Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .cursor/notes/dcql-query-matching.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# DCQL query matching (wallet / credential store)

`DcqlQuery` helpers for mapping verifier DCQL to repository queries (`de.eecc.oid4vc.oid4vp.DcqlQuery`).

## `CredentialMatchCriteria`

Normalized snapshot: `credentialQueryId`, `format`, `typeValues`, `subjectIds`, `issuers`, `claimValueConstraints`, `requireCryptographicHolderBinding`.

Built via `CredentialQuery.toMatchCriteria()` or `Query.matchCriteria()`.

## `type_values` shape

`List<List<String>>`: outer list = OR of alternatives; inner list = AND of required `@type` strings (matches DCQL `meta.type_values`).

## `CredentialQuery` accessors

- `typeValues()` — from `meta.type_values`
- `subjectIds()` — `values` on claims with path `["credentialSubject", "id"]` (legacy `["id"]` normalized on construction)
- `issuers()` — `values` on claims with path `["issuer"]`
- `claimValueConstraints()` — claim id → required values (subject claims normalized under `credentialSubject`)
- `ClaimsQuery.subjectClaim()` / `normalizeClaimPath()` — bare paths prefixed with `credentialSubject`; `issuer` stays credential-level
- `valuesForClaimId()` / `pathForClaimId()` / `findClaim()`

## `PresentationRequestDefinition`

`templateClaimIds()`, `credentialMatchCriteria()`, `matchCriteriaForFormat()`, `requiredClaimValues()`.

Credential metadata from presentations: `templateCredentialTypes()`, `extractCredentialType()`, `extractCredentialIssuer()`, `extractCredentialSubjectId()` (via `PresentationParser`).

Optional identity constraints: list-based `requiredIssuers()` / `requiresIssuers()` and `requiredSubjectIds()` / `requiresSubjectIds()` on `PresentationRequestDefinition` (`requiresIssuer()` / `requiresSubjectId()` are single-value conveniences; DCQL `values` OR semantics); default `dcqlQuery()` merges constraints into `templateDcqlQuery()`.

Helper methods on DCQL records are `@JsonIgnore` for wire serialization.
7 changes: 5 additions & 2 deletions .cursor/notes/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,16 @@ oid4vp/
└── README.md
```

See [module-layout.md](module-layout.md) for embedding patterns, pluggable dependencies, and Spring setup.
See [module-layout.md](module-layout.md) for embedding patterns, pluggable dependencies, and Spring setup.
See [dcql-query-matching.md](dcql-query-matching.md) for DCQL credential-store match helpers.

## Core Features

- **Presentation request generation** via `Oid4Vp.generatePresentationRequest()`
- **Wallet URL building** with inline or `request_uri` transport
- **Direct post handling** with optional `response_code` (`DirectPostResult`) — OAuth2 login completion documented in `README.md`
- **Pluggable** repository and verifier; `Oid4Vp.builder()` for tests and host wiring
- **DCQL query models**, GS1 template, `PresentationParser`, `PresentationClaims` extraction via `PresentationRequestDefinition`, sealed `Oid4VpError`
- **DCQL query models** with credential-store match helpers (`CredentialMatchCriteria`, `typeValues()`, `subjectIds()`, …) — see [dcql-query-matching.md](dcql-query-matching.md); GS1 template, `PresentationParser`, `PresentationClaims` extraction via `PresentationRequestDefinition`, sealed `Oid4VpError`

## Development & Release

Expand All @@ -41,6 +42,8 @@ mvn test
mvn package
```

CI (`.github/workflows/ci.yml`): on push to `main` and on pull requests — Java 25, `mvn test` in `oid4vp-java/`.

Release: `npm run release minor` (from repo root). Version lives in parent `oid4vp-parent` POM and must match the `<parent><version>` in `oid4vp-core`, `oid4vp-spring`, and `oid4vp-spring-boot-starter`. `minor`/`major` bumps use the latest git tag as the base; `patch` uses the SNAPSHOT version in the POM. See `scripts/release.js`.

## Important Files
Expand Down
1 change: 1 addition & 0 deletions .cursor/notes/module-layout.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
- OAuth2 login: `issueResponseCode` → poll or redirect → redeem `state`+`response_code` at token endpoint → `invalidateResponseCode`
- `Oid4VpError` sealed hierarchy — map errors without parsing HTTP status from messages
- `PresentationRequestDefinition.extractPresentationClaims` + `Oid4Vp.extractPresentationClaims` — template-driven claim extraction from stored `vp_token`
- DCQL `CredentialMatchCriteria` and query accessors — see [dcql-query-matching.md](dcql-query-matching.md)

## Spring Boot (optional)

Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ on:
push:
branches:
- main
pull_request:

jobs:
test:
name: Build & Test (Java 25)
name: Test (Java 25)
runs-on: ubuntu-latest

steps:
Expand All @@ -22,5 +23,5 @@ jobs:
cache: maven

- name: Run tests
run: mvn --batch-mode verify
run: mvn --batch-mode test
working-directory: oid4vp-java
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Added

- GitHub Actions CI on pull requests: run Maven tests

### Changed

- DCQL `ClaimsQuery` paths for subject claims are normalized under `credentialSubject`; use `subjectClaim()` or bare segments — `issuer` remains credential-level

### Added

- Identity constraints on `PresentationRequestDefinition` are list-based (`requiredIssuers()`, `requiresIssuers()`); `requiresIssuer()` / `requiresSubjectId()` are single-value conveniences
- Credential metadata extraction on `PresentationRequestDefinition`: `extractCredentialType()`, `extractCredentialIssuer()`, `extractCredentialSubjectId()`, backed by `PresentationParser`
- DCQL convenience accessors for credential store matching: `CredentialMatchCriteria`, `typeValues()`, `subjectIds()`, `claimValueConstraints()`, `valuesForClaimId()`, `pathForClaimId()`, `Query.matchCriteria()` / `credentialsForFormat()`
- `ClaimsQuery.values` for DCQL value constraints; `PresentationRequestDefinition` template helpers (`templateClaimIds`, `credentialMatchCriteria`, `matchCriteriaForFormat`)
## [0.5.1] - 2026-06-18

### Changed
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ import de.eecc.oid4vc.oid4vp.request.PresentationRequestDefinition;

PