chore: Validate incoming DcqlQuery and return DcqlPresentationResult in VerifiedOpenID4VPSubmission

sanderPostma · sanderPostma · commit 53ffde29a41e · 2025-09-15T18:02:55.000+02:00
diff --git a/packages/siop-oid4vp/lib/authorization-response/Dcql.ts b/packages/siop-oid4vp/lib/authorization-response/Dcql.ts
@@ -57,7 +57,7 @@ export class Dcql {
       opts: {
         hasher?: HasherSync
       },
-  ) => {
+  ) : DcqlPresentationResult.Output => {
     const dcqlPresentation = Object.fromEntries(
         // FIXME SSISDK-41
         Object.entries(extractDcqlPresentationFromDcqlVpToken(record, opts)).map(([queryId, p]) => {
diff --git a/packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts b/packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts
@@ -50,6 +50,7 @@ export const verifyPresentations = async (
   verifyOpts: VerifyAuthorizationResponseOpts,
 ): Promise<{ dcql: VerifiedOpenID4VPSubmission }> => {
   const dcqlQuery = DcqlQuery.parse(verifyOpts.dcqlQuery ?? JSON.parse(authorizationResponse?.authorizationRequest.payload.dcql_query))
+  DcqlQuery.validate(dcqlQuery)
   const dcqlPresentation = extractDcqlPresentationFromDcqlVpToken(authorizationResponse.payload.vp_token as string, { hasher: verifyOpts.hasher })
 
   const wrappedPresentations = Object.values(dcqlPresentation)
@@ -59,7 +60,7 @@ export const verifyPresentations = async (
       ),
     )
 
-    await Dcql.assertValidDcqlPresentationResult(authorizationResponse.payload.vp_token as string, dcqlQuery, { hasher: verifyOpts.hasher })
+    const dcqlPresentationResult = await Dcql.assertValidDcqlPresentationResult(authorizationResponse.payload.vp_token as string, dcqlQuery, { hasher: verifyOpts.hasher })
 
     if (verifiedPresentations.some((verified) => !verified)) {
       const message = verifiedPresentations
@@ -95,7 +96,7 @@ export const verifyPresentations = async (
     }
   }
 
-  return { dcql: { nonce, presentation: dcqlPresentation, dcqlQuery } }
+  return { dcql: { nonce, presentation: dcqlPresentation, dcqlQuery , dcqlPresentationResult} }
 }
 
 export const extractDcqlPresentationFromDcqlVpToken = (
diff --git a/packages/siop-oid4vp/lib/types/SIOP.types.ts b/packages/siop-oid4vp/lib/types/SIOP.types.ts
@@ -10,7 +10,7 @@ import {
   W3CVerifiablePresentation,
   WrappedVerifiablePresentation,
 } from '@sphereon/ssi-types'
-import { DcqlQuery } from 'dcql'
+import { DcqlPresentationResult, DcqlQuery } from 'dcql'
 import {
   AuthorizationRequest,
   CreateAuthorizationRequestOpts,
@@ -522,6 +522,7 @@ export interface VerifiedIDToken {
 export interface VerifiedOpenID4VPSubmission {
   dcqlQuery: DcqlQuery
   presentation: { [credentialQueryId: string]: WrappedVerifiablePresentation }
+  dcqlPresentationResult?: DcqlPresentationResult
   nonce?: string
 }
 

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,7 @@ export const verifyPresentations = async (`
`50`	`50`	`verifyOpts: VerifyAuthorizationResponseOpts,`
`51`	`51`	`): Promise<{ dcql: VerifiedOpenID4VPSubmission }> => {`
`52`	`52`	`const dcqlQuery = DcqlQuery.parse(verifyOpts.dcqlQuery ?? JSON.parse(authorizationResponse?.authorizationRequest.payload.dcql_query))`
	`53`	`+ DcqlQuery.validate(dcqlQuery)`
`53`	`54`	`const dcqlPresentation = extractDcqlPresentationFromDcqlVpToken(authorizationResponse.payload.vp_token as string, { hasher: verifyOpts.hasher })`
`54`	`55`
`55`	`56`	`const wrappedPresentations = Object.values(dcqlPresentation)`
`@@ -59,7 +60,7 @@ export const verifyPresentations = async (`
`59`	`60`	`),`
`60`	`61`	`)`
`61`	`62`
`62`		`- await Dcql.assertValidDcqlPresentationResult(authorizationResponse.payload.vp_token as string, dcqlQuery, { hasher: verifyOpts.hasher })`
	`63`	`+ const dcqlPresentationResult = await Dcql.assertValidDcqlPresentationResult(authorizationResponse.payload.vp_token as string, dcqlQuery, { hasher: verifyOpts.hasher })`
`63`	`64`
`64`	`65`	`if (verifiedPresentations.some((verified) => !verified)) {`
`65`	`66`	`const message = verifiedPresentations`
`@@ -95,7 +96,7 @@ export const verifyPresentations = async (`
`95`	`96`	`}`
`96`	`97`	`}`
`97`	`98`
`98`		`- return { dcql: { nonce, presentation: dcqlPresentation, dcqlQuery } }`
	`99`	`+ return { dcql: { nonce, presentation: dcqlPresentation, dcqlQuery , dcqlPresentationResult} }`
`99`	`100`	`}`
`100`	`101`
`101`	`102`	`export const extractDcqlPresentationFromDcqlVpToken = (`