fixmes are fixed

Signed-off-by: Timo Glastra <timo@animo.id>

packages/core/src/modules/dif-presentation-exchange/DifPresentationExchangeService.ts

@@ -145,7 +145,9 @@ export class DifPresentationExchangeService {
       domain?: string
     }
   ) {
-    const { presentationDefinition, domain, challenge, presentationSubmissionLocation } = options
+    const { presentationDefinition, domain, challenge } = options
+    const presentationSubmissionLocation =
+      options.presentationSubmissionLocation ?? DifPresentationExchangeSubmissionLocation.PRESENTATION
 
     const verifiablePresentationResultsWithFormat: Array<{
       verifiablePresentationResult: VerifiablePresentationResult
@@ -208,10 +210,31 @@ export class DifPresentationExchangeService {
       descriptor_map: [],
     }
 
-    for (const vpf of verifiablePresentationResultsWithFormat) {
-      const { verifiablePresentationResult } = vpf
-      presentationSubmission.descriptor_map.push(...verifiablePresentationResult.presentationSubmission.descriptor_map)
-    }
+    verifiablePresentationResultsWithFormat.forEach(({ verifiablePresentationResult }, index) => {
+      // FIXME: path_nested should not be used for sd-jwt.
+      // Can be removed once https://github.com/Sphereon-Opensource/PEX/pull/140 is released
+      const descriptorMap = verifiablePresentationResult.presentationSubmission.descriptor_map.map((d) => {
+        const descriptor = { ...d }
+
+        // when multiple presentations are submitted, path should be $[0], $[1]
+        // FIXME: this should be addressed in the PEX/OID4VP lib.
+        // See https://github.com/Sphereon-Opensource/SIOP-OID4VP/issues/62
+        if (
+          presentationSubmissionLocation === DifPresentationExchangeSubmissionLocation.EXTERNAL &&
+          verifiablePresentationResultsWithFormat.length > 1
+        ) {
+          descriptor.path = `$[${index}]`
+        }
+
+        if (descriptor.format === 'vc+sd-jwt' && descriptor.path_nested) {
+          delete descriptor.path_nested
+        }
+
+        return descriptor
+      })
+
+      presentationSubmission.descriptor_map.push(...descriptorMap)
+    })
 
     return {
       verifiablePresentations: verifiablePresentationResultsWithFormat.map((resultWithFormat) =>

packages/openid4vc/src/openid4vc-holder/OpenId4vcSiopHolderService.ts

@@ -97,7 +97,6 @@ export class OpenId4VcSiopHolderService {
         )
       }
 
-      // FIXME: make sure nonce and clientId are also verified in the verify proof method
       const nonce = await authorizationRequest.authorizationRequest.getMergedProperty<string>('nonce')
       if (!nonce) {
         throw new AriesFrameworkError("Unable to extract 'nonce' from authorization request")

packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierService.ts

@@ -70,7 +70,7 @@ export class OpenId4VcSiopVerifierService {
     const correlationId = utils.uuid()
 
     const relyingParty = await this.getRelyingParty(agentContext, options.verifier, {
-      presentationDefinition: options.presentationDefinition,
+      presentationDefinition: options.presentationExchange?.definition,
       requestSigner: options.requestSigner,
     })
 

packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.ts

@@ -22,7 +22,9 @@ export interface OpenId4VcSiopCreateAuthorizationRequestOptions {
   /**
    * A DIF Presentation Definition (v2) can be provided to request a Verifiable Presentation using OpenID4VP.
    */
-  presentationDefinition?: DifPresentationExchangeDefinitionV2
+  presentationExchange?: {
+    definition: DifPresentationExchangeDefinitionV2
+  }
 }
 
 export interface OpenId4VcSiopVerifyAuthorizationResponseOptions {

packages/openid4vc/tests/openid4vc.e2e.test.ts

@@ -295,7 +295,9 @@ describe('OpenId4Vc', () => {
         method: 'did',
         didUrl: verifier1.verificationMethod.id,
       },
-      presentationDefinition: openBadgePresentationDefinition,
+      presentationExchange: {
+        definition: openBadgePresentationDefinition,
+      },
     })
 
     expect(
@@ -312,7 +314,9 @@ describe('OpenId4Vc', () => {
         method: 'did',
         didUrl: verifier2.verificationMethod.id,
       },
-      presentationDefinition: universityDegreePresentationDefinition,
+      presentationExchange: {
+        definition: universityDegreePresentationDefinition,
+      },
       verifierId: openIdVerifierTenant2.verifierId,
     })
 
@@ -395,9 +399,14 @@ describe('OpenId4Vc', () => {
         definition_id: 'OpenBadgeCredential',
         descriptor_map: [
           {
-            format: 'jwt_vc',
-            id: 'OpenBadgeCredential',
-            path: '$.verifiableCredential[0]',
+            format: 'jwt_vp',
+            id: 'OpenBadgeCredentialDescriptor',
+            path: '$',
+            path_nested: {
+              format: 'jwt_vc',
+              id: 'OpenBadgeCredentialDescriptor',
+              path: '$.vp.verifiableCredential[0]',
+            },
           },
         ],
         id: expect.any(String),
@@ -485,9 +494,6 @@ describe('OpenId4Vc', () => {
     })
   })
 
-  // FIXME: test whether did-based binding for holder works with sd-jwt-vc library in verification
-  // issuance is fine, but in verification of KB the jwk will be extracted
-  // from the cnf claim which will be undefined.
   it('e2e flow with verifier endpoints verifying a sd-jwt-vc with selective disclosure', async () => {
     const openIdVerifier = await verifier.agent.modules.openId4VcVerifier.createVerifier()
 
@@ -518,7 +524,7 @@ describe('OpenId4Vc', () => {
       id: 'OpenBadgeCredential',
       input_descriptors: [
         {
-          id: 'OpenBadgeCredential',
+          id: 'OpenBadgeCredentialDescriptor',
           // FIXME: https://github.com/Sphereon-Opensource/pex-openapi/issues/32
           // format: {
           //   'vc+sd-jwt': {
@@ -551,7 +557,9 @@ describe('OpenId4Vc', () => {
           method: 'did',
           didUrl: verifier.kid,
         },
-        presentationDefinition,
+        presentationExchange: {
+          definition: presentationDefinition,
+        },
       })
 
     expect(
@@ -600,6 +608,8 @@ describe('OpenId4Vc', () => {
       },
     })
 
+    // path_nested should not be used for sd-jwt
+    expect(submittedResponse.presentation_submission?.descriptor_map[0].path_nested).toBeUndefined()
     expect(submittedResponse).toEqual({
       expires_in: 6000,
       id_token: expect.any(String),
@@ -608,14 +618,8 @@ describe('OpenId4Vc', () => {
         descriptor_map: [
           {
             format: 'vc+sd-jwt',
-            id: 'OpenBadgeCredential',
+            id: 'OpenBadgeCredentialDescriptor',
             path: '$',
-            // FIXME: sd-jwt should not use path_nested
-            path_nested: {
-              format: 'vc+sd-jwt',
-              id: 'OpenBadgeCredential',
-              path: '$',
-            },
           },
         ],
         id: expect.any(String),
@@ -625,9 +629,6 @@ describe('OpenId4Vc', () => {
     })
     expect(status).toBe(200)
 
-    // FIXME: we need https://github.com/Sphereon-Opensource/SIOP-OID4VP/pull/70
-    // to be released as verification currently doesn't work
-
     // The RP MUST validate that the aud (audience) Claim contains the value of the client_id
     // that the RP sent in the Authorization Request as an audience.
     // When the request has been signed, the value might be an HTTPS URL, or a Decentralized Identifier.
@@ -652,7 +653,6 @@ describe('OpenId4Vc', () => {
     expect(presentation.payload).not.toHaveProperty('university')
     expect(presentation.payload).not.toHaveProperty('name')
 
-    // FIXME: we use definition here, but presentationDefinition elsewhere
     expect(presentationExchange).toMatchObject({
       definition: presentationDefinition,
       submission: {

packages/openid4vc/tests/utilsVp.ts

@@ -83,7 +83,7 @@ export const openBadgePresentationDefinition: DifPresentationExchangeDefinitionV
   id: 'OpenBadgeCredential',
   input_descriptors: [
     {
-      id: 'OpenBadgeCredential',
+      id: 'OpenBadgeCredentialDescriptor',
       // changed jwt_vc_json to jwt_vc
       format: { jwt_vc: { alg: ['EdDSA'] } },
       // changed $.type to $.vc.type