNCTION (see below)",
    "type": [
      "VerifiableCredential",
      "OpenBadgeCredential"
    ],
    "name": "JFF x vc-edu PlugFest 3 Interoperability",
    "issuer": {
      "type": [
        "Profile"
      ],
      "id": "did:key:THIS WILL BE REPLACED WITH DYNAMIC DATA FUNCTION FROM CONTEXT (see below)",
      "name": "Jobs for the Future (JFF)",
      "url": "https://www.jff.org/",
      "image": "https://w3c-ccg.github.io/vc-ed/plugfest-1-2022/images/JFF_LogoLockup.png"
    },
    "issuanceDate": "2023-07-20T07:05:44Z (THIS WILL BE REPLACED BY DYNAMIC DATA FUNCTION (see below))",
    "expirationDate": "WILL BE MAPPED BY DYNAMIC DATA FUNCTION (see below)",
    "credentialSubject": {
      "id": "did:key:123 (THIS WILL BE REPLACED BY DYNAMIC DATA FUNCTION (see below))",
      "type": [
        "AchievementSubject"
      ],
      "achievement": {
        "id": "urn:uuid:ac254bd5-8fad-4bb1-9d29-efd938536926",
        "type": [
          "Achievement"
        ],
        "name": "JFF x vc-edu PlugFest 3 Interoperability",
        "description": "This wallet supports the use of W3C Verifiable Credentials and has demonstrated interoperability during the presentation request workflow during JFF x VC-EDU PlugFest 3.",
        "criteria": {
          "type": "Criteria",
          "narrative": "Wallet solutions providers earned this badge by demonstrating interoperability during the presentation request workflow. This includes successfully receiving a presentation request, allowing the holder to select at least two types of verifiable credentials to create a verifiable presentation, returning the presentation to the requestor, and passing verification of the presentation and the included credentials."
        },
        "image": {
          "id": "https://w3c-ccg.github.io/vc-ed/plugfest-3-2023/images/JFF-VC-EDU-PLUGFEST3-badge-image.png",
          "type": "Image"
        }
      }
    }
  }
}
const credParams = {
  method: 'POST',
  headers: {
    "Accept": "text/plain",
    "Content-Type": "application/json",
  },
  body: JSON.stringify(requestBody, null, 1)
}
const resp = await fetch(issueUrl, credParams)
const credentialOffer = await resp.text()
console.log(resp.status, credentialOffer)

... I get the following response:

node:internal/deps/undici/undici:11442
            fetchParams.controller.controller.error(new TypeError("terminated", {
                                                    ^

TypeError: terminated
    at Fetch.onAborted (node:internal/deps/undici/undici:11442:53)
    at Fetch.emit (node:events:514:28)
    at Fetch.terminate (node:internal/deps/undici/undici:10695:14)
    at fetchParams.controller.resume (node:internal/deps/undici/undici:11421:36)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
  [cause]: Error: incorrect header check
      at Zlib.zlibOnError [as onerror] (node:zlib:189:17) {
    errno: -3,
    code: 'Z_DATA_ERROR'
  }
}

Node.js v20.5.0

If I add the following header to the fetch() request, I get a successful response:

    "Accept-Encoding": "gzip, br, identity",

Having deflate as an acceptable encoding results to Z_DATA_ERROR with fetch

    "Accept-Encoding": "gzip, br, identity, deflate",

It seems that the deflate encoding used by waltid-identity is not compatible with fetch's implementation.

The API also works if the requestBody is smaller - yielding a smaller response.

Since deflate seems to have issues in general, it would probably be best to avoid deflate altogether.

