feat: mdoc

apps/funke/src/app/(app)/_layout.tsx

@@ -9,7 +9,7 @@ export default function AppLayout() {
   const secureUnlock = useSecureUnlock()
 
   // Wallet is not configured yet. Redirect to onboarding
-  if (secureUnlock.state === 'not-configured') {
+  if (secureUnlock.state === 'not-configured' || true) {
     return <Redirect href="/onboarding" />
   }
 

apps/funke/src/constants.ts

@@ -15,10 +15,10 @@ export const trustedX509Certificates = [bdrPidIssuerCertificate, animoFunkeRelyi
 // https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept/-/blob/main/architecture-proposal.md#pid-contents
 const sdJwtVcVcts = ['https://example.bmi.bund.de/credential/pid/1.0', 'urn:eu.europa.ec.eudi:pid:1']
 
-// TODO
-const msoMdocNamespaces = ['org.iso.18013.5.1.mDL']
+// https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/blob/main/docs/annexes/annex-3/annex-3.01-pid-rulebook.md#221-eu-wide-attestation-type-and-namespace-for-pid
+const msoMdocDoctypes = ['eu.europa.ec.eudi.pid.1']
 
 export const pidSchemes = {
   sdJwtVcVcts,
-  msoMdocNamespaces,
+  msoMdocDoctypes,
 }

apps/funke/src/features/onboarding/onboardingContext.tsx

@@ -215,6 +215,16 @@ export function OnboardingContextProvider({
       throw new Error('Pin entries do not match')
     }
 
+    if (secureUnlock.state === 'locked') {
+      return secureUnlock
+        .tryUnlockingUsingBiometrics()
+        .then((walletKey) => initializeAgent(walletKey as string))
+        .then(() => goToNextStep())
+        .catch((e) => {
+          reset({ error: e, resetToStep: 'welcome' })
+          throw e
+        })
+    }
     if (secureUnlock.state !== 'not-configured') {
       router.replace('/')
       return

apps/funke/src/use-cases/ReceivePidUseCase.ts

@@ -86,7 +86,7 @@ export class ReceivePidUseCase {
   public static async initialize(options: ReceivePidUseCaseOptions) {
     const resolved = await resolveOpenId4VciOffer({
       agent: options.agent,
-      offer: { uri: ReceivePidUseCase.SD_JWT_VC_OFFER },
+      offer: { uri: ReceivePidUseCase.MDL_OFFER },
       authorization: {
         clientId: ReceivePidUseCase.CLIENT_ID,
         redirectUri: ReceivePidUseCase.REDIRECT_URI,

package.json

@@ -28,28 +28,25 @@
 			"typescript": "~5.3.3",
 			"@unimodules/react-native-adapter": "./noop",
 			"@unimodules/core": "./noop",
-
 			"@hyperledger/anoncreds-react-native": "^0.2.2",
 			"@hyperledger/aries-askar-react-native": "^0.2.3",
 			"@hyperledger/indy-vdr-react-native": "^0.2.0",
-
-			"@credo-ts/anoncreds": "0.5.10",
-			"@credo-ts/askar": "0.5.10",
-			"@credo-ts/cheqd": "0.5.10",
-			"@credo-ts/core": "0.5.10",
-			"@credo-ts/indy-vdr": "0.5.10",
-			"@credo-ts/openid4vc": "0.5.10",
-			"@credo-ts/question-answer": "0.5.10",
+			"@credo-ts/anoncreds": "0.5.11-pr-1996-20240814121350",
+			"@credo-ts/askar": "0.5.11-pr-1996-20240814121350",
+			"@credo-ts/cheqd": "0.5.11-pr-1996-20240814121350",
+			"@credo-ts/core": "0.5.11-pr-1996-20240814121350",
+			"@credo-ts/indy-vdr": "0.5.11-pr-1996-20240814121350",
+			"@credo-ts/openid4vc": "0.5.11-pr-1996-20240814121350",
+			"@credo-ts/question-answer": "0.5.11-pr-1996-20240814121350",
 			"@credo-ts/react-hooks": "0.6.1",
-			"@credo-ts/react-native": "0.5.10",
-
+			"@credo-ts/react-native": "0.5.11-pr-1996-20240814121350",
 			"@animo-id/expo-secure-environment": "0.1.0-alpha.2",
 			"@animo-id/expo-ausweis-sdk": "0.0.1-alpha.7"
 		},
 		"patchedDependencies": {
-			"@credo-ts/[email protected]": "patches/@[email protected]",
 			"@hyperledger/[email protected]": "patches/@[email protected]",
-			"@hyperledger/[email protected]": "patches/@[email protected]"
+			"@hyperledger/[email protected]": "patches/@[email protected]",
+			"@credo-ts/[email protected]": "patches/@[email protected]"
 		}
 	}
 }

packages/agent/src/invitation/handler.ts

@@ -148,7 +148,7 @@ export const receiveCredentialFromOpenId4VciOffer = async ({
   resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer
   credentialConfigurationIdToRequest?: string
   clientId?: string
-  pidSchemes?: { sdJwtVcVcts: Array<string>; msoMdocNamespaces: Array<string> }
+  pidSchemes?: { sdJwtVcVcts: Array<string>; msoMdocDoctypes: Array<string> }
 
