Skip to content

fix: retain Presentation layer during decoding to allow nonce extraction #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
coplat wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

fix: retain Presentation layer during decoding to allow nonce extraction #115

coplat wants to merge 1 commit into from

Conversation

@coplat
Copy link
Contributor

@coplat coplat commented Jan 6, 2026
edited
Loading

Description of change

Previously, the decode_authorization_response function would extract only the inner VerifiableCredentialJwt level of the vp_token. This meant that the "outer" VerifiablePresentationJwt (VP) shell of the token was discarded after decoding.
Because the nonce claim resides on the Presentation layer and not the Credential layer, it was impossible to perform nonce validation in our authorization_request Aggregate.

This PR changes the format of the DecodedVpToken struct to store the full VerifiablePresentationJwt wrapper. The decoding logic has been updated to:

  1. Verify the outer VP signature.
  2. Verify the inner VC signatures to ensure its integrity.
  3. Preserve the outer VP object in the returned struct.

A helper method .nonce() was also added to DecodedVpToken to allow the Aggregate in our ssi-agent to easily extract the nonce from the verified presentations.

Links to any relevant issues

Be sure to reference any related issues by adding fixes issue #.

How the change has been tested

Describe the tests that you ran to verify your changes.
Make sure to provide instructions for the maintainer as well as any relevant configurations.

Definition of Done checklist

Add an x to the boxes that are relevant to your changes.

  • I have followed the contribution guidelines for this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@coplat coplat self-assigned this Jan 6, 2026
@codecov-commenter
Copy link

codecov-commenter commented Jan 6, 2026

Codecov Report

❌ Patch coverage is 60.00000% with 8 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
oid4vp/src/oid4vp.rs 60.00% 8 Missing ⚠️
Files with missing lines Coverage Δ
oid4vp/src/token/verifiable_presentation_jwt.rs 100.00% <ø> (ø)
oid4vp/src/oid4vp.rs 73.33% <60.00%> (-5.43%) ⬇️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@coplat coplat marked this pull request as ready for review January 7, 2026 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@coplat coplat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@coplat @codecov-commenter