Looking at

waltid-identity/waltid-issuer-api/src/main/kotlin/id/walt/issuer/base/web/plugins/HTTP.kt

Line 14 in 50a0e76

deflate {
it seems that gzip is preferred only when content-length is below 1024 bytes. Is there a real reason for preferring deflate on bigger payloads?

source code - location

Please can you support here walt-id/waltid-web-wallet#71

Despite the announcement https://walt.id/blog/p/community-stack still not able to find the source code and your currently deployed version on the cloud is broken. SignUP does not work at all

Error {"exception":"true","status":"Internal Server Error","code":"500","message":"org.sqlite.SQLiteException: [SQLITE_ERROR] SQL error or missing database (no such table: events)"}

W3C VC JWT Encoding

The current JWT encoding seems to have inconsistency with the referenced W3C V1.1. and W3C V2.0 specs.

W3C V1.1 specifies the following:

nbf MUST represent issuanceDate, encoded as a UNIX timestamp (NumericDate).

So, issuanceDate (V1.1, date-time) = iat (V1.1, unix) = nbf (V1.1, unix) in W3C V1.1 and was changed to validFrom (V2.0, date-time) in W3C V2.0.

The current code calculates iat - 90 seconds and also in some tests, there is a iat - 1 minute.

waltid-identity/waltid-verifiable-credentials/src/commonMain/kotlin/id/walt/credentials/issuance/Issuer.kt

Lines 149 to 152 in bc17fb6

completeJwtAttributes("nbf") {
vc["issuanceDate"]?.let { Instant.parse(it.jsonPrimitive.content) - 90.seconds }
?.epochSeconds?.let { JsonPrimitive(it) }
}

For W3C V2.0 there is no explicit mentioning of nbf anymore.

Is there someone who can counter check this finding?

Kotlin internal error exposed by the API

When a login request is issued to the Wallet API without correctly filling in the required parameters, the API returns an internal Kotlin error.

image

For the sake of API semantics, wouldn't it be better if we encapsulated this internal language error in an error more related to the authentication process?

[]s

Nullpointer Exception when accepting SD-JWT credential

Issuing a SD-JWT Credential leads to a NullPointer exception within the wallet backend.

docker-compose-wallet-backend-1   | java.lang.NullPointerException
docker-compose-wallet-backend-1   |     at id.walt.webwallet.service.SSIKit2WalletService.useOfferRequest(SSIKit2WalletService.kt:442)

The problem is probably because the vc+sd-jwt doesn't have a "vc" element within the payload.
Existing:

waltid-identity/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/SSIKit2WalletService.kt

Line 442 in 8128e63

), createCredentialEventData(credentialJwt.payload["vc"]!!.jsonObject, typ)

Suggestion:

 ), createCredentialEventData(credentialJwt.payload, typ)

Error `Element class kotlinx.serialization.json.JsonObject is not a JsonPrimitive`

Im trying to use the web-wallet to receive a credential im issuing in another server using waltid ssi-kit. Im getting this error:

happening on line SSIKit2WalletService.kt:447

credentialResponse: CredentialResponse(format=ldp_vc, credential={"credentialSubject":{"size":"Large","id":"did:key:z6MkmVY1aRT29HH7khh3YXoqQhfeyrtFefi8n1WCSbxbFfCz"},"credentialBranding":{"watermarkImageUrl":"https://example.edu/img/watermark.png","backgroundColor":"#7661e0"},"description":"bevis for spist kake","validFrom":"2024-01-17T16:41:52Z","type":["VerifiableCredential","KakeCredential"],"title":"Kakebevis","@context":["https://www.w3.org/2018/credentials/v1","https://mattr.global/contexts/vc-extensions/v2","https://schema.org"],"issuer":{"name":"Team Kanakas","id":"did:key:z6MkjnAh1nWKSo7nxAtUuzYZwtLaWY5oqn1iS7XGx7266HWk","logoUrl":""},"credentialStatus":{"statusPurpose":"revocation","statusListIndex":"37","id":"http://localhost/status/revocation#37","statusListCredential":"http://localhost/status/revocation","type":"StatusList2021Entry"},"issuanceDate":"2024-01-17T16:41:52Z","name":"Kakebevis","id":"urn:uuid:bf90acc3-65f0-4eb5-a71f-02ee6d92f6c5","proof":{"created":"2024-01-17T16:41:52Z","jws":"eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..ZGjtgaxHAmodfuT0wJtua_NMYyVOB0nXA5oOPB4c1NoHgsXPxJjGSkHxL6lTDIMZkyo-phf6ZBzv2G4YVhQjCw","proofPurpose":"assertionMethod","type":"Ed25519Signature2018","verificationMethod":"did:key:z6MkjnAh1nWKSo7nxAtUuzYZwtLaWY5oqn1iS7XGx7266HWk#z6MkjnAh1nWKSo7nxAtUuzYZwtLaWY5oqn1iS7XGx7266HWk"},"issued":"2024-01-17T16:41:52Z","expirationDate":"2024-02-16T16:41:51Z"}, acceptanceToken=null, cNonce=null, cNonceExpiresIn=null, error=null, errorDescription=null, errorUri=null, customParameters={c_nounce_expires_in=86400, c_nounce="fGFF7UkhLa"})