   // TODO: cNonce should maybe be provided separately (multiple calls can have different c_nonce values)
   accessToken: OpenId4VciRequestTokenResponse
@@ -206,13 +206,11 @@ export const receiveCredentialFromOpenId4VciOffer = async ({
         ? resolvedCredentialOffer.offeredCredentialConfigurations[supportedCredentialId]
         : undefined
 
-      const shouldKeyBeHardwareBackedForMsoMdoc = false
-      //   offeredCredentialConfiguration?.format === "mso_mdoc" &&
-      //   pidSchemes?.msoMdocNamespaces.includes(
-      //     offeredCredentialConfiguration.namespace
-      //   );
+      const shouldKeyBeHardwareBackedForMsoMdoc =
+        offeredCredentialConfiguration?.format === OpenId4VciCredentialFormatProfile.MsoMdoc &&
+        pidSchemes?.msoMdocDoctypes.includes(offeredCredentialConfiguration.doctype)
       const shouldKeyBeHardwareBackedForSdJwtVc =
-        offeredCredentialConfiguration?.format === 'vc+sd-jwt' &&
+        offeredCredentialConfiguration?.format === OpenId4VciCredentialFormatProfile.SdJwtVc &&
         pidSchemes?.sdJwtVcVcts.includes(offeredCredentialConfiguration.vct)
 
       // TODO: add mso-mdoc config from above
@@ -250,16 +248,20 @@ export const receiveCredentialFromOpenId4VciOffer = async ({
         }
       }
 
-      // Otherwise we also support plain jwk for sd-jwt only
-      if (supportsJwk && credentialFormat === OpenId4VciCredentialFormatProfile.SdJwtVc) {
+      // Otherwise we also support plain jwk for sd-jwt/mdoc only
+      if (
+        supportsJwk &&
+        (credentialFormat === OpenId4VciCredentialFormatProfile.SdJwtVc ||
+          credentialFormat === OpenId4VciCredentialFormatProfile.MsoMdoc)
+      ) {
         return {
           method: 'jwk',
           jwk: getJwkFromKey(key),
         }
       }
 
       throw new Error(
-        `No supported binding method could be found. Supported methods are did:key and did:jwk, or plain jwk for sd-jwt. Issuer supports ${
+        `No supported binding method could be found. Supported methods are did:key and did:jwk, or plain jwk for sd-jwt/mdoc. Issuer supports ${
           supportsJwk ? 'jwk, ' : ''
         }${supportedDidMethods?.join(', ') ?? 'Unknown'}`
       )

patches/@credo-ts__openid4vc@0.5.11-pr-1996-20240814121350.patch

@@ -0,0 +1,13 @@
+diff --git a/build/openid4vc-holder/OpenId4VciHolderService.js b/build/openid4vc-holder/OpenId4VciHolderService.js
+index a6d6ea556d4145b8663b42bfed230b7878ed9bb9..4903a7a788b01a5497c345d2134e5e338e504d52 100644
+--- a/build/openid4vc-holder/OpenId4VciHolderService.js
++++ b/build/openid4vc-holder/OpenId4VciHolderService.js
+@@ -456,7 +456,7 @@ let OpenId4VciHolderService = class OpenId4VciHolderService {
+         const issuerSupportedBindingMethods = credentialToRequest.configuration.cryptographic_binding_methods_supported;
+         const supportsAllDidMethods = (_c = issuerSupportedBindingMethods === null || issuerSupportedBindingMethods === void 0 ? void 0 : issuerSupportedBindingMethods.includes('did')) !== null && _c !== void 0 ? _c : false;
+         const supportedDidMethods = issuerSupportedBindingMethods === null || issuerSupportedBindingMethods === void 0 ? void 0 : issuerSupportedBindingMethods.filter((method) => method.startsWith('did:'));
+-        const supportsJwk = (_d = issuerSupportedBindingMethods === null || issuerSupportedBindingMethods === void 0 ? void 0 : issuerSupportedBindingMethods.includes('jwk')) !== null && _d !== void 0 ? _d : false;
++        const supportsJwk = issuerSupportedBindingMethods?.includes('jwk') || issuerSupportedBindingMethods?.includes('cose_key') || false
+         return {
+             signatureAlgorithm,
+             supportedDidMethods,