feat: support W3C JSON-LD credential issuance and presentation

src/controllers/openid4vc/holder/credentialBindingResolver.ts

@@ -102,6 +102,8 @@ export function getCredentialBindingResolver({
       supportsJwk &&
       (credentialFormat === OpenId4VciCredentialFormatProfile.SdJwtVc ||
         credentialFormat === OpenId4VciCredentialFormatProfile.SdJwtDc ||
+        credentialFormat === OpenId4VciCredentialFormatProfile.JwtVcJsonLd ||
+        credentialFormat === OpenId4VciCredentialFormatProfile.JwtVcJson ||
         credentialFormat === OpenId4VciCredentialFormatProfile.MsoMdoc)
     ) {
       return {

src/controllers/openid4vc/holder/holder.Controller.ts

@@ -34,6 +34,14 @@ export class HolderController extends Controller {
     return await holderService.getMdocCredentials(request)
   }
 
+  /**
+   * Fetch all W3C credentials in wallet
+   */
+  @Get('/w3c-vcs')
+  public async getW3cCredentials(@Request() request: Req) {
+    return await holderService.getW3cCredentials(request)
+  }
+
   /**
    * Decode mso mdoc credential in wallet
    */

src/controllers/openid4vc/holder/holder.service.ts

@@ -14,7 +14,15 @@
 } from '@credo-ts/openid4vc'
 import type { Request as Req } from 'express'
 
-import { Mdoc, SdJwtVcRecord, MdocRecord } from '@credo-ts/core'
+import {
+  Mdoc,
+  SdJwtVcRecord,
+  MdocRecord,
+  W3cCredentialRecord,
+  W3cCredentialService,
+  // W3cV2CredentialRecord,
+  // W3cV2CredentialService,
+} from '@credo-ts/core'
 import {
   OpenId4VciAuthorizationFlow,
   authorizationCodeGrantIdentifier,
@@ -36,6 +44,19 @@
     return await agentReq.agent.mdoc.getAll()
   }
 
+  public async getW3cCredentials(agentReq: Req) {
+    /* 
+    // W3C V2.0 Support
+    const [v1Records, v2Records] = await Promise.all([
+      agentReq.agent.w3cCredentials.getAll(),
+      agentReq.agent.w3cV2Credentials.getAll(),
+    ])
+
+    return [...v1Records, ...v2Records]
+    */
+    return await agentReq.agent.w3cCredentials.getAll()
+  }
+
   public async decodeMdocCredential(
     agentReq: Req,
     options: {
@@ -129,10 +150,28 @@
     const storedCredentials = await Promise.all(
       credentialResponse.credentials.map(async (response) => {
         const credentialRecord = response.record
-        // TODO: We can add this later
-        // if (credential instanceof W3cJwtVerifiableCredential || credential instanceof W3cJsonLdVerifiableCredential) {
-        //   return await agentReq.agent.w3cCredentials.storeCredential({ credential })
-        // }
+
+        if (
+          credentialRecord instanceof W3cCredentialRecord ||
+          (credentialRecord as any).type === 'W3cCredentialRecord'
+        ) {
+          return await agentReq.agent.w3cCredentials.store({
+            record: credentialRecord as W3cCredentialRecord,
+          })
+        }
+
+        /* 
+        W3C V2.0 Support
+        if (
+          credentialRecord instanceof W3cV2CredentialRecord ||
+          (credentialRecord as any).type === 'W3cV2CredentialRecord'
+        ) {
+          return await agentReq.agent.w3cV2Credentials.store({
+            record: credentialRecord as W3cV2CredentialRecord,
+          })
+        }
+        */
+
         if (credentialRecord instanceof MdocRecord) {
           return await agentReq.agent.mdoc.store({ record: credentialRecord })
         }
@@ -141,7 +180,9 @@
             record: credentialRecord,
           })
         }
-        throw new Error(`Unsupported credential record type`)
+        throw new Error(
+          `Unsupported credential record type: ${(credentialRecord as any)?.type || typeof credentialRecord}`,
+        )
       }),
     )
 