wallet-backend-1     | // parse and verify credential(s)
wallet-backend-1     | java.lang.IllegalArgumentException: Element class kotlinx.serialization.json.JsonObject is not a JsonPrimitive
wallet-backend-1     |  at kotlinx.serialization.json.JsonElementKt.error(JsonElement.kt:326)
wallet-backend-1     |  at kotlinx.serialization.json.JsonElementKt.getJsonPrimitive(JsonElement.kt:229)
wallet-backend-1     |  at id.walt.webwallet.service.SSIKit2WalletService.useOfferRequest(SSIKit2WalletService.kt:447)

docker-compose waltid-wallet-api not working

Discussed in https://github.com/orgs/walt-id/discussions/78

Originally posted by ChangoBuitrago March 25, 2024
The waltid-wallet-api from https://github.com/walt-id/waltid-identity/tree/main/docker-compose is not working. It appears that a setup is missing, and the documentation is outdated. I suspect there might be some missing housekeeping procedures originating from the ssi-kit?

=> Missing from config

I have attached the error log.

Thank you.

# error.log

docker-compose-wallet-api-1         | 2771 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "db"...
docker-compose-wallet-api-1         | 3327 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "tenant"...
docker-compose-wallet-api-1         | 3420 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "web"...
docker-compose-wallet-api-1         | 3474 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "push"...
docker-compose-wallet-api-1         | 3520 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "push": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.PushConfig' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'pushPublicKey': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'pushPrivateKey': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'pushSubject': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3520 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "wallet"...
docker-compose-wallet-api-1         | 3555 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "marketplace"...
docker-compose-verifier-api-1       | [DefaultDispatcher-worker-3] INFO ktor.application - Application started in 0.849 seconds.
docker-compose-verifier-api-1       | [DefaultDispatcher-worker-3] INFO ktor.application - Application started: io.ktor.server.application.Application@8e7d73e
docker-compose-wallet-api-1         | 3665 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "chainexplorer"...
docker-compose-wallet-api-1         | 3741 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "runtime"...
docker-compose-wallet-api-1         | 3766 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "oidc"...
docker-compose-wallet-api-1         | 3838 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "oidc": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.OidcConfiguration' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'keycloakUserApi': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3838 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "logins"...
docker-compose-wallet-api-1         | 3861 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "logins": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.LoginMethodsConfig' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'enabledLoginMethods': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3861 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "trust"...
docker-compose-wallet-api-1         | 3880 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "trust": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.TrustConfig' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'issuersRecord': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'verifiersRecord': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3880 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "rejectionreason"...
docker-compose-wallet-api-1         | 3904 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "rejectionreason": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.RejectionReasonConfig' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'reasons': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3905 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "oci"...
