Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should dcql_query and presentation_definition be a string when using JAR? #378

Open
TimoGlastra opened this issue Jan 6, 2025 · 2 comments · May be fixed by #422
Open

Should dcql_query and presentation_definition be a string when using JAR? #378

TimoGlastra opened this issue Jan 6, 2025 · 2 comments · May be fixed by #422
Assignees
@jogu
Labels
has-PR ready-for-PR
Milestone
Final 1.0

Comments

@TimoGlastra
Copy link
Member

When using JAR, the authorization request is encoded as JSON in a JWT. What I've seen most implementations do with presentation_definition field is to keep it as JSON when using JAR, and not encode the JSON object as a string even though the spec mentions "A string containing a Presentation Definition JSON object". We addressed this in our implementation by allowing both string and json.

For DCQL we ran into the same issue again. We encode it as string now, but when doing interop testing with @markuskreusch for DCQL it was encoded as JSON object. We hadn't applied the same fix yet to also allow JSON (we currently always expect string for DCQL).

Encoding the JSON as string is required when using query parameters, but not when using JAR, and it seems to lead to ambiquity. In my opinion it makes sense to allow JSON for JAR (as it's more natural to keep JSON as JSON when putting it in a JSON object). I think most important is to maybe add something in the spec about what to do when using JAR:

  • keep requirements same, but mention that when using JAR it should also still be a JSON string, not the JSON object
  • make an exception for JAR, and allow/require it to be encoded as JSON instead of string.
@bc-pi
Copy link
Member

bc-pi commented Jan 6, 2025

JAR really should have been more clear about this but I believe the internet has always been that parameters with JSON values remain just JSON when in other JSON.

@jogu
Copy link
Collaborator

jogu commented Jan 6, 2025
edited
Loading

I agree the spec currently defines both presentation_definition and dcql_query to be strings which is unhelpful:

https://github.com/openid/OpenID4VP/blob/main/openid-4-verifiable-presentations-1_0.md?plain=1#L277

The conformance tests send presentation_definition as JSON in the request object, so technically aren't currently compliant with the specification...

The only example that uses DCQL vaguely suggests it's a JSON object: https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID3.html#appendix-A.2

The presentation_definition examples are mixed with one showing a string and most others showing an object.

As was as JAR, this affects the Digital Credentials API too.

ISO 18013 part 7 defines presentation_definition as a JSON object and shows it as that in the example request object.

I think we should fix things to make clear that both are intended to be JSON objects, encoded into strings where necessary - we perhaps need similar text to what RAR has for authorization_details:

In the context of an authorization request according to [RFC6749], the parameter is encoded using the application/x-www-form-urlencoded format of the serialized JSON

(from https://datatracker.ietf.org/doc/html/rfc9396#section-3 )

@jogu jogu added this to the Final 1.0 milestone Jan 6, 2025
@TimoGlastra TimoGlastra mentioned this issue Jan 23, 2025
Open
@jogu jogu self-assigned this Feb 11, 2025
jogu added a commit that referenced this issue Feb 11, 2025
@jogu
dcql_query & presentation_definition are not strings
3743c4b 
When putting JSON into JSON for inclusion in request objects,
you should definitely not encode it as a string first.

Also switch one of the examples from PE to DCQL as currently
the only example showing dcql_query parameter is in DC API
appendix.

closes #378
@jogu jogu linked a pull request Feb 11, 2025 that will close this issue
Open
jogu added a commit that referenced this issue Feb 11, 2025
@jogu
dcql_query & presentation_definition are not strings
7136c9a 
When putting JSON into JSON for inclusion in request objects,
you should definitely not encode it as a string first.

Also switch one of the examples from PE to DCQL as currently
the only example showing dcql_query parameter is in DC API
appendix.

closes #378
@jogu jogu added the has-PR label Feb 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jogu jogu

Labels
has-PR ready-for-PR
Projects
None yet
Milestone
Final 1.0
Development

Successfully merging a pull request may close this issue.

dcql_query & presentation_definition are not strings openid/OpenID4VP
3 participants
@jogu @TimoGlastra @bc-pi