@@ -211,23 +252,28 @@
     )
     // const presentationExchangeService = agent.dependencyManager.resolve(DifPresentationExchangeService)
 
-    if (!resolved.dcql) throw new Error('Missing DCQL on request')
-    //
-    let dcqlCredentials
-    try {
-      dcqlCredentials = await agentReq.agent.modules.openid4vc.holder.selectCredentialsForDcqlRequest(
+    let acceptOptions: any = {
+      authorizationRequestPayload: resolved.authorizationRequestPayload,
+      origin: body.options?.origin,
+    }
+
+    if (resolved.dcql) {
+      const dcqlCredentials = await agentReq.agent.modules.openid4vc.holder.selectCredentialsForDcqlRequest(
         resolved.dcql.queryResult,
       )
-    } catch (error) {
-      throw error
+      acceptOptions.dcql = { credentials: dcqlCredentials as DcqlCredentialsForRequest }
+    } else if (resolved.presentationExchange) {
+      const pexCredentials =
+        await agentReq.agent.modules.openid4vc.holder.selectCredentialsForPresentationExchangeRequest(
+          resolved.presentationExchange.credentialsForRequest,
+        )
+      acceptOptions.presentationExchange = { credentials: pexCredentials }
+    } else {
+      throw new Error('Missing DCQL or Presentation Exchange on request')
     }
-    const submissionResult = await agentReq.agent.modules.openid4vc.holder.acceptOpenId4VpAuthorizationRequest({
-      authorizationRequestPayload: resolved.authorizationRequestPayload,
-      dcql: {
-        credentials: dcqlCredentials as DcqlCredentialsForRequest,
-      },
-      origin: body.options?.origin,
-    })
+
+    const submissionResult =
+      await agentReq.agent.modules.openid4vc.holder.acceptOpenId4VpAuthorizationRequest(acceptOptions)
     if (submissionResult.serverResponse) {
       const { serverResponse, ...rest } = submissionResult
 
@@ -243,7 +289,20 @@
   }
 
   public async deleteCredential(agentReq: Req, { credentialId, credentialType }: DeleteCredentialBody) {
-    if (credentialType === CredentialType.SD_JWT) {
+    if (credentialType === CredentialType.W3C_VC) {
+      const w3cCredentialService = await agentReq.agent.dependencyManager.resolve(W3cCredentialService)
+      // const w3cV2CredentialService = await agentReq.agent.dependencyManager.resolve(W3cV2CredentialService)
+
+      try {
+        return await w3cCredentialService.removeCredentialRecord(agentReq.agent.context, credentialId)
+      } catch (error) {
+        /* 
+        // W3C V2.0 Support
+        return await w3cV2CredentialService.removeCredentialRecord(agentReq.agent.context, credentialId)
+        */
+        throw error
+      }
+    } else if (credentialType === CredentialType.SD_JWT) {
       const sdJwtRecord = await agentReq.agent.sdJwtVc.getById(credentialId)
       if (sdJwtRecord) {
         return await agentReq.agent.sdJwtVc.deleteById(credentialId)

src/controllers/openid4vc/issuance-sessions/issuance-sessions.service.ts

@@ -2,8 +2,10 @@
 import type { Request as Req } from 'express'
 
 import { type OpenId4VcIssuanceSessionState } from '@credo-ts/openid4vc'
 import { OpenId4VcIssuanceSessionRepository } from '@credo-ts/openid4vc'
 
+import { CREDENTIALS_CONTEXT_V1_URL, CREDENTIALS_CONTEXT_V2_URL } from '@credo-ts/core'
+
 import { CredentialFormat, SignerMethod } from '../../../enums/enum'
 import { BadRequestError, NotFoundError } from '../../../errors/errors'
 import { STATUS_LISTS_PATH } from '../../../utils/constant'
@@ -24,18 +26,27 @@
       credentials.map(async (cred) => {
         const supported = issuer.credentialConfigurationsSupported[cred.credentialSupportedId]
 