docker-compose-wallet-api-1         | 3954 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "oci": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.OciKeyConfig' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'tenancyOcid': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'userOcid': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'fingerprint': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'managementEndpoint': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'cryptoEndpoint': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3955 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "auth"...
docker-compose-wallet-api-1         | 3975 [main] ERROR id.walt.webwallet.config.ConfigManager - Could not load configuration for "auth": com.sksamuel.hoplite.ConfigException: Error loading config because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |     - Could not instantiate 'id.walt.webwallet.config.AuthConfig' because:
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'encryptionKey': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'signKey': Missing from config
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         |         - 'tokenKey': Missing from config
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:247)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader$returnOrThrow$1.invoke(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.fp.ValidatedKt.getOrElse(Validated.kt:115)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.returnOrThrow(ConfigLoader.kt:244)
docker-compose-wallet-api-1         |   at com.sksamuel.hoplite.ConfigLoader.loadConfigOrThrow(ConfigLoader.kt:118)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfig(ConfigManager.kt:45)
docker-compose-wallet-api-1         |   at id.walt.webwallet.config.ConfigManager.loadConfigs(ConfigManager.kt:110)
docker-compose-wallet-api-1         |   at id.walt.webwallet.MainKt.main(Main.kt:31)
docker-compose-wallet-api-1         | 
docker-compose-wallet-api-1         | 3975 [main] DEBUG id.walt.webwallet.config.ConfigManager - Loading configuration: "db.sqlite"...
docker-compose-wallet-api-1         | 4083 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
```</div>

Create CHEQD DID (did:cheqd) feature not working

When you try to create a Cheqd DID from the Wallet (e.g. the hosted wallet https://wallet.walt.id/) you get the following error:

{exception: "true", status: "Bad Request", code: "400",…}
code
: 
"400"
exception
: 
"true"
message
: 
"Failed to finalize the did onboarding process.\nCheqd registrar returning \"The operation failed due to an internal error. Please try again: Error: Invalid base64 string format\""
status
: 
"Bad Request"

=> Invalid base64 string format

Thank you.

Issuer & Verifier Setup

We need a simple way to onboard Issuer & Verifiers to all supported ecosystems. The onboarding API should create keys based on different algorithms (local, and other KMS keys based on one interface) and create & register a corresponding DID.

`errorRedirectUri` not working in Verifier API

When you try setting the errorRedirectUri for a verification request, it always end up using the sucessRedirectUri instead.

You can try your own documentation example to reproduce the error:
https://docs.oss.walt.id/verifier/api/vc-oid4vc

curl -X 'POST' \
  'https://verifier.portal.walt.id/openid4vc/verify' \
  -H 'accept: */*' \
  -H 'authorizeBaseUrl: openid4vp://authorize' \
  -H 'responseMode: direct_post' \
  -H 'successRedirectUri: https://example.com/success?id=$id' \
  -H 'errorRedirectUri: https://example.com/error?id=$id' \
  -H 'Content-Type: application/json' \
  -d '{
  "request_credentials": [
    "VerifiableDiploma"
  ]
}'

I assume the issue is in the following function verify in the file https://github.com/walt-id/waltid-identity/blob/main/waltid-verifier-api/src/main/kotlin/id/walt/verifier/oidc/VerificationUseCase.kt

Thank for your help!

Port range definition

We will claim the port ranges:

  • 7000 - 7010(+) for backends
  • 7100 - 7110(+) for frontends
    to avoid having ports like 4545, 5000, 5001 etc.

Check if ports available on:

  • Linux
  • MacOS X
  • Windows

`kotlinx.serialization` error message exposed in `/wallet-api/auth/login`

Version tested: v1.0.2401181053-SNAPSHOT

If the type field is omitted or misspelled, the returning error message is an internal kotlinx.serialization exception.

Wouldn't it be better to encapsulate it in a more readable, domain-specific message, as is the case with the handling of the email and password fields?

Error handling of type field with a difficult-to-debug message

Request

curl -X 'POST' \
  'http://localhost:4545/wallet-api/auth/login' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "email": "[email protected]",
