From 5c01a00679d85b039a7dda37a0eb67db60f482a6 Mon Sep 17 00:00:00 2001 From: KiruthikaJeyashankar Date: Thu, 27 Feb 2025 18:10:28 +0530 Subject: [PATCH] [INJIMOB-2258] sync changes from release-0.15.0 & release-0.16.0 (#1826) * [INJIMOB-2258] sync docs from release-0.15.0 Signed-off-by: KiruthikaJeyashankar * [INJIMOB-2091] update OpenID4VP swift library version (#1815) * [INJIMOB-2091] update OpenID4VP swift library version Other changes: - Modify authenticateVerifier method call's labels as per library Signed-off-by: KiruthikaJeyashankar * [INJIMOB-2901] rename encodedAuthorizationRequest to urlEncodedAuthorizationRequest Signed-off-by: KiruthikaJeyashankar --------- Signed-off-by: KiruthikaJeyashankar * [INJIMOB-2978] update module dependencies (#1821) * [INJIMOB-2258]: bump up vc-verifier verion and update ovp library Signed-off-by: Alka Prasad * [INJIMOB-2978] update module dependencies Other changes - update openid4vp swift library version Co-Authored by: Abhishek Paul Signed-off-by: KiruthikaJeyashankar * [INJIMOB-2258] update swift openid4vp package Signed-off-by: KiruthikaJeyashankar --------- Signed-off-by: Alka Prasad Signed-off-by: KiruthikaJeyashankar Co-authored-by: Alka Prasad * [INJIMOB-2091] update OpenID4VP swift library version to develop Signed-off-by: KiruthikaJeyashankar --------- Signed-off-by: KiruthikaJeyashankar Signed-off-by: Alka Prasad Co-authored-by: Alka Prasad --- android/app/build.gradle | 6 +- .../residentapp/InjiOpenID4VPModule.java | 4 +- ...uthorization-server-wellknown-discovery.md | 112 ++++++++++++++++++ docs/mdoc-support.md | 91 ++++++++++++++ docs/wla-auth.md | 41 +++++++ ios/Inji.xcodeproj/project.pbxproj | 103 ++++++++-------- .../xcshareddata/swiftpm/Package.resolved | 26 ++-- ios/RNOpenID4VPModule.m | 2 +- ios/RNOpenID4VPModule.swift | 4 +- machines/openID4VP/openID4VPActions.ts | 4 +- machines/openID4VP/openID4VPMachine.ts | 2 +- machines/openID4VP/openID4VPModel.ts | 2 +- machines/openID4VP/openID4VPServices.ts | 10 +- shared/openID4VP/OpenID4VP.ts | 5 +- 14 files changed, 329 insertions(+), 83 deletions(-) create mode 100644 docs/authorization-server-wellknown-discovery.md create mode 100644 docs/mdoc-support.md create mode 100644 docs/wla-auth.md diff --git a/android/app/build.gradle b/android/app/build.gradle index 62fb2ccf70..536cca21ec 100644 --- a/android/app/build.gradle +++ b/android/app/build.gradle @@ -269,11 +269,11 @@ dependencies { implementation("com.facebook.react:react-android") implementation 'com.facebook.soloader:soloader:0.10.1+' implementation("io.mosip:pixelpass-aar:0.7.0-SNAPSHOT") - implementation("io.mosip:secure-keystore:0.3.0-SNAPSHOT") + implementation("io.mosip:secure-keystore:0.3.0") implementation("io.mosip:tuvali:0.5.2-SNAPSHOT") - implementation("io.mosip:inji-vci-client:0.2.0-SNAPSHOT") + implementation("io.mosip:inji-vci-client:0.2.0") implementation("com.google.code.gson:gson:2.10.1") - implementation("io.mosip:vcverifier-aar:1.1.0-SNAPSHOT"){ + implementation("io.mosip:vcverifier-aar:1.2.0-SNAPSHOT"){ exclude group: 'org.bouncycastle', module: 'bcpkix-jdk15on' } diff --git a/android/app/src/main/java/io/mosip/residentapp/InjiOpenID4VPModule.java b/android/app/src/main/java/io/mosip/residentapp/InjiOpenID4VPModule.java index 22817704ae..90363c1418 100644 --- a/android/app/src/main/java/io/mosip/residentapp/InjiOpenID4VPModule.java +++ b/android/app/src/main/java/io/mosip/residentapp/InjiOpenID4VPModule.java @@ -50,11 +50,11 @@ public void init(String appId) { } @ReactMethod - public void authenticateVerifier(String encodedAuthorizationRequest, ReadableArray trustedVerifiers, + public void authenticateVerifier(String urlEncodedAuthorizationRequest, ReadableArray trustedVerifiers, Boolean shouldValidateClient, Promise promise) { try { - AuthorizationRequest authenticationResponse = openID4VP.authenticateVerifier(encodedAuthorizationRequest, + AuthorizationRequest authenticationResponse = openID4VP.authenticateVerifier(urlEncodedAuthorizationRequest, convertReadableArrayToVerifierArray(trustedVerifiers), shouldValidateClient); String authenticationResponseAsJson = gson.toJson(authenticationResponse, AuthorizationRequest.class); promise.resolve(authenticationResponseAsJson); diff --git a/docs/authorization-server-wellknown-discovery.md b/docs/authorization-server-wellknown-discovery.md new file mode 100644 index 0000000000..387f40271f --- /dev/null +++ b/docs/authorization-server-wellknown-discovery.md @@ -0,0 +1,112 @@ +## VC Download Flow with Authorization Server Wellknown Discovery + +This document outlines the process of initiating the authorization flow during the Verifiable Credential (VC) download, utilizing the Authorization Server's well-known metadata. The flow adheres to OpenID4VCI specifications to ensure compliance and interoperability. + +## Introduction to Authorization Server Metadata Discovery + +- Credential Issuer metadata includes an optional `authorization_servers` property, which specifies the authorization servers the issuer relies on for authorization purposes. + +- From a wallet's perspective, the `authorization_servers` property plays a crucial role in identifying the supported authorization servers associated with the Credential Issuer. This enables the wallet to determine the appropriate authorization mechanisms, ensuring seamless and compliant credential issuance as per the OpenID4VCI specification. + + +## VC Download Flow with Authorization Server Metadata Discovery - Sequence Diagram + +**Actors Involved** +1. Inji Wallet (Mobile App) +2. Issuing Authority / Credential Issuer +3. Authorization Server +4. mimoto (Wallet backend) + +```mermaid +sequenceDiagram + participant Inji_Wallet as Inji Wallet (Mobile App) + participant mimoto as mimoto (Wallet backend) + participant Issuing_Authority as Issuing Authority / CredentialIssuer + participant Authorization_Server as Authorization Server + + Inji_Wallet ->> Issuing_Authority: 1. Request Credential issuer metadata via wellknown + Issuing_Authority ->> Inji_Wallet: 2. Return the credential issuer metadata + Note over Inji_Wallet: Authorization Server Metadata Discovery +rect rgba(191, 223, 255, 0.3) + Inji_Wallet ->> Inji_Wallet: 3.1 Analyzes credential issuer metadata
to retrieve authorization server + Inji_Wallet ->> Authorization_Server: 3.2 Get authorization server metadata
GET /.well-known/oauth-authorization-server HTTP/1.1
Host: authorization server host + Authorization_Server ->> Inji_Wallet: 3.3 Return authorization server metadata + Inji_Wallet ->> Inji_Wallet: 3.4 Check if wallet supports to initiate authorization flow &
gather information to initiate authorization request +end + Inji_Wallet ->> Authorization_Server: 4. Initiate authorization flow + Note right of Inji_Wallet: Other flows of authorization flow & VC download proceeds + Authorization_Server ->> Inji_Wallet: 5. On successful authentiction return authorization code (auth_code) + Inji_Wallet ->> mimoto: 6. get accessToken in exchange with authorization code + mimoto ->> Authorization_Server: 7. token exchange
(API call to token_endpoint with authorization_code & other client related details) + Authorization_Server ->> mimoto: 8. On success, return access_token + mimoto ->> Inji_Wallet: 9. return access_token + Inji_Wallet ->> Issuing_Authority: 10. Credential request + Issuing_Authority ->> Inji_Wallet: 11. Credential response +``` + + +## Retrieving Authorization Server Metadata + +Authorization server metadata is derived from the `authorization_servers` property of the credential issuer metadata. This process enables the wallet to identify and interact with the appropriate authorization server for credential issuance, in accordance with the OpenID4VCI specification. + +#### Steps Involved: + +1. **Fetch Credential Issuer Metadata** – Retrieve the metadata associated with the credential issuer. +2. **Extract the `authorization_servers` Property** – Identify the list of authorization servers supported by the issuer. +3. **Select an Authorization Server** – The first entry from the `authorization_servers` array is selected as the default authorization server. (As per OpenID4VCI, when multiple entries exist, each should be iterated and checked for compatibility with the wallet. This step is currently not implemented.) +4. **Discover Authorization Server Metadata** – Perform a well-known discovery request to obtain the metadata of the selected authorization server. + + +#### Authorization Server Metadata Discovery Request + +A well-known endpoint is used to retrieve metadata: + +```http request +GET /.well-known/oauth-authorization-server HTTP/1.1 +Host: authorization-server-host +``` + +Sample Authorization Server Metadata Response + +```http request +HTTP/1.1 200 OK +Content-Type: application/json + +{ + "issuer": "https://server.example.com", + "authorization_endpoint": "https://server.example.com/authorize", + "token_endpoint": "https://server.example.com/token", + "jwks_uri": "https://server.example.com/jwks.json", + "token_endpoint_auth_methods_supported": ["private_key_jwt"], + "token_endpoint_auth_signing_alg_values_supported": ["RS256"], + "scopes_supported":["profile", "email", "phone"], + "response_modes_supported": ["query"], + "grant_types_supported": ["authorization_code"], + "response_types_supported": ["code"] + } +``` + +## Assessing