Expand complex types in verifier.#469
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR expands verifier support for “complex” selective disclosures and DCQL claim paths, enabling nested objects and per-array-element disclosures (e.g., nationalities), and improving how credentials/claims are parsed and rendered in the verifier UI.
Changes:
- Add recursive SD-JWT disclosure resolution for nested
_sdarrays and array-element markers ({"...": "<hash>"}) during parsing/verification and improve related tests. - Extend DCQL claim path handling to support
nullpath elements (array element access) via[]*stringpaths + custom (un)marshaling, and update templates/config accordingly. - Update verifier UI rendering to display nested claims as a tree and handle
vp_tokenresponses sent either as DCQL object or as a plain string.
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| presentation_requests/eudi_pid.yaml | Adds ["nationalities", null] path to request per-element nationality disclosures. |
| presentation_requests/eduid.yaml | Adds ["nationalities", null] path to request per-element nationality disclosures. |
| pkg/sdjwtvc/verification.go | Reconstructs nested disclosed claims (including arrays) during SD-JWT verification. |
| pkg/sdjwtvc/verification_test.go | Adds tests for nested reconstruction and attacker/decoy scenarios. |
| pkg/sdjwtvc/utils.go | Parses tokens by recursively resolving disclosures (nested _sd and array markers). |
| pkg/sdjwtvc/utils_test.go | Adds extensive tests for recursive disclosure resolution and security properties. |
| pkg/openid4vp/response_parameters.go | Adds flexible VPResponse JSON unmarshaling for multiple vp_token shapes. |
| pkg/openid4vp/presentation_builder.go | Updates DCQL copy logic for []*string claim paths. |
| pkg/openid4vp/dcql.go | Changes DCQL ClaimQuery.Path to []*string with custom JSON/YAML (un)marshaling helpers. |
| pkg/openid4vp/dcql_vc20_test.go | Updates tests to use StringPath(...). |
| pkg/openid4vp/dcql_test.go | Updates tests to use StringPath(...). |
| pkg/openid4vp/dcql_functions_test.go | Updates tests to use StringPath(...). |
| internal/verifier/staticembed/credential_display.html | Renders picture claim as an <img> instead of raw text. |
| internal/verifier/staticembed/callback.html | Replaces JSON viewer with server-rendered claims tree + <pre> JSON. |
| internal/verifier/httpserver/service.go | Adds template helpers to render claim trees and clean unresolved array markers for display. |
| internal/verifier/apiv1/helpers_test.go | Updates tests to use openid4vp.StringPath(...). |
| internal/verifier/apiv1/handlers_verification.go | Uses parsed (resolved) credential map for display and supports _default vp_token fallback. |
| internal/verifier/apiv1/handlers_ui.go | Augments DCQL based on VCTM to expand nested/object + array-null paths. |
| internal/verifier/apiv1/handler_session_preference.go | Flattens nested verified claims into dot-notation for display API responses. |
| internal/verifier/apiv1/handler_session_preference_test.go | Adds tests for flattening nested claims. |
| internal/verifier/apiv1/client.go | Includes full VCTM claim paths in built DCQL (not only top-level leaf claims). |
| internal/apigw/apiv1/handlers_verifier.go | Updates claim-path construction to use openid4vp.StringPath(...). |
| .devcontainer/devcontainer.json | Adds Go VS Code extension to devcontainer defaults. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…hen it comes back to backend.
Copilot stopped reviewing on behalf of
masv3971 due to an error
June 10, 2026 15:07
|
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 35 out of 35 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
internal/verifier/apiv1/handlers_ui_test.go:15
- The test file calls
new("...")to build*stringpath segments, but there is nonewidentifier defined in packageapiv1tests. As-is, this won’t compile because Go’s built-innewrequires a type (e.g.new(string)), not a string value.
Add a small helper (or switch call sites to an existing pointer helper) so these tests compile.
import (
"encoding/json"
"fmt"
"testing"
"time"
"github.com/SUNET/vc/pkg/model"
"github.com/SUNET/vc/pkg/openid4vp"
"github.com/SUNET/vc/pkg/sdjwtvc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.