Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support returning multiple presentations for a single dcql credential query when requested using multiple #398

Merged
merged 6 commits into from
Feb 27, 2025
Merged

support returning multiple presentations for a single dcql credential query when requested using multiple #398

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
860c76f
support returning multiple presentations for a single dcql credential…
charsleysa Jan 28, 2025
d912e5d
fix typo
charsleysa Jan 28, 2025
c585737
changes based on feedback
charsleysa Jan 30, 2025
389e7de
apply suggestion
charsleysa Jan 31, 2025
7ba6150
Merge branch 'openid:main' into implment-298
charsleysa Feb 17, 2025
9ee9b81
fix document history
charsleysa Feb 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 17 additions & 3 deletions openid-4-verifiable-presentations-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -669,8 +669,8 @@ unknown properties.

## Credential Query {#credential_query}

A Credential Query is an object representing a request for a presentation of one
Credential.
A Credential Query is an object representing a request for a presentation of one or more matching
Credentials.

Each entry in `credentials` MUST be an object with the following properties:

Expand All @@ -686,6 +686,9 @@ be present more than once.
Verifiable Credential. Valid Credential Format Identifier values are defined in
(#format_specific_parameters).

`multiple`:
: OPTIONAL. A boolean which indicates whether multiple Credentials can be returned for this Credential Query. If omitted, the default value is `false`.

`meta`:
: OPTIONAL. An object defining additional properties requested by the Verifier that
apply to the metadata and validity data of the Credential. The properties of
Expand Down Expand Up @@ -978,7 +981,7 @@ When a VP Token is returned, the respective response includes the following para

`vp_token`:
: REQUIRED. The structure of this parameter depends on the query language used to request the presentations in the Authorization Request:
* If DCQL was used, this is a JSON-encoded object; the keys are the `id` values used for the Credential Queries in the DCQL query, and the values are the Verifiable Presentations that match the respective Credential Query. The Verifiable Presentations are represented as strings or objects depending on the format as defined in (#format_specific_parameters). The same rules as above apply for encoding the Verifiable Presentations.
* If DCQL was used, this is a JSON-encoded object; the keys are the `id` values used for the Credential Queries in the DCQL query, and the values are either the Verifiable Presentations that match the respective Credential Query or, if `multiple` in the Credential Query is set to `true`, an array of one or more Verifiable Presentations that match the respective Credential Query. The Verifiable Presentations are represented as strings or objects depending on the format as defined in (#format_specific_parameters). The same rules as above apply for encoding the Verifiable Presentations.
* In case [@!DIF.PresentationExchange] was used, it is a string or JSON object that MUST contain a single Verifiable Presentation or an array of strings and JSON objects each of them containing a Verifiable Presentation. Each Verifiable Presentation MUST be represented as a string (that is a base64url-encoded value) or a JSON object depending on a format as defined in (#format_specific_parameters). When a single Verifiable Presentation is returned, the array syntax MUST NOT be used. If (#format_specific_parameters) defines a rule for encoding the respective Credential format in the Credential Response, this rules MUST also be followed when encoding Credentials of this format in the `vp_token` response parameter. Otherwise, this specification does not require any additional encoding when a Credential format is already represented as a JSON object or a string.

`presentation_submission`:
Expand Down Expand Up @@ -1016,6 +1019,16 @@ brevity):
}
```

The following is a non-normative example of the contents of a VP Token
containing multiple Verifiable Presentations in the SD-JWT VC format when the
Credential Query has `multiple` set to `true` (shortened for brevity):

```json
{
"my_credential": ["eyJhbGci...QMA", "eyJhbGci...QMA"]
}
```

### Examples (Presentation Exchange) {#response_presentation_exchange}

The following is a non-normative example of a VP Token containing a single Verifiable Presentation after a request using [@!DIF.PresentationExchange]:
Expand Down Expand Up @@ -2797,6 +2810,7 @@ The technology described in this specification was made available from contribut
* require `typ` value in request object to be `oauth-authz-req+jwt`
* add `SessionTranscript` requirements
* use claims path pointer for mdoc based credentials
* support returning multiple presentations for a single dcql credential query when requested using `multiple`

-23

Expand Down