Wallet Compatibility with Authorization Server for Authorization Flow in VC download + +To determine whether the wallet supports the authorization server's requirements and can proceed with the authorization flow, it validates and processes the authorization server metadata in compliance with the OpenID4VCI specification. + +#### Steps Involved: + +1. **Validate Supported Grant Types** – Verify that the `grant_types_supported` field in the authorization server metadata includes a grant type that the wallet supports. (Currently, the wallet supports only the authorization_code grant type.) +2. **Extract the Authorization Endpoint** – Retrieve the `authorization_endpoint` from the authorization server metadata, which will be used to initiate the authorization process. +3. **Initiate the Authorization Flow** – Begin the authentication process with the authorization server using the retrieved endpoint. +4. **Proceed with Credential Retrieval** – Once authorization is successfully completed, the wallet continues with the subsequent steps of the VC download process. + +### Handling errors in wellknown discovery +To ensure a smooth authorization flow, the wallet must handle potential errors that may arise during the well-known discovery process. Below are key error handling scenarios: + +##### 1. Unsupported Grant Type +- If the grant_types_supported field in the authorization server metadata does not include a grant type supported by the wallet (authorization_code), the authorization process is terminated. +- The user is notified with an appropriate error message indicating that the wallet is incompatible with the authorization server. +##### 2. Network and API Errors +- Errors encountered while making requests to the authorization server’s well-known endpoint (e.g., network failures, timeouts, or invalid responses) are handled gracefully. +- Appropriate error handling mechanisms, such as retry logic or error display, are implemented to inform the user. + +## Aligning with OpenID4VCI Specification + +The implementation adheres to OpenID4VCI Draft 13 and RFC 8414 (OAuth 2.0 Authorization Server Metadata) to ensure standardized discovery and interaction with authorization servers. diff --git a/docs/mdoc-support.md b/docs/mdoc-support.md new file mode 100644 index 0000000000..aa76920a73 --- /dev/null +++ b/docs/mdoc-support.md @@ -0,0 +1,91 @@ +## Support of credential format mso_mdoc + +This document provides a comprehensive overview of the process for downloading and rendering an mDoc, adhering to the OpenID4VCI specification. It details the necessary steps to retrieve, validate, and present credentials in the mso_mdoc format. +### Actors involved +1. Inji Wallet +2. Issuing authority +3. _inji-vci-client_ (Library for downloading credential) +4. _vc-verifier_ (library for verification of downloaded VC) +5. _pixelpass_ (In case of mdoc, this library for converting base64 url encoded mdoc credential to JSON for rendering purpose) + +### Sequence diagram - download & view mso_mdoc credential format VC + +```mermaid +sequenceDiagram + participant Inji_Wallet as Inji Wallet (Mobile App) + participant InjiVCIClient as inji-vci-client + participant VCVerifier as vc-verifier + participant Pixelpass as Pixelpass + participant Issuing_Authority as Issuing Authority + Inji_Wallet -) InjiVCIClient: 1. Request mso_mdoc credential + InjiVCIClient ->> Issuing_Authority: 2. Credential Request + Issuing_Authority ->> InjiVCIClient: 3. Return mso_mdoc format specific Credential response (base64 url encoded string) + InjiVCIClient -) Inji_Wallet: 4. Return mdocCredential + Inji_Wallet -) VCVerifier: 5. Verify mdocCredential + VCVerifier -) Inji_Wallet: 6. Return Verification Result + Inji_Wallet ->> Inji_Wallet: 7. Save Verified VC + Inji_Wallet -) Pixelpass: 8. convert mdocCredential(base64 url encoded CBOR) to JSON for rendering + Pixelpass -) Inji_Wallet: 9. Return mdocInJson + Inji_Wallet ->> Issuing_Authority: 10. Get credential issuer metadata for rendering VC to user (GET /.well-known/openid-credential-issuer) + Issuing_Authority ->> Inji_Wallet: 11. Return credential issuer metadata + Inji_Wallet ->> Inji_Wallet: 12. use the issuer metadata for rendering VC + +``` + +#### Steps involved +##### 1. Make credential request + +Establish communication with the _inji-vci-client_ to submit a