Connection based verification

demo/vue/app/frontend/src/store/modules/auth.js

@@ -19,7 +19,6 @@ export default {
     // In most cases, when this becomes populated, we end up doing a redirect flow,
     // so when we return to the app, it is fresh again and undefined
     redirectUri: undefined,
-    presReqConfId: 'showcase-person', //TODO: load this via config response
   },
   getters: {
     authenticated: () => Vue.prototype.$keycloak.authenticated,
@@ -77,7 +76,7 @@ export default {
         window.location.replace(
           getters.createLoginUrl(options) +
             '&pres_req_conf_id=' +
-            getters.presReqConfId
+            getters.presReqConfId,
         );
       }
     },
@@ -86,7 +85,7 @@ export default {
         window.location.replace(
           getters.createLogoutUrl({
             redirectUri: `${location.origin}/${Vue.prototype.$config.basePath}`,
-          })
+          }),
         );
       }
     },

demo/vue/docker-compose.yaml

@@ -5,7 +5,7 @@ services:
     build: .
     command: npm run serve
     environment:
-      FRONTEND_KC_PRES_REQ_CONF_ID: test-proof
+      FRONTEND_KC_PRES_REQ_CONF_ID: showcase-person
       FRONTEND_KC_SERVERURL: "http://localhost:8880/auth"
       FRONTEND_KC_REALM: "vc-authn"
       FRONTEND_KC_CLIENTID: "vue-fe"

docker/manage

@@ -189,6 +189,7 @@ configureEnvironment() {
   export INVITATION_LABEL=${INVITATION_LABEL:-"VC-AuthN"}
   export SET_NON_REVOKED="True"
   export USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE:-"true"}
+  export USE_CONNECTION_BASED_VERIFICATION=${USE_CONNECTION_BASED_VERIFICATION:-"true"}
   export WALLET_DEEP_LINK_PREFIX=${WALLET_DEEP_LINK_PREFIX:-"bcwallet://aries_proof-request"}
 
   # agent

oidc-controller/api/authSessions/crud.py

@@ -27,6 +27,12 @@ async def create(self, auth_session: AuthSessionCreate) -> AuthSession:
         result = col.insert_one(jsonable_encoder(auth_session))
         return AuthSession(**col.find_one({"_id": result.inserted_id}))
 
+    async def get_by_connection_id(self, connection_id: str) -> AuthSession | None:
+        """Get auth session by connection ID for connection-based verification."""
+        col = self._db.get_collection(COLLECTION_NAMES.AUTH_SESSION)
+        result = col.find_one({"connection_id": connection_id})
+        return AuthSession(**result) if result else None
+
     async def get(self, id: str) -> AuthSession:
         if not PyObjectId.is_valid(id):
             raise HTTPException(

oidc-controller/api/authSessions/models.py

@@ -1,4 +1,4 @@
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, UTC
 from enum import StrEnum, auto
 
 from api.core.models import UUIDModel
@@ -17,7 +17,7 @@ class AuthSessionState(StrEnum):
 
 
 class AuthSessionBase(BaseModel):
-    pres_exch_id: str
+    pres_exch_id: str | None = None  # Optional for connection-based flow
     expired_timestamp: datetime = Field(
         default=datetime.now()
         + timedelta(seconds=settings.CONTROLLER_PRESENTATION_EXPIRE_TIME)
@@ -27,8 +27,13 @@ class AuthSessionBase(BaseModel):
     pyop_auth_code: str
     response_url: str
     presentation_request_msg: dict | None = None
+    connection_id: str | None = None  # NEW: Track connection ID
+    proof_request: dict | None = None  # NEW: Store proof request for later use
+    multi_use: bool = (
+        False  # NEW: Track if connection is multi-use (default: single-use)
+    )
     model_config = ConfigDict(populate_by_name=True)
-    created_at: datetime = Field(default_factory=datetime.utcnow)
+    created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
 
 
 class AuthSession(AuthSessionBase, UUIDModel):

oidc-controller/api/authSessions/tests/__init__.py

@@ -0,0 +1 @@
+"""AuthSession tests package."""