-        this.validateCredentialConfig(cred, supported)
+        const format = cred.format as unknown as CredentialFormat
+        const isJsonLdFormat = format === CredentialFormat.JwtVcJsonLd || format === CredentialFormat.LdpVc
+        const effectiveVersion = options.version === 'v2.0' && isJsonLdFormat ? 'v2.0' : undefined
+
+        this.validateCredentialConfig(cred, supported, effectiveVersion)
 
         const statusBlock = await this.processStatusList(cred, options, agentReq, offerStatusInfo)
 
         const currentVct = cred.payload && 'vct' in cred.payload ? cred.payload.vct : undefined
-        return {
-          ...cred,
-          payload: {
+        const transformedPayload = this.transformPayloadForVersion(
+          {
             ...cred.payload,
             vct: currentVct ?? (typeof supported.vct === 'string' ? supported.vct : undefined),
             ...(statusBlock ? { status: statusBlock } : {}),
           },
+          effectiveVersion,
+        )
+
+        return {
+          ...cred,
+          payload: transformedPayload,
         }
       }),
     )
@@ -53,47 +64,19 @@
     if (!issuerModule) {
       throw new Error('OID4VC issuer module not initialized')
     }
-    const preAuthorizedCodeFlowConfig = this.resolvePreAuthorizedCodeFlowConfig(options.preAuthorizedCodeFlowConfig)
-
     const { credentialOffer, issuanceSession } = await issuerModule.createCredentialOffer({
       issuerId: publicIssuerId,
       issuanceMetadata: options.issuanceMetadata,
       credentialConfigurationIds: credentials.map((c) => c.credentialSupportedId),
-      preAuthorizedCodeFlowConfig,
+      preAuthorizedCodeFlowConfig: options.preAuthorizedCodeFlowConfig,
       authorizationCodeFlowConfig: options.authorizationCodeFlowConfig,
+      version: 'v1',
     })
 
     return { credentialOffer, issuanceSession }
   }
 
-  private resolvePreAuthorizedCodeFlowConfig(
-    config: OpenId4VcIssuanceSessionsCreateOffer['preAuthorizedCodeFlowConfig'],
-  ) {
-    if (!config) return undefined
-
-    const hasTxCode = config.txCode != null
-    const hasAuthServerUrl = config.authorizationServerUrl != null
-
-    if (hasTxCode !== hasAuthServerUrl) {
-      throw new BadRequestError(
-        'Both txCode and authorizationServerUrl must be provided together for normal flow, or both must be omitted for no-auth flow',
-      )
-    }
-
-    if (!hasTxCode) return {}
-
-    if (Object.keys(config.txCode!).length === 0) {
-      throw new BadRequestError('txCode must not be an empty object when provided')
-    }
-
-    if (config.authorizationServerUrl!.trim() === '') {
-      throw new BadRequestError('authorizationServerUrl must not be an empty string when provided')
-    }
-
-    return { txCode: config.txCode, authorizationServerUrl: config.authorizationServerUrl }
-  }
-
-  private validateCredentialConfig(cred: any, supported: any) {
+  private validateCredentialConfig(cred: any, supported: any, version?: string) {
     if (!supported) {
       throw new Error(`CredentialSupportedId '${cred.credentialSupportedId}' is not supported by issuer`)
     }
@@ -103,6 +86,26 @@
       )
     }
 
+    const isW3cFormat =
+      cred.format === CredentialFormat.JwtVcJson ||
+      cred.format === CredentialFormat.JwtVcJsonLd ||
+      cred.format === CredentialFormat.LdpVc
+
+    if (isW3cFormat && !cred.payload?.credentialSubject) {
+      throw new BadRequestError(
+        `Credential payload for '${cred.credentialSupportedId}' must contain 'credentialSubject'`,
+      )
+    }
+
+    if (version === 'v2.0') {
+      if (cred.payload.issuer) {
+        const issuer = cred.payload.issuer
+        if (typeof issuer === 'object' && !issuer.id) {
+          throw new BadRequestError(`Issuer object for '${cred.credentialSupportedId}' must contain 'id' property`)
+        }
+      }
+    }
+
     if (!cred.signerOptions?.method) {
       throw new BadRequestError(
         `signerOptions must be provided and allowed methods are ${Object.values(SignerMethod).join(', ')}`,
@@ -122,6 +125,80 @@
     }
   }
 
+  private transformPayloadForVersion(payload: any, version: 'v1.1' | 'v2.0' | undefined) {
+    if (version !== 'v2.0') {
+      return payload
+    }
+
+    const transformed = { ...payload }
+
+    const formatDate = (date: any) => {
+      if (!date) return undefined
+      if (date instanceof Date) return date.toISOString()
+      if (typeof date === 'string') {
+        try {
+          const d = new Date(date)
+          if (isNaN(d.getTime())) return date
+          return d.toISOString()
+        } catch {
+          return date
+        }
+      }
+      return date
+    }
+
+    // Rule: issuanceDate -> validFrom
+    if (transformed.issuanceDate && !transformed.validFrom) {
+      transformed.validFrom = transformed.issuanceDate
+    }
+
+    // Rule: expirationDate -> validUntil
+    if (transformed.expirationDate && !transformed.validUntil) {
+      transformed.validUntil = transformed.expirationDate
+      delete transformed.expirationDate
+    }
+
+    // Normalize dates to ISO format
+    if (transformed.validFrom) transformed.validFrom = formatDate(transformed.validFrom)
+    if (transformed.validUntil) transformed.validUntil = formatDate(transformed.validUntil)
+
+    // Rule: issuer string -> object (standardizing for v2.0 if it is a DID)
+    if (typeof transformed.issuer === 'string' && transformed.issuer.startsWith('did:')) {
+      transformed.issuer = { id: transformed.issuer }
+    }
+
+    // Rule: Update @context for v2.0
+    const v1Context = CREDENTIALS_CONTEXT_V1_URL
+    const v2Context = CREDENTIALS_CONTEXT_V2_URL
+
+    if (version === 'v2.0') {
+      const currentCtx = Array.isArray(transformed['@context'])
+        ? transformed['@context']
+        : typeof transformed['@context'] === 'string'
+          ? [transformed['@context']]
+          : []
+
+      const ctxSet = new Set(currentCtx)
+      ctxSet.delete(v1Context)
+      ctxSet.delete(v2Context)
+      // W3C V2.0 requires the V2 context to be the very first element.
+      transformed['@context'] = [v2Context, v1Context, ...Array.from(ctxSet)]
+    } else {
+      // W3C V1.1 / Default behavior
+      if (!transformed['@context']) {
+        transformed['@context'] = [v1Context]
+      } else if (Array.isArray(transformed['@context'])) {
+        const ctxSet = new Set(transformed['@context'])
+        ctxSet.delete(v1Context)
+        transformed['@context'] = [v1Context, ...Array.from(ctxSet)]
+      } else if (typeof transformed['@context'] === 'string') {
+        transformed['@context'] = [v1Context, transformed['@context']]
+      }
+    }
+
+    return transformed
+  }
+
   private async processStatusList(
     cred: any,
     options: OpenId4VcIssuanceSessionsCreateOffer,

src/controllers/openid4vc/types/holder.types.ts

@@ -35,4 +35,5 @@ export interface DeleteCredentialBody {
 export enum CredentialType {
   SD_JWT = 'sd-jwt-vc',
   MSO_MDOC = 'mso_mdoc',
+  W3C_VC = 'w3c-vc',
 }