credential request to the issuing authority. + +```` +{ + "format": "mso_mdoc", + "doctype": "org.iso.18013.5.1.mDL", + "claims": { + "org.iso.18013.5.1": { + "given_name": {}, + "family_name": {}, + "birth_date": {} + }, + }, + "proof": { + "proof_type": "jwt", + "jwt": "eyJraWQiOiJkaWQ6ZXhhbXBsZ...KPxgihac0aW9EkL1nOzM" + } +} +```` +##### 2. Receive the credential response +The _inji-vci-client_ submits the credential request to the issuing authority. Once the response is received, it is returned to the Wallet. + +``` +{ + "credential": "" +} +``` +##### 3. Perform vc verification + +After obtaining the credential from the issuing authority through the _inji-vci-client_ library, a verification process ensures that the issued Verifiable Credential (VC) remains unaltered. For credentials in the mso_mdoc format, the following validations are performed using the _vc-verifier_ library: + +1. [x] Confirm the credential has not been tampered with. (Cryptographic Signature/Hash Verification) +2. [x] Issuing Country Validation. +3. [x] Document Type Check. +4. [x] Confirms the credential is within its valid usage period. (Validity Information Check) +5. [x] Verifies the integrity of the certificate chain to ensure that the credential is issued by a legitimate and authorized issuer. (Document Signer certification validation) [currently not implemented] + +##### 4. Rendering of mso_mdoc VC + +- In the case of an mso_mdoc format Verifiable Credential (VC), the issuer provides the credential as Base64-encoded CBOR data. The Wallet interacts with the _pixelpass_ library to convert this encoded CBOR data into JSON format, which is then used for rendering the credential. +- The processed credential is not stored in persistent storage or shared via Bluetooth to optimize storage efficiency and transmission size. Instead, it is maintained only within the state machine context, ensuring that repeated interactions with PixelPass are avoided for rendering. +- Once the processed VC is obtained, the issuer's well-known configuration is used to determine how the credential should be displayed, including labeling and field ordering. + +- ##### VC Detail View Rendering: + - Field Labels: + The labels displayed for each field are derived from the Credential Issuer's metadata claims under the display attribute. + Reference: OpenID4VCI Spec - Credential Issuer Metadata. + - Field Ordering: + - As per OpenID4VCI Draft 13, the order property in the issuer’s well-known configuration defines the order of fields to be displayed. + This property contains an array of claims.display.name values, specifying the sequence in which the Wallet should present the fields. + - Example: + ` org.iso.18013.5.1\~given_name` (` Format: {namespace}\~{claim-value-name}`) + +This structured approach ensures that the credential is rendered accurately and efficiently while maintaining a lightweight storage and transmission footprint. diff --git a/docs/wla-auth.md b/docs/wla-auth.md new file mode 100644 index 0000000000..2e25d18aab --- /dev/null +++ b/docs/wla-auth.md @@ -0,0 +1,41 @@ +# WLA Auth + +Inji Wallet enables seamless authentication to online portals using verifiable credentials. Through a QR code-based deep-linking technique, users can authenticate biometrically via their mobile wallet and securely grant data sharing permissions to access online services. + +## Wallet Local Authentication - Sequence Diagram + +Actors Involved + +- Inji Wallet (Mobile App) +- User +- Authorization Server +- Online Portal + +```mermaid +sequenceDiagram + participant User as User + participant Wallet as Wallet
(Downloaded and binded VC) + participant Online Portal as Online Portal + participant Authorization Server as Authorization Server + + User -->> Online Portal: Opens online portal in mobile + Note over Online Portal: Display the Sign-In options + User -->> Online Portal: Clicks on Sign-in with Authorization Server + Online Portal -->> Authorization Server: Redirects to Authorization Server + Note over Authorization Server: Displays options to login + User -->> Authorization Server: Clicks on Login with Wallet + Note over Authorization Server: Generates QR code with token
and redirect scheme + User -->> Authorization Server: Clicks on the QR Code + Authorization Server -->> Wallet: Checks the redirect scheme and
launches the correct activity + + Note over User,Authorization Server: Authentication and Consent Flow + Wallet -->> User: Prompts for biometric authentication + User -->> Wallet: Provides biometric authentication + Wallet -->> Authorization Server: Sends authentication confirmation + Authorization Server -->> Wallet: Requests consent for data sharing + Wallet -->> User: Displays consent screen with requested permissions + User -->> Wallet: Reviews and grants consent + Wallet -->> Authorization Server: Sends consent confirmation + + Authorization Server -->> Online Portal: Logged in Successfully +``` diff --git a/ios/Inji.xcodeproj/project.pbxproj b/ios/Inji.xcodeproj/project.pbxproj index 9cedff2f9b..0ff1dcd268 100644 --- a/ios/Inji.xcodeproj/project.pbxproj +++ b/ios/Inji.xcodeproj/project.pbxproj @@ -13,10 +13,10 @@ 1E6875EB2CA554FD0086D870 /* RNOpenID4VPModule.m in Sources */ = {isa = PBXBuildFile; fileRef = 1E6875EA2CA554FD0086D870 /* RNOpenID4VPModule.m */; }; 1E6875ED2CA5550F0086D870 /* RNOpenID4VPModule.swift in Sources */ = {isa = PBXBuildFile; fileRef = 1E6875EC2CA5550F0086D870 /* RNOpenID4VPModule.swift */; }; 1EC395242D50C89C0022D979 /* VCIClient in Frameworks */ = {isa = PBXBuildFile; productRef = 1EC395232D50C89C0022D979 /* VCIClient */; }; - 1EC395272D50C9150022D979 /* OpenID4VP in Frameworks */ = {isa = PBXBuildFile; productRef = 1EC395262D50C9150022D979 /* OpenID4VP */; }; 1EC3952A2D50C9470022D979 /* pixelpass in Frameworks */ = {isa = PBXBuildFile; productRef = 1EC395292D50C9470022D979 /* pixelpass */; }; 1EC3952D2D50C9820022D979 /* ios-tuvali-library in Frameworks */ = {isa = PBXBuildFile; productRef = 1EC3952C2D50C9820022D979 /* ios-tuvali-library */; }; 1EC395302D50C99E0022D979 /* securekeystore in Frameworks */ = {isa = PBXBuildFile; productRef = 1EC3952F2D50C99E0022D979 /* securekeystore */; }; + 3482783B2D6F221B0074938B /* OpenID4VP in Frameworks */ = {isa = PBXBuildFile; productRef = 3482783A2D6F221B0074938B /* OpenID4VP */; }; 3E461D99554A48A4959DE609 /* SplashScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = AA286B85B6C04FC6940260E9 /* SplashScreen.storyboard */; }; 73295844242A4AD3AA52D0BE /* noop-file.swift in Sources */ = {isa = PBXBuildFile; fileRef = D98B96A488E54CBDB286B26F /* noop-file.swift */; }; 96905EF65AED1B983A6B3ABC /* libPods-Inji.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 58EEBF8E8E6FB1BC6CAF49B5 /* libPods-Inji.a */; }; @@ -115,7 +115,7 @@ files = ( 1EC395242D50C89C0022D979 /* VCIClient in Frameworks */, 1EC3952A2D50C9470022D979 /* pixelpass in Frameworks */, - 1EC395272D50C9150022D979 /* OpenID4VP in Frameworks */, + 3407B1002D706EE1003089E6 /* OpenID4VP in Frameworks */, 1EC395302D50C99E0022D979 /* securekeystore in Frameworks */, 96905EF65AED1B983A6B3ABC /* libPods-Inji.a in Frameworks */, 1EC3952D2D50C9820022D979 /* ios-tuvali-library in Frameworks */, @@ -273,7 +273,7 @@ 1E55884F2CC0EF2C00CF55B4 /* Copy FaceSDK Model */, 00DD1BFF1BD5951E006B06BC /* Bundle React Native code and images */, 800E24972A6A228C8D4807E9 /* [CP] Copy Pods Resources */, - D11A8C363B4A5B625DB10379 /* [CP] Embed Pods Frameworks */, + 0F2FCBA5E4517C72775B53F7 /* [CP] Embed Pods Frameworks */, ); buildRules = ( ); @@ -282,10 +282,10 @@ name = Inji; packageProductDependencies = ( 1EC395232D50C89C0022D979 /* VCIClient */, - 1EC395262D50C9150022D979 /* OpenID4VP */, 1EC395292D50C9470022D979 /* pixelpass */, 1EC3952C2D50C9820022D979 /* ios-tuvali-library */, 1EC3952F2D50C99E0022D979 /* securekeystore */, + 3407B0FF2D706EE1003089E6 /* OpenID4VP */, ); productName = Inji; productReference = 13B07F961A680F5B00A75B9A /* Inji.app */; @@ -314,11 +314,11 @@ ); mainGroup = 83CBB9F61A601CBA00E9B192; packageReferences = ( - 1EC395222D50C89C0022D979 /* XCRemoteSwiftPackageReference "inji-vci-client-ios-swift.git" */, - 1EC395252D50C9150022D979 /* XCRemoteSwiftPackageReference "inji-openid4vp-ios-swift.git" */, - 1EC395282D50C9470022D979 /* XCRemoteSwiftPackageReference "pixelpass-ios-swift.git" */, - 1EC3952B2D50C9820022D979 /* XCRemoteSwiftPackageReference "tuvali-ios-swift.git" */, - 1EC3952E2D50C99E0022D979 /* XCRemoteSwiftPackageReference "secure-keystore-ios-swift.git" */, + 1EC395222D50C89C0022D979 /* XCRemoteSwiftPackageReference "inji-vci-client-ios-swift" */, + 1EC395282D50C9470022D979 /* XCRemoteSwiftPackageReference "pixelpass-ios-swift" */, + 1EC3952B2D50C9820022D979 /* XCRemoteSwiftPackageReference "tuvali-ios-swift" */, + 1EC3952E2D50C99E0022D979 /* XCRemoteSwiftPackageReference "secure-keystore-ios-swift" */, + 3407B0FE2D706EE1003089E6 /* XCRemoteSwiftPackageReference "inji-openid4vp-ios-swift" */, ); productRefGroup = 83CBBA001A601CBA00E9B192 /* Products */; projectDirPath = ""; @@ -398,6 +398,24 @@ shellScript = "diff \"${PODS_PODFILE_DIR_PATH}/Podfile.lock\" \"${PODS_ROOT}/Manifest.lock\" > /dev/null\nif [ $? != 0 ] ; then\n # print error to STDERR\n echo \"error: The sandbox is not in sync with the Podfile.lock. Run 'pod install' or update your CocoaPods installation.\" >&2\n exit 1\nfi\n# This output is used by Xcode 'outputs' to avoid re-running this script phase.\necho \"SUCCESS\" > \"${SCRIPT_OUTPUT_FILE_0}\"\n"; showEnvVarsInLog = 0; }; + 0F2FCBA5E4517C72775B53F7 /* [CP] Embed Pods Frameworks */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${PODS_ROOT}/Target Support Files/Pods-Inji/Pods-Inji-frameworks.sh", + "${PODS_XCFRAMEWORKS_BUILD_DIR}/hermes-engine/Pre-built/hermes.framework/hermes", + ); + name = "[CP] Embed Pods Frameworks"; + outputPaths = ( + "${TARGET_BUILD_DIR}/${FRAMEWORKS_FOLDER_PATH}/hermes.framework", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-Inji/Pods-Inji-frameworks.sh\"\n"; + showEnvVarsInLog = 0; + }; 1E55884F2CC0EF2C00CF55B4 /* Copy FaceSDK Model */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 12; @@ -471,24 +489,6 @@ shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-Inji/Pods-Inji-resources.sh\"\n"; showEnvVarsInLog = 0; }; - D11A8C363B4A5B625DB10379 /* [CP] Embed Pods Frameworks */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "${PODS_ROOT}/Target Support Files/Pods-Inji/Pods-Inji-frameworks.sh", - "${PODS_XCFRAMEWORKS_BUILD_DIR}/hermes-engine/Pre-built/hermes.framework/hermes", - ); - name = "[CP] Embed Pods Frameworks"; - outputPaths = ( - "${TARGET_BUILD_DIR}/${FRAMEWORKS_FOLDER_PATH}/hermes.framework", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-Inji/Pods-Inji-frameworks.sh\"\n"; - showEnvVarsInLog = 0; - }; FD10A7F022414F080027D42C /* Start Packager */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; @@ -574,7 +574,6 @@ PRODUCT_BUNDLE_IDENTIFIER = io.mosip.inji.wallet.mobileid; PRODUCT_NAME = Inji; PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = ""; SWIFT_OBJC_BRIDGING_HEADER = ""; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; @@ -763,7 +762,7 @@ /* End XCConfigurationList section */ /* Begin XCRemoteSwiftPackageReference section */ - 1EC395222D50C89C0022D979 /* XCRemoteSwiftPackageReference "inji-vci-client-ios-swift.git" */ = { + 1EC395222D50C89C0022D979 /* XCRemoteSwiftPackageReference "inji-vci-client-ios-swift" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/mosip/inji-vci-client-ios-swift.git"; requirement = { @@ -771,15 +770,7 @@ kind = branch; }; }; - 1EC395252D50C9150022D979 /* XCRemoteSwiftPackageReference "inji-openid4vp-ios-swift.git" */ = { - isa = XCRemoteSwiftPackageReference; - repositoryURL = "https://github.com/mosip/inji-openid4vp-ios-swift.git"; - requirement = { - branch = "release-0.2.x"; - kind = branch; - }; - }; - 1EC395282D50C9470022D979 /* XCRemoteSwiftPackageReference "pixelpass-ios-swift.git" */ = { + 1EC395282D50C9470022D979 /* XCRemoteSwiftPackageReference "pixelpass-ios-swift" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/mosip/pixelpass-ios-swift.git"; requirement = { @@ -787,19 +778,27 @@ kind = branch; }; }; - 1EC3952B2D50C9820022D979 /* XCRemoteSwiftPackageReference "tuvali-ios-swift.git" */ = { + 1EC3952B2D50C9820022D979 /* XCRemoteSwiftPackageReference "tuvali-ios-swift" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/mosip/tuvali-ios-swift.git"; requirement = { - branch = "release-0.5.x"; - kind = branch; + kind = exactVersion; + version = 0.5.0; }; }; - 1EC3952E2D50C99E0022D979 /* XCRemoteSwiftPackageReference "secure-keystore-ios-swift.git" */ = { + 1EC3952E2D50C99E0022D979 /* XCRemoteSwiftPackageReference "secure-keystore-ios-swift" */ = { isa = XCRemoteSwiftPackageReference; repositoryURL = "https://github.com/mosip/secure-keystore-ios-swift.git"; requirement = { - branch = "release-0.3.x"; + kind = exactVersion; + version = 0.3.0; + }; + }; + 3407B0FE2D706EE1003089E6 /* XCRemoteSwiftPackageReference "inji-openid4vp-ios-swift" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/mosip/inji-openid4vp-ios-swift"; + requirement = { + branch = develop; kind = branch; }; }; @@ -808,29 +807,29 @@ /* Begin XCSwiftPackageProductDependency section */ 1EC395232D50C89C0022D979 /* VCIClient */ = { isa = XCSwiftPackageProductDependency; - package = 1EC395222D50C89C0022D979 /* XCRemoteSwiftPackageReference "inji-vci-client-ios-swift.git" */; + package = 1EC395222D50C89C0022D979 /* XCRemoteSwiftPackageReference "inji-vci-client-ios-swift" */; productName = VCIClient; }; - 1EC395262D50C9150022D979 /* OpenID4VP */ = { - isa = XCSwiftPackageProductDependency; - package = 1EC395252D50C9150022D979 /* XCRemoteSwiftPackageReference "inji-openid4vp-ios-swift.git" */; - productName = OpenID4VP; - }; 1EC395292D50C9470022D979 /* pixelpass */ = { isa = XCSwiftPackageProductDependency; - package = 1EC395282D50C9470022D979 /* XCRemoteSwiftPackageReference "pixelpass-ios-swift.git" */; + package = 1EC395282D50C9470022D979 /* XCRemoteSwiftPackageReference "pixelpass-ios-swift" */; productName = pixelpass; }; 1EC3952C2D50C9820022D979 /* ios-tuvali-library */ = { isa = XCSwiftPackageProductDependency; - package = 1EC3952B2D50C9820022D979 /* XCRemoteSwiftPackageReference "tuvali-ios-swift.git" */; + package = 1EC3952B2D50C9820022D979 /* XCRemoteSwiftPackageReference "tuvali-ios-swift" */; productName = "ios-tuvali-library"; }; 1EC3952F2D50C99E0022D979 /* securekeystore */ = { isa = XCSwiftPackageProductDependency; - package = 1EC3952E2D50C99E0022D979 /* XCRemoteSwiftPackageReference "secure-keystore-ios-swift.git" */; + package = 1EC3952E2D50C99E0022D979 /* XCRemoteSwiftPackageReference "secure-keystore-ios-swift" */; productName = securekeystore; }; + 3407B0FF2D706EE1003089E6 /* OpenID4VP */ = { + isa = XCSwiftPackageProductDependency; + package = 3407B0FE2D706EE1003089E6 /* XCRemoteSwiftPackageReference "inji-openid4vp-ios-swift" */; + productName = OpenID4VP; + }; /* End XCSwiftPackageProductDependency section */ }; rootObject = 83CBB9F71A601CBA00E9B192 /* Project object */; diff --git a/ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved b/ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved index 7ce8cf6434..dd3ec57731 100644 --- a/ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved +++ b/ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved @@ -1,5 +1,5 @@ { - "originHash" : "178f6c7c607eeb08b99a4966015d08339500de64791888a2e79d6b7afae53659", + "originHash" : "89c09865ed302674a6eacbfdc15bccfb27aca83c6e960244a525461f6336a126", "pins" : [ { "identity" : "base45-swift", @@ -40,10 +40,10 @@ { "identity" : "inji-openid4vp-ios-swift", "kind" : "remoteSourceControl", - "location" : "https://github.com/mosip/inji-openid4vp-ios-swift.git", + "location" : "https://github.com/mosip/inji-openid4vp-ios-swift", "state" : { - "branch" : "release-0.2.x", - "revision" : "8c682e3c99a4091330bcdf1725a8a659ab79a7cc" + "branch" : "develop", + "revision" : "209f44d71a723580c27e87b2a12021f2ab63a0a3" } }, { @@ -52,7 +52,7 @@ "location" : "https://github.com/mosip/inji-vci-client-ios-swift.git", "state" : { "branch" : "release-0.2.x", - "revision" : "5fe56728106cffc8eff47e43437f288307c9d91b" + "revision" : "21854f841c7dae09fa51878a40676841664cc18b" } }, { @@ -67,10 +67,10 @@ { "identity" : "pixelpass-ios-swift", "kind" : "remoteSourceControl", - "location" : "https://github.com/mosip/pixelpass-ios-swift.git", + "location" : "https://github.com/mosip/pixelpass-ios-swift/", "state" : { "branch" : "release-0.6.x", - "revision" : "7111692893287015599e4e0297bcade6a5375527" + "revision" : "15249dc4eecb7c2b6e6074193d3928b3402c9d20" } }, { @@ -87,8 +87,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/mosip/secure-keystore-ios-swift.git", "state" : { - "branch" : "release-0.3.x", - "revision" : "1ea5182ca985302d11010b7a16ea496167969ab3" + "revision" : "1ea5182ca985302d11010b7a16ea496167969ab3", + "version" : "0.3.0" } }, { @@ -96,8 +96,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/valpackett/SwiftCBOR", "state" : { - "branch" : "master", - "revision" : "ec24382864e5ffc6d3915c0818745d5ab12545a8" + "revision" : "04ccff117f6549121d5721ec84fdf0162122b90e", + "version" : "0.5.0" } }, { @@ -105,8 +105,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/mosip/tuvali-ios-swift.git", "state" : { - "branch" : "release-0.5.x", - "revision" : "2d49e123f70dfc2179983a753d370cc2212385db" + "revision" : "2d49e123f70dfc2179983a753d370cc2212385db", + "version" : "0.5.0" } }, { diff --git a/ios/RNOpenID4VPModule.m b/ios/RNOpenID4VPModule.m index 3186ef917f..517bf29de1 100644 --- a/ios/RNOpenID4VPModule.m +++ b/ios/RNOpenID4VPModule.m @@ -5,7 +5,7 @@ @interface RCT_EXTERN_MODULE(InjiOpenID4VP, NSObject) RCT_EXTERN_METHOD(init:(NSString *)appId) -RCT_EXTERN_METHOD(authenticateVerifier:(NSString *)encodedAuthorizationRequest +RCT_EXTERN_METHOD(authenticateVerifier:(NSString *)urlEncodedAuthorizationRequest trustedVerifierJSON:(id)trustedVerifierJSON shouldValidateClient:(BOOL)shouldValidateClient resolver:(RCTPromiseResolveBlock)resolve diff --git a/ios/RNOpenID4VPModule.swift b/ios/RNOpenID4VPModule.swift index daaaa2996d..2501e1fef9 100644 --- a/ios/RNOpenID4VPModule.swift +++ b/ios/RNOpenID4VPModule.swift @@ -17,7 +17,7 @@ class RNOpenId4VpModule: NSObject, RCTBridgeModule { } @objc - func authenticateVerifier(_ encodedAuthorizationRequest: String, + func authenticateVerifier(_ urlEncodedAuthorizationRequest: String, trustedVerifierJSON: AnyObject, shouldValidateClient: Bool, resolver resolve: @escaping RCTPromiseResolveBlock, @@ -37,7 +37,7 @@ class RNOpenId4VpModule: NSObject, RCTBridgeModule { return Verifier(clientId: clientId, responseUris: responseUris) } - let authenticationResponse: AuthorizationRequest = try await openID4VP!.authenticateVerifier(encodedAuthorizationRequest: encodedAuthorizationRequest, trustedVerifierJSON: trustedVerifiersList, shouldValidateClient: shouldValidateClient) + let authenticationResponse: AuthorizationRequest = try await openID4VP!.authenticateVerifier(urlEncodedAuthorizationRequest: urlEncodedAuthorizationRequest, trustedVerifierJSON: trustedVerifiersList, shouldValidateClient: shouldValidateClient) let response = try toJsonString(jsonObject: authenticationResponse) resolve(response) diff --git a/machines/openID4VP/openID4VPActions.ts b/machines/openID4VP/openID4VPActions.ts index 9716916ba4..6785dec48a 100644 --- a/machines/openID4VP/openID4VPActions.ts +++ b/machines/openID4VP/openID4VPActions.ts @@ -20,8 +20,8 @@ export const openID4VPActions = (model: any) => { authenticationResponse: (_, event) => event.data, }), - setEncodedAuthorizationRequest: model.assign({ - encodedAuthorizationRequest: (_, event) => event.encodedAuthRequest, + setUrlEncodedAuthorizationRequest: model.assign({ + urlEncodedAuthorizationRequest: (_, event) => event.encodedAuthRequest, }), setFlowType: model.assign({ diff --git a/machines/openID4VP/openID4VPMachine.ts b/machines/openID4VP/openID4VPMachine.ts index 21eae89f60..ab956c660d 100644 --- a/machines/openID4VP/openID4VPMachine.ts +++ b/machines/openID4VP/openID4VPMachine.ts @@ -42,7 +42,7 @@ export const openID4VPMachine = model.createMachine( on: { AUTHENTICATE: { actions: [ - 'setEncodedAuthorizationRequest', + 'setUrlEncodedAuthorizationRequest', 'setFlowType', 'setMiniViewShareSelectedVC', 'setIsShareWithSelfie', diff --git a/machines/openID4VP/openID4VPModel.ts b/machines/openID4VP/openID4VPModel.ts index c923362099..66306fff5e 100644 --- a/machines/openID4VP/openID4VPModel.ts +++ b/machines/openID4VP/openID4VPModel.ts @@ -46,7 +46,7 @@ const openID4VPEvents = { export const openID4VPModel = createModel( { serviceRefs: {} as AppServices, - encodedAuthorizationRequest: '' as string, + urlEncodedAuthorizationRequest: '' as string, authenticationResponse: {}, vcsMatchingAuthRequest: {} as Record, checkedAll: false as boolean, diff --git a/machines/openID4VP/openID4VPServices.ts b/machines/openID4VP/openID4VPServices.ts index a934c6f291..8dad470645 100644 --- a/machines/openID4VP/openID4VPServices.ts +++ b/machines/openID4VP/openID4VPServices.ts @@ -9,7 +9,7 @@ import { OpenID4VP_Domain, OpenID4VP_Proof_Sign_Algo_Suite, } from '../../shared/openID4VP/OpenID4VP'; -import { KeyTypes } from '../../shared/cryptoutil/KeyTypes'; +import {KeyTypes} from '../../shared/cryptoutil/KeyTypes'; export const openID4VPServices = () => { return { @@ -24,7 +24,7 @@ export const openID4VPServices = () => { getAuthenticationResponse: (context: any) => async () => { OpenID4VP.initialize(); const serviceRes = await OpenID4VP.authenticateVerifier( - context.encodedAuthorizationRequest, + context.urlEncodedAuthorizationRequest, context.trustedVerifiers, ); return serviceRes; @@ -55,7 +55,11 @@ export const openID4VPServices = () => { const vpResponseMetadata = { jws: proofJWT, signatureAlgorithm: OpenID4VP_Proof_Sign_Algo_Suite, - publicKey: "did:jwk:"+base64url(await getJWK(context.publicKey, KeyTypes.ED25519)), + publicKey: + 'did:jwk:' + + base64url( + JSON.stringify(await getJWK(context.publicKey, KeyTypes.ED25519)), + ), domain: OpenID4VP_Domain, }; return await OpenID4VP.shareVerifiablePresentation(vpResponseMetadata); diff --git a/shared/openID4VP/OpenID4VP.ts b/shared/openID4VP/OpenID4VP.ts index a90eb7b6d5..3f85c9e4d2 100644 --- a/shared/openID4VP/OpenID4VP.ts +++ b/shared/openID4VP/OpenID4VP.ts @@ -18,14 +18,13 @@ export class OpenID4VP { } static async authenticateVerifier( - encodedAuthorizationRequest: string, + urlEncodedAuthorizationRequest: string, trustedVerifiersList: any, ) { const shouldValidateClient = await isClientValidationRequired(); - const authenticationResponse = await OpenID4VP.InjiOpenID4VP.authenticateVerifier( - encodedAuthorizationRequest, + urlEncodedAuthorizationRequest, trustedVerifiersList, shouldValidateClient, );