fix: dislosed fields (#102)

Signed-off-by: Timo Glastra <[email protected]>

apps/expo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "expo-app",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "main": "expo-router/entry",
   "private": true,
   "scripts": {

packages/agent/package.json

@@ -4,15 +4,15 @@
   "private": true,
   "main": "src/index.ts",
   "dependencies": {
-    "@credo-ts/anoncreds": "^0.5.1",
-    "@credo-ts/askar": "^0.5.1",
-    "@credo-ts/cheqd": "^0.5.1",
-    "@credo-ts/core": "^0.5.1",
-    "@credo-ts/indy-vdr": "^0.5.1",
-    "@credo-ts/openid4vc": "^0.5.1",
-    "@credo-ts/question-answer": "^0.5.1",
-    "@credo-ts/react-hooks": "^0.6.1",
-    "@credo-ts/react-native": "^0.5.1",
+    "@credo-ts/anoncreds": "0.5.1-alpha.17",
+    "@credo-ts/askar": "0.5.1-alpha.17",
+    "@credo-ts/cheqd": "0.5.1-alpha.17",
+    "@credo-ts/core": "0.5.1-alpha.17",
+    "@credo-ts/indy-vdr": "0.5.1-alpha.17",
+    "@credo-ts/openid4vc": "0.5.1-alpha.17",
+    "@credo-ts/question-answer": "0.5.1-alpha.17",
+    "@credo-ts/react-hooks": "0.6.1",
+    "@credo-ts/react-native": "0.5.1-alpha.17",
     "@internal/utils": "*",
     "@tanstack/react-query": "^4.33.0",
     "query-string": "^8.1.0",

packages/agent/src/display.ts

@@ -276,6 +276,52 @@ export function getCredentialExchangeForDisplay(
   }
 }
 
+interface CredentialMetadata {
+  type: string
+  issuer: string
+  holder: string | Record<string, unknown>
+  validUntil?: Date
+  validFrom?: Date
+  issuedAt?: Date
+}
+
+export function filterAndMapSdJwtKeys(sdJwtVcPayload: Record<string, unknown>) {
+  type SdJwtVcPayload = {
+    iss: string
+    cnf: Record<string, unknown>
+    vct: string
+    iat?: number
+    nbf?: number
+    exp?: number
+    [key: string]: unknown
+  }
+  // TODO: We should map these claims to nice format and names
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  const { _sd_alg, _sd_hash, iss, vct, cnf, iat, exp, nbf, ...visibleProperties } =
+    sdJwtVcPayload as SdJwtVcPayload
+
+  const credentialMetadata: CredentialMetadata = {
+    type: vct,
+    issuer: iss,
+    holder: cnf,
+  }
+
+  if (iat) {
+    credentialMetadata.issuedAt = new Date(iat * 1000)
+  }
+  if (exp) {
+    credentialMetadata.validUntil = new Date(exp * 1000)
+  }
+  if (nbf) {
+    credentialMetadata.validFrom = new Date(nbf * 1000)
+  }
+
+  return {
+    visibleProperties,
+    metadata: credentialMetadata,
+  }
+}
+
 export function getCredentialForDisplay(credentialRecord: W3cCredentialRecord | SdJwtVcRecord) {
   if (credentialRecord instanceof SdJwtVcRecord) {
     // FIXME: we should probably add a decode method on the SdJwtVcRecord
@@ -289,19 +335,15 @@ export function getCredentialForDisplay(credentialRecord: W3cCredentialRecord |
     const issuerDisplay = getSdJwtIssuerDisplay(openId4VcMetadata)
     const credentialDisplay = getSdJwtCredentialDisplay(decodedPayload, openId4VcMetadata)
 
-    // TODO: We should map these claims to nice format and names
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const { _sd_alg, _sd_hash, iss, vct, cnf, iat, exp, ...visibleProperties } = decodedPayload
-
-    // TODO: display somehow which fields can be selective disclosed
+    // TODO: add metadata attributes
     return {
       id: `sd-jwt-vc-${credentialRecord.id}` satisfies CredentialForDisplayId,
       createdAt: credentialRecord.createdAt,
       display: {
         ...credentialDisplay,
         issuer: issuerDisplay,
       },
-      attributes: visibleProperties,
+      attributes: filterAndMapSdJwtKeys(decodedPayload).visibleProperties,
     }
   } else {
     const credential = JsonTransformer.toJSON(

packages/agent/src/format/formatPresentation.ts

@@ -1,6 +1,8 @@
 import type { DifPexCredentialsForRequest } from '@credo-ts/core'
 
-import { getCredentialForDisplay } from '../display'
+import { ClaimFormat } from '@credo-ts/core'
+
+import { filterAndMapSdJwtKeys, getCredentialForDisplay } from '../display'
 
 export interface FormattedSubmission {
   name: string
@@ -28,20 +30,28 @@ export function formatDifPexCredentialsForRequest(
       const [firstVerifiableCredential] = submission.verifiableCredentials
       if (firstVerifiableCredential) {
         // Credential can be satisfied
-        const { display, credential, attributes } =
-          getCredentialForDisplay(firstVerifiableCredential)
+        const { display, credential } = getCredentialForDisplay(
+          firstVerifiableCredential.credentialRecord
+        )
+
+        // TODO: support nesting
+        let requestedAttributes: string[]
+        if (firstVerifiableCredential.type === ClaimFormat.SdJwtVc) {
+          const { metadata, visibleProperties } = filterAndMapSdJwtKeys(
+            firstVerifiableCredential.disclosedPayload
+          )
+          requestedAttributes = [...Object.keys(visibleProperties), ...Object.keys(metadata)]
+        } else {
+          requestedAttributes = Object.keys(credential?.credentialSubject ?? {})
+        }
+
         return {
           name: submission.name ?? 'Unknown',
           description: submission.purpose,
           isSatisfied: true,
           credentialName: display.name,
           issuerName: display.issuer.name,
-          // FIXME: will PEX already apply SD, and thus overwrite the original? That would be really problematic
-          // FIXME: how do we get the requested attributes here in case of SD?
-          // We need to get all attributes that will be disclosed, but we don't know that here
-          requestedAttributes: credential?.credentialSubject
-            ? Object.keys(credential.credentialSubject)
-            : Object.keys(attributes),
+          requestedAttributes,
           backgroundColor: display.backgroundColor,
         }
       }