diff --git a/src/authorization-response/PresentationExchange.ts b/src/authorization-response/PresentationExchange.ts index 9636dae..671b82b 100644 --- a/src/authorization-response/PresentationExchange.ts +++ b/src/authorization-response/PresentationExchange.ts @@ -344,7 +344,12 @@ export class PresentationExchange { // So the behavior here is to bypass it if not present if (verifyPresentationCallback) { try { - await verifyPresentationCallback(vpw.original as W3CVerifiablePresentation, presentationSubmission); + const verificationResult = await verifyPresentationCallback(vpw.original as W3CVerifiablePresentation, presentationSubmission); + if (!verificationResult.verified) { + throw new Error( + SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID + verificationResult.reason ? `. ${verificationResult.reason}` : '' + ); + } } catch (error: unknown) { throw new Error(SIOPErrors.VERIFIABLE_PRESENTATION_SIGNATURE_NOT_VALID); } diff --git a/src/authorization-response/types.ts b/src/authorization-response/types.ts index 750edf5..3589558 100644 --- a/src/authorization-response/types.ts +++ b/src/authorization-response/types.ts @@ -87,11 +87,14 @@ export enum VPTokenLocation { TOKEN_RESPONSE = 'token_response', } -export type PresentationVerificationResult = { verified: boolean }; +export type PresentationVerificationResult = { verified: boolean; reason?: string }; -export type PresentationVerificationCallback = (args: W3CVerifiablePresentation, presentationSubmissionn) => Promise; +export type PresentationVerificationCallback = ( + args: W3CVerifiablePresentation | CompactSdJwtVc, + presentationSubmission: PresentationSubmission +) => Promise; -export type PresentationSignCallback = (args: PresentationSignCallBackParams) => Promise; +export type PresentationSignCallback = (args: PresentationSignCallBackParams) => Promise; export interface VerifyAuthorizationResponseOpts { correlationId: string;