Process token with VerifiablePresentation content over the app string processor (#984)

* chore: process token with verifiable presentation content

* chore: run prettier

* chore: add isTechnicallyValid param

* chore: run audit fix

* chore: pr comments

Author: nicole-eb

package-lock.json

@@ -2,6 +2,7 @@ import { OpenId4VciResolvedCredentialOffer } from "@credo-ts/openid4vc";
 import { ILogger, ILoggerFactory } from "@js-soft/logging-abstractions";
 import { Serializable } from "@js-soft/ts-serval";
 import { EventBus, Result } from "@js-soft/ts-utils";
+import { VerifiablePresentation } from "@nmshd/content";
 import { ICoreAddress, Reference } from "@nmshd/core-types";
 import { AnonymousServices, DeviceMapper, RuntimeServices } from "@nmshd/runtime";
 import { BackboneIds, TokenContentDeviceSharedSecret } from "@nmshd/transport";
@@ -289,6 +290,13 @@ export class AppStringProcessor {
                 // RelationshipTemplates are processed by the RequestModule
                 break;
             case "Token":
+                const tokenContent = this.parseTokenContent(result.value.value.content);
+
+                if (tokenContent instanceof VerifiablePresentation) {
+                    // TODO: add technical validation
+                    await uiBridge.showVerifiablePresentation(account, result.value.value, true);
+                    break;
+                }
                 return Result.fail(AppRuntimeErrors.appStringProcessor.notSupportedTokenContent());
             case "DeviceOnboardingInfo":
                 return Result.fail(AppRuntimeErrors.appStringProcessor.deviceOnboardingNotAllowed());

packages/app-runtime/src/AppStringProcessor.ts

@@ -1,12 +1,23 @@
 import { ApplicationError, Result } from "@js-soft/ts-utils";
 import { OpenId4VciCredentialResponseJSON } from "@nmshd/consumption";
-import { DeviceOnboardingInfoDTO, FileDVO, IdentityDVO, LocalRequestDVO, MailDVO, MessageDVO, RequestMessageDVO, ResolveAuthorizationRequestResponse } from "@nmshd/runtime";
+import {
+    DeviceOnboardingInfoDTO,
+    FileDVO,
+    IdentityDVO,
+    LocalRequestDVO,
+    MailDVO,
+    MessageDVO,
+    RequestMessageDVO,
+    ResolveAuthorizationRequestResponse,
+    TokenDTO
+} from "@nmshd/runtime";
 import { LocalAccountDTO } from "../../multiAccount";
 
 export interface IUIBridge {
     showMessage(account: LocalAccountDTO, relationship: IdentityDVO, message: MessageDVO | MailDVO | RequestMessageDVO): Promise<Result<void>>;
     showRelationship(account: LocalAccountDTO, relationship: IdentityDVO): Promise<Result<void>>;
     showFile(account: LocalAccountDTO, file: FileDVO): Promise<Result<void>>;
+    showVerifiablePresentation(account: LocalAccountDTO, token: TokenDTO, isTechnicallyValid: boolean): Promise<Result<void>>;
     showDeviceOnboarding(deviceOnboardingInfo: DeviceOnboardingInfoDTO): Promise<Result<void>>;
     showRequest(account: LocalAccountDTO, request: LocalRequestDVO): Promise<Result<void>>;
     showResolvedAuthorizationRequest(account: LocalAccountDTO, response: ResolveAuthorizationRequestResponse): Promise<Result<void>>;

packages/app-runtime/src/extensibility/ui/IUIBridge.ts

@@ -14,6 +14,10 @@ export class FakeUIBridge implements IUIBridge {
         return Promise.resolve(Result.ok(undefined));
     }
 
+    public showVerifiablePresentation(): Promise<Result<void, ApplicationError>> {
+        return Promise.resolve(Result.ok(undefined));
+    }
+
     public showDeviceOnboarding(): Promise<Result<void, ApplicationError>> {
         return Promise.resolve(Result.ok(undefined));
     }

packages/app-runtime/test/lib/FakeUIBridge.ts

@@ -214,6 +214,44 @@ expect.extend({
 
         return { pass: true, message: () => "" };
     },
+    showVerifiablePresentationCalled(mockUIBridge: unknown, id: string, isTechnicallyValid: boolean) {
+        if (!(mockUIBridge instanceof MockUIBridge)) {
+            throw new Error("This method can only be used with expect(MockUIBridge).");
+        }
+
+        const calls = mockUIBridge.calls.filter((x) => x.method === "showVerifiablePresentation");
+        if (calls.length === 0) {
+            return { pass: false, message: () => "The method showVerifiablePresentation was not called." };
+        }
+
+        const matchingCalls = calls.filter((x) => x.token.id === id && x.isTechnicallyValid === isTechnicallyValid);
+        if (matchingCalls.length === 0) {
+            const callsWithData = calls.map((e) => `'${e.token.id}' (isTechnicallyValid: ${e.isTechnicallyValid})`).join(", ");
+            return {
+                pass: false,
+                message: () =>
+                    `The method showVerifiablePresentation was called, but not with token id '${id}' and isTechnicallyValid '${isTechnicallyValid}', instead with calls ${callsWithData}.`
+            };
+        }
+
+        return { pass: true, message: () => "" };
+    },
+    showVerifiablePresentationNotCalled(mockUIBridge: unknown) {
+        if (!(mockUIBridge instanceof MockUIBridge)) {
+            throw new Error("This method can only be used with expect(MockUIBridge).");
+        }
+
+        const calls = mockUIBridge.calls.filter((x) => x.method === "showVerifiablePresentation");
+        if (calls.length > 0) {
+            return {
+                pass: false,
+                message: () =>
+                    `The method showVerifiablePresentation called: ${calls.map((c) => `'account id: ${c.account.id} - tokenId: ${c.token.id} - isTechnicallyValid: ${c.isTechnicallyValid}'`)}`
+            };
+        }
+
+        return { pass: true, message: () => "" };
+    },
     showErrorCalled(mockUIBridge: unknown, code: string) {
         if (!(mockUIBridge instanceof MockUIBridge)) {
             throw new Error("This method can only be used with expect(MockUIBridge).");
@@ -253,6 +291,8 @@ declare global {
             showResolvedCredentialOfferNotCalled(): R;
             showFileCalled(id: string): R;
             showFileNotCalled(): R;
+            showVerifiablePresentationCalled(id: string, isTechnicallyValid: boolean): R;
+            showVerifiablePresentationNotCalled(): R;
             showErrorCalled(code: string): R;
         }
     }

