Skip to content

feat:API for verify the authorization response #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shitrerohit wants to merge 4 commits into
base: feat/oidc-main-sync
Choose a base branch
from
+57 −6
Open

feat:API for verify the authorization response #344

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
be09251
feat:API for verify the authorization response
shitrerohit Feb 11, 2026
d89a68b
fix:code rabbit ai issues
shitrerohit Feb 11, 2026
6c1333b
fix:updated the response in accept proof request
shitrerohit Feb 11, 2026
b130bee
fix: supporting clientIdPrefix for HAIP support
RinkalBhojani Feb 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions src/controllers/openid4vc/holder/holder.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,12 +200,14 @@ export class HolderService {
public async resolveProofRequest(agentReq: Req, body: ResolveProofRequest) {
return (await agentReq.agent.modules.openid4vc.holder.resolveOpenId4VpAuthorizationRequest(
body.proofRequestUri,
body.options,
)) as any
}

public async acceptPresentationRequest(agentReq: Req, body: ResolveProofRequest) {
const resolved = await agentReq.agent.modules.openid4vc.holder.resolveOpenId4VpAuthorizationRequest(
body.proofRequestUri,
body.options,
)
// const presentationExchangeService = agent.dependencyManager.resolve(DifPresentationExchangeService)

Expand All @@ -224,10 +226,20 @@ export class HolderService {
dcql: {
credentials: dcqlCredentials as DcqlCredentialsForRequest,
},
origin: body.options?.origin,
})
const result: any = submissionResult.serverResponse
result['authorizationResponsePayload'] = submissionResult.authorizationResponsePayload
return result
if (submissionResult.serverResponse) {
const { serverResponse, ...rest } = submissionResult

return {
...serverResponse,
body: rest,
} as any
}
return {
status: 200,
body: submissionResult,
} as any
}

public async deleteCredential(agentReq: Req, { credentialId, credentialType }: DeleteCredentialBody) {
Expand Down
3 changes: 3 additions & 0 deletions src/controllers/openid4vc/types/holder.types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import type { ResolveOpenId4VpAuthorizationRequestOptions } from '@credo-ts/openid4vc'

export interface ResolveCredentialOfferBody {
credentialOfferUri: string
}
Expand All @@ -17,6 +19,7 @@ export interface AuthorizeRequestCredentialOffer {

export interface ResolveProofRequest {
proofRequestUri: string
options?: ResolveOpenId4VpAuthorizationRequestOptions
}

export interface AcceptProofRequest {
Expand Down
8 changes: 7 additions & 1 deletion src/controllers/openid4vc/types/verifier.types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/* eslint-disable @typescript-eslint/explicit-member-accessibility */
import type { DifPresentationExchangeDefinitionV2 } from '@credo-ts/core'
import type { SubmissionRequirement, Format, Issuance, InputDescriptorV2 } from '@sphereon/pex-models'
import type { Format, Issuance, InputDescriptorV2 } from '@sphereon/pex-models'

export enum ResponseModeEnum {
DIRECT_POST = 'direct_post',
Expand Down Expand Up @@ -109,3 +109,9 @@ export class OpenId4VcSiopCreateVerifierOptions {
export class OpenId4VcUpdateVerifierRecordOptions {
clientMetadata?: OpenId4VcSiopVerifierClientMetadata
}

export interface OpenId4VCDCQLVerificationSessionRecord {
verificationSessionId: string
authorizationResponse: Record<string, unknown>
origin?: string
}
18 changes: 16 additions & 2 deletions src/controllers/openid4vc/verifier-sessions/verification-sessions.Controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
import { Agent } from '@credo-ts/core'
import { OpenId4VcVerificationSessionState } from '@credo-ts/openid4vc'
import { Request as Req } from 'express'
import { Controller, Get, Path, Query, Route, Request, Security, Tags, Post, Body } from 'tsoa'
import { injectable } from 'tsyringe'

import { SCOPES } from '../../../enums'
import ErrorHandlingService from '../../../errorHandlingService'
import { CreateAuthorizationRequest } from '../types/verifier.types'
import { CreateAuthorizationRequest, OpenId4VCDCQLVerificationSessionRecord } from '../types/verifier.types'

import { VerificationSessionsService } from './verification-sessions.service'

Expand Down Expand Up @@ -87,4 +86,19 @@ export class VerificationSessionsController extends Controller {
throw ErrorHandlingService.handle(error)
}
}

/**
* Verify authorization response for a DCAPI proof request
*/
@Post('/verify-authorization-response')
public async verifyDcqlProofRequest(
@Request() request: Req,
@Body() verifydcqlProofRquest: OpenId4VCDCQLVerificationSessionRecord,
) {
try {
return await this.verificationSessionService.verifyAuthorizationResponse(request, verifydcqlProofRquest)
} catch (error) {
throw ErrorHandlingService.handle(error)
}
}
}
16 changes: 16 additions & 0 deletions src/controllers/openid4vc/verifier-sessions/verification-sessions.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ import {
ClientIdPrefix,
CreateAuthorizationRequest,
OpenId4VcIssuerX5cOptions,
OpenId4VCDCQLVerificationSessionRecord,
OpenId4VcIssuerX5c,
ClientIdPrefix,
OpenId4VcIssuerX5cOptions,
ResponseModeEnum,
} from '../types/verifier.types'

Expand Down Expand Up @@ -200,4 +204,16 @@ export class VerificationSessionsService {
: undefined,
} as any
}

public async verifyAuthorizationResponse(
agentReq: Req,
verifydcqlProofRquest: OpenId4VCDCQLVerificationSessionRecord,
) {
const verifier = agentReq.agent.modules.openid4vc.verifier
if (!verifier) {
throw new Error('OID4VC verifier module not initialized')
}
const result = (await verifier.verifyAuthorizationResponse({ ...verifydcqlProofRquest })) as any
Copy link

@coderabbitai coderabbitai bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# First, find the file and examine the context around line 208
cat -n src/controllers/openid4vc/verifier-sessions/verification-sessions.service.ts | sed -n '200,220p'

Repository: credebl/agent-controller

Length of output: 566

🏁 Script executed:

# Search for verifyAuthorizationResponse definition and usage
rg -n "verifyAuthorizationResponse" --type=ts -B3 -A5

Repository: credebl/agent-controller

Length of output: 850

🏁 Script executed:

# Search for the verifydcqlProofRquest variable definition (note: possible typo)
rg -n "verifydcqlProofRquest|verifydcqlProofRequest" --type=ts -B3 -A3

Repository: credebl/agent-controller

Length of output: 2672

🏁 Script executed:

# Search for OpenId4VCDCQLVerificationSessionRecord type definition
rg -n "OpenId4VCDCQLVerificationSessionRecord" --type=ts -B2 -A10

Repository: credebl/agent-controller

Length of output: 6348

🏁 Script executed:

# Search for verifyAuthorizationResponse in the codebase or dependencies
rg -n "verifyAuthorizationResponse" --type=ts -B5 -A10 | head -100

Repository: credebl/agent-controller

Length of output: 1193

🏁 Script executed:

# Find the type definition files for openid4vc verifier
fd -e "d.ts" -e "ts" | xargs grep -l "verifyAuthorizationResponse" 2>/dev/null | head -10

Repository: credebl/agent-controller

Length of output: 144

🏁 Script executed:

# Check if there's a node_modules and search in credo-ts
find . -path "*/node_modules/@credo-ts/*/openid4vc*" -name "*.d.ts" 2>/dev/null | head -5

Repository: credebl/agent-controller

Length of output: 50

🏁 Script executed:

# Look for verifyAuthorizationResponse in imports/type definitions
rg -n "verifyAuthorizationResponse" --type=ts --type=js

Repository: credebl/agent-controller

Length of output: 249

🌐 Web query:

credo-ts openid4vc verifier verifyAuthorizationResponse API signature

💡 Result:

In Credo TS (@credo-ts/openid4vc), the Verifier flow typically does not expose a public verifyAuthorizationResponse(...) API on agent.modules.openId4VcVerifier.

Instead, Credo verifies the incoming Authorization Response as part of the verification session flow, and you retrieve the result afterwards:

  • Listen for the verification session reaching ResponseVerified
  • Then call:
const verified = await verifier.modules.openId4VcVerifier.getVerifiedAuthorizationResponse(
  verificationSessionId: string
)

This pattern is shown in Credo-based verifier examples/docs. (docs.cheqd.io)

Citations:

🏁 Script executed:

# Search for getVerifiedAuthorizationResponse to see if it's used elsewhere
rg -n "getVerifiedAuthorizationResponse" --type=ts

Repository: credebl/agent-controller

Length of output: 748

🏁 Script executed:

# Check if verifyAuthorizationResponse is defined in this codebase
rg -n "verifyAuthorizationResponse\s*\(" --type=ts -B2 -A10

Repository: credebl/agent-controller

Length of output: 748

🏁 Script executed:

# Search for response verification patterns in the codebase
rg -n "ResponseVerified|getVerified" --type=ts

Repository: credebl/agent-controller

Length of output: 748

🏁 Script executed:

# Look for imports from credo-ts openid4vc to understand what's available
rg -n "from.*credo.*openid4vc|from.*@credo-ts" --type=ts

Repository: credebl/agent-controller

Length of output: 11763

Use getVerifiedAuthorizationResponse(verificationSessionId) instead of verifyAuthorizationResponse.

The method verifyAuthorizationResponse is not exposed by the Credo TS OpenID4VC verifier API. The correct method to retrieve verified authorization responses is getVerifiedAuthorizationResponse, which accepts only the verificationSessionId parameter (see line 118 in the same file for the correct usage pattern). The current code will fail at runtime.

🤖 Prompt for AI Agents 
In `@src/controllers/openid4vc/verifier-sessions/verification-sessions.service.ts`
at line 208, Replace the incorrect call to
verifier.verifyAuthorizationResponse(...verifydcqlProofRquest) with
verifier.getVerifiedAuthorizationResponse(verificationSessionId); specifically,
stop spreading the verifydcqlProofRquest object and instead pass only the
verificationSessionId (the same id used earlier on line 118 usage), update the
surrounding code to accept the returned verified response type (remove the as
any cast if possible) and rename the local variable if needed to reflect that it
contains the verified authorization response.

return result
}
}