Finalizing the presentation
After your application receives the wallet response on the route handler specified in the response_url, OID4VP finalization must be performed to get parsed credential information and verify the response correctness.
Depending on the response_mode selected during the OID4VP presentation initialization you may receive the wallet response in different formats.
Response mode DirectPost
In this response mode, user's wallet encodes the response using multipart/form-data fields.
Specifically, your application should receive the following fields:
-
statefield, which identifies the OID4VP presentation identifier and should match the identifier you received during the initialization stage. -
vp_tokenfield, which encodes credentials provided by the user. This field should be parsed as a JSON object and passed to Document Rails using the OID4VP finalization API.
Response mode DirectPostJwt
With DirectPostJwt, wallet still utilizes multipart/form-data, but the request contains just one string field jwt.
This field should be passed as-is to the OID4VP finalization API.
Examples
import { finalizeOID4VPPresentation, ResponseMode } from "@vaultie/document-rails";
const response = await finalizeOID4VPPresentation(
client,
accessToken,
organizationId,
// Identifier of the OID4VP presentation received during the initial `createOID4VPPresentation` invocation.
oid4vpPresentationId,
{
// Usually, you would mirror the selected ResponseMode from the `createOID4VPPresentation` call,
// but Document Rails can handle responses from differing formats in case if you decide to
// manually edit the format of the user's presentation.
type: ResponseMode.DirectPost,
// When using `ResponseMode.DirectPost`, vp_token request field should be parsed as a JSON object
// before passing it to Document Rails.
vp_token,
// Select which trust registries to use for verifying the wallet response.
//
// Note that selected trust registries will apply to all credentials within the wallet response.
trust_registries: [trustRegistryId],
// Optionally, you may customize the verification behavior using flags from the verification API.
//
// OID4VP API supports all flags from the verification API and applies the same default values.
check_certificate_not_after: "ignored",
check_certificate_not_before: "ignored",
},
);
import { finalizeOID4VPPresentation, ResponseMode } from "@vaultie/document-rails";
const response = await finalizeOID4VPPresentation(
client,
accessToken,
organizationId,
// Identifier of the OID4VP presentation received during the initial `createOID4VPPresentation` invocation.
oid4vpPresentationId,
{
// Usually, you would mirror the selected ResponseMode from the `createOID4VPPresentation` call,
// but Document Rails can handle responses from differing formats in case if you decide to
// manually edit the format of the user's presentation.
type: ResponseMode.DirectPostJwt,
// When using `ResponseMode.DirectPostJwt`, jwt field just has to be passed as-is.
jwt,
// Select which trust registries to use for verifying the wallet response.
//
// Note that selected trust registries will apply to all credentials within the wallet response.
trust_registries: [trustRegistryId],
// Optionally, you may customize the verification behavior using flags from the verification API.
//
// OID4VP API supports all flags from the verification API and applies the same default values.
check_certificate_not_after: "ignored",
check_certificate_not_before: "ignored",
},
);
The result of the finalizeOID4VPPresentation invocation is either an object containing credential identifiers, nested credential variable identifiers and associated values parsed from the user presentation, or an exception in case if the verification failed.