Add OpenID4VP REST API modules for Presentation Definition management and VP verification#1140
Add OpenID4VP REST API modules for Presentation Definition management and VP verification#1140Zeta201 wants to merge 21 commits into
Conversation
|
Warning Review limit reached
Next review available in: 4 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (21)
📒 Files selected for processing (26)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…abled check in VP definition API
VPVerificationService and VPRegistrationService were merged into a single VPFlowService interface in the authenticator bundle. Update the service holder and core service to look up and use VPFlowService via OSGi.
Replace the txnId field and all associated getter/setter/annotation
references with requestId in VerificationInitiateResponse,
VerificationStatusResponse, VpVerificationApi, VpVerificationApiService,
VpVerificationApiServiceImpl, and ServerVPVerificationService.
Updates the status endpoint path parameter from {txn_id} to {request_id}
and aligns JSON property names in the response models accordingly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
After rebasing onto upstream/master, the root POM advanced through several release cycles (1.6.30 → 1.6.36-SNAPSHOT). The two new VP modules still referenced the old parent version, causing a non-resolvable parent POM error in CI. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Overview
This PR introduces two new REST API modules to the Identity API Server for the OpenID4VP (Verifiable Presentations) feature:
VP Presentation Definition Management API
VP Verification API
Module 1:
org.wso2.carbon.identity.api.server.vp.template.managementExposes endpoints under:
for managing tenant-scoped Presentation Definitions.
Endpoints
/vp/template/vp/template/vp/template/{definition-id}/vp/template/{definition-id}/vp/template/{definition-id}Purpose
A Presentation Definition describes the credential requirements for a VP request, including:
These definitions are referenced by:
when generating VP requests.
Module 2:
org.wso2.carbon.identity.api.server.vp.verificationExposes endpoints under:
for the standalone verifier portal pattern, where a third-party application (e.g., a verifier web portal) needs to verify a user's credentials independently of the Identity Server login flow.
Endpoints
/vp/verification/initiate/vp/verification/status/{txn_id}Verification Flow
The verifier portal calls:
with a
presentationDefinitionId.Identity Server creates a verification session and returns:
walletUrl(deep link used to generate a QR code)txnIdThe verifier portal displays the QR code.
The wallet scans the QR code and submits the VP to the Identity Server response endpoint.
The verifier portal polls:
until the status transitions from:
or
Verification Response
When the verification status is
VERIFIED, the API returns a structured presentation object instead of a raw JWT claims dump.Example response:
{ "txnId": "abc-123", "status": "VERIFIED", "presentation": { "format": "vc+sd-jwt", "submittedAt": "2026-06-18T10:30:00Z", "credential": { "type": "IdentityCredential", "issuer": "did:web:issuer.example.com", "issuedAt": "2026-06-01T00:00:00Z", "expiresAt": "2027-06-01T00:00:00Z", "signingAlgorithm": "ES256", "holderBinding": { "method": "cnf.jwk", "keyType": "EC", "curve": "P-256" } }, "holder": { "id": "did:web:holder.example.com", "claims": { "email": "user@example.com", "given_name": "John" } }, "keyBinding": { "verified": true, "presentedAt": "2026-06-18T10:30:00Z", "audience": "https://verifier.example.com", "nonce": "abc123" } }, "errors": [] }Presentation Object
The presentation object surfaces:
credentialInformation extracted from the credential itself:
cnf.jwk)holderInformation about the credential subject:
sub)JWT/SD-JWT internal technical fields are excluded.
keyBindingInformation extracted from the Key Binding JWT (KB-JWT):
iat)aud)This proves that the wallet possessed the private key corresponding to the credential at presentation time.
Null Suppression
Optional sections are omitted when unavailable:
holderBindingkeyBindingRelated Modules
These REST API modules delegate to services provided by
identity-openid4vc:org.wso2.carbon.identity.openid4vc.presentation.managementorg.wso2.carbon.identity.openid4vc.presentation.authenticatororg.wso2.carbon.identity.openid4vc.presentation.verification