packages/app-runtime/test/lib/MockUIBridge.matchers.ts

@@ -1,12 +1,23 @@
 import { ApplicationError, Result } from "@js-soft/ts-utils";
 import { OpenId4VciCredentialResponseJSON } from "@nmshd/consumption";
-import { DeviceOnboardingInfoDTO, FileDVO, IdentityDVO, LocalRequestDVO, MailDVO, MessageDVO, RequestMessageDVO, ResolveAuthorizationRequestResponse } from "@nmshd/runtime";
+import {
+    DeviceOnboardingInfoDTO,
+    FileDVO,
+    IdentityDVO,
+    LocalRequestDVO,
+    MailDVO,
+    MessageDVO,
+    RequestMessageDVO,
+    ResolveAuthorizationRequestResponse,
+    TokenDTO
+} from "@nmshd/runtime";
 import { IUIBridge, LocalAccountDTO } from "../../src";
 
 export type MockUIBridgeCall =
     | { method: "showMessage"; account: LocalAccountDTO; relationship: IdentityDVO; message: MessageDVO | MailDVO | RequestMessageDVO }
     | { method: "showRelationship"; account: LocalAccountDTO; relationship: IdentityDVO }
     | { method: "showFile"; account: LocalAccountDTO; file: FileDVO }
+    | { method: "showVerifiablePresentation"; account: LocalAccountDTO; token: TokenDTO; isTechnicallyValid: boolean }
     | { method: "showDeviceOnboarding"; deviceOnboardingInfo: DeviceOnboardingInfoDTO }
     | { method: "showRequest"; account: LocalAccountDTO; request: LocalRequestDVO }
     | { method: "showResolvedAuthorizationRequest"; account: LocalAccountDTO; response: ResolveAuthorizationRequestResponse }
@@ -57,6 +68,12 @@ export class MockUIBridge implements IUIBridge {
         return Promise.resolve(Result.ok(undefined));
     }
 
+    public showVerifiablePresentation(account: LocalAccountDTO, token: TokenDTO, isTechnicallyValid: boolean): Promise<Result<void>> {
+        this._calls.push({ method: "showVerifiablePresentation", account, token, isTechnicallyValid });
+
+        return Promise.resolve(Result.ok(undefined));
+    }
+
     public showDeviceOnboarding(deviceOnboardingInfo: DeviceOnboardingInfoDTO): Promise<Result<void>> {
         this._calls.push({ method: "showDeviceOnboarding", deviceOnboardingInfo });
 

packages/app-runtime/test/lib/MockUIBridge.ts

@@ -1,4 +1,4 @@
-import { ArbitraryRelationshipTemplateContentJSON, AuthenticationRequestItem, RelationshipTemplateContent } from "@nmshd/content";
+import { ArbitraryRelationshipTemplateContentJSON, AuthenticationRequestItem, RelationshipTemplateContent, VerifiablePresentation } from "@nmshd/content";
 import { CoreDate, PasswordLocationIndicatorOptions } from "@nmshd/core-types";
 import { DeviceOnboardingInfoDTO, PeerRelationshipTemplateLoadedEvent } from "@nmshd/runtime";
 import assert from "assert";
@@ -377,6 +377,24 @@ describe("AppStringProcessor", function () {
             expect(runtime4MockUiBridge).showFileCalled(file.id);
         });
 
+        test("get a token with verifiable presentation content using a url", async function () {
+            const tokenResult = await runtime1Session.transportServices.tokens.createOwnToken({
+                content: VerifiablePresentation.from({
+                    value: { claim: "test" },
+                    type: "dc+sd-jwt"
+                }).toJSON(),
+                expiresAt: CoreDate.utc().add({ days: 1 }).toISOString(),
+                ephemeral: true
+            });
+            const token = tokenResult.value;
+
+            const result = await runtime4.stringProcessor.processURL(token.reference.url, runtime4Session.account);
+            expect(result).toBeSuccessful();
+            expect(result.value).toBeUndefined();
+
+            expect(runtime4MockUiBridge).showVerifiablePresentationCalled(token.id, true);
+        });
+
         test("get a template using a url", async function () {
             const templateResult = await runtime1Session.transportServices.relationshipTemplates.createOwnRelationshipTemplate({
                 content: RelationshipTemplateContent.from({