  "password": "password",
  "type": "email_"
}

Response

{"exception":"true","status":"Bad Request","code":"400","message":"Polymorphic serializer was not found for class discriminator 'email_'\nJSON input: {\"email\":\"[email protected]\",\"password\":\"password\",\"type\":\"email_\"}"}

Error handling of the email field, although imperfect, is more readable than the previous case

Request

curl -X 'POST' \
  'http://localhost:4545/wallet-api/auth/login' \
  -H 'accept: */*' \
  -H 'Content-Type: application/json' \
  -d '{
  "_email": "[email protected]",
  "password": "password",
  "type": "email"
}'

Response

{"exception":"true","status":"Bad Request","code":"400","message":"Field 'email' is required for type with serial name 'email', but it was missing at path: $"}

The endpoint `https://wallet.walt.id/exchange/issuance` could not be found in the current API.

Based on the documentation:

"authorizeBaseUrl - is used to modify the start of the UR OID4VC request URL. If you are using the cross-device flow, where you will display the URL as a QR code, you can leave the value as openid4vp://authorize or if you don't know the wallet the user will be using to claim the credential. If you are using the same device flow, where you already know the user's wallet and want the user to be able to go directly to it, you can use the wallet URL path that is able to receive an OIDC request as a query parameter. Our wallet for example can receive OID4VC requests here https://wallet.walt.id/exchange/issuance."

Is the documentation outdated, or is the endpoint no longer supported? I appreciate this feature because it allows me to enhance interoperability with other wallets, which is a strong requirement for me.

Thank you for your help.

DID Service Setup With Custom Universal Resolver & Registrar

When setting up the DidService, I want to be able to set a custom URL for the Universal Resolver & Registrar.

Today

import id.walt.did.dids.DidService

suspend fun main() {
    DidService.init()
}

Future

import id.walt.did.dids.DidService

suspend fun main() {
    DidService.init(UniRegistrarUrl="http://myvalue", UniResolverUrl="http://myvalue")
}

`waltid/waltid-web-wallet:latest` Docker image not working

I pulled the latest image today: waltid/waltid-web-wallet:latest, and since the recent update, it throws the following error: waltid-web-wallet-1 exited with code 139. Previous snapshot worked fine.

To avoid these daily issues, It would be beneficial to have a set of images tagged as stable and update GitHub Actions/docker-compose.yaml file to pull these images instead of the latest tag.

Thank you for your assistance.

Wrong log message at startup

  1. git clone [email protected]:walt-id/waltid-identity.git
  2. cd waltid-identity/docker-compose
  3. docker compose up
  4. These are the last messages on startup:
    image
  5. However, the Issuer and Verifier API ports printed are wrong.
    image

Version tested: v1.0.2401181053-SNAPSHOT

Accounts table fails to be created in PostgreSQL due to nullable composite primary key

DB Schema fails to be created in PostgreSQL when starting the walltid-wallet-api by executing the Application.kt.

Connecting to database at "jdbc:postgresql"
Preparing create tables statements took 62ms
PSQLException: ERROR: column "tenant" is in a primary key
SQL: [ALTER TABLE accounts ALTER COLUMN tenant TYPE VARCHAR(128), ALTER COLUMN tenant DROP NOT NULL]

PostgreSQL enforces not null columns, in all columns participating in the primary key.
As a result, process finishes with exit code 1.

Looking at Accounts, the tenant although nullable, is a part of a composed primary key.

Accounts.kt

val tenant = varchar("tenant", 128).nullable()
override val primaryKey = PrimaryKey(tenant, id)

The same is also defined in AccountWalletMappings

AccountWalletMappings.kt
val tenant = varchar("tenant", 128).nullable()
override val primaryKey = PrimaryKey(tenant, accountId, wallet)

and in Web3Wallets

Web3Wallets.kt
val tenant = varchar("tenant", 128).nullable() // null = global
override val primaryKey = PrimaryKey(tenant, accountId, id)

suggestion:
One suggestion is to remove the tenant from the PrimaryKey.
This will affect all the foreignKeys pointing to tenant: WalletOperationHistories, AccountWalletPermissions, Web3Wallets, AccountIssuers and Events where the tenant reference must be removed.
An extra Unique Constraint can cover duplicate tenants

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.