Skip to content

Only extract used credentials when one request is satisfied #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jkoenig134 merged 4 commits into from
Nov 20, 2025
Merged

Only extract used credentials when one request is satisfied #859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
941b182
refactor: move extracting the used credentials to a helper method
jkoenig134 Nov 20, 2025
15130f6
chore: rename helper method
jkoenig134 Nov 20, 2025
7b10690
Merge branch 'release/openid4vc' into only-extract-used-credentials-w…
jkoenig134 Nov 20, 2025
47934d5
chore: update lockfile
jkoenig134 Nov 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 24 additions & 7 deletions packages/consumption/src/modules/openid4vc/OpenId4VcController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,28 @@ export class OpenId4VcController extends ConsumptionBaseController {

// TODO: extract DTOs

const matchedCredentialsSdJwtVc = authorizationRequest.presentationExchange?.credentialsForRequest.requirements
const usedCredentials = await this.extractUsedCredentialsFromAuthorizationRequest(authorizationRequest);

return {
authorizationRequest,
usedCredentials
};
}

private async extractUsedCredentialsFromAuthorizationRequest(
authorizationRequest: OpenId4VpResolvedAuthorizationRequest
): Promise<{ id: string; data: string; type: string; displayInformation?: string }[]> {
const dcqlSatisfied = authorizationRequest.dcql?.queryResult.can_be_satisfied ?? false;
const authorizationRequestSatisfied = authorizationRequest.presentationExchange?.credentialsForRequest.areRequirementsSatisfied ?? false;
if (!dcqlSatisfied && !authorizationRequestSatisfied) {
return [];
}

// there is no easy method to check which credentials were used in dcql
// this has to be added later
if (!authorizationRequestSatisfied) return [];

const matchedCredentialsFromPresentationExchange = authorizationRequest.presentationExchange?.credentialsForRequest.requirements
.map((entry) =>
entry.submissionEntry
.map((subEntry) => subEntry.verifiableCredentials.filter((vc) => vc.claimFormat === ClaimFormat.SdJwtDc).map((vc) => vc.credentialRecord.compactSdJwtVc))
Expand All @@ -93,12 +114,8 @@ export class OpenId4VcController extends ConsumptionBaseController {

const allCredentials = await this.getVerifiableCredentials();

const usedCredentials = allCredentials.filter((credential) => matchedCredentialsSdJwtVc?.includes(credential.data));

return {
authorizationRequest,
usedCredentials
};
const usedCredentials = allCredentials.filter((credential) => matchedCredentialsFromPresentationExchange?.includes(credential.data));
return usedCredentials;
}

public async acceptAuthorizationRequest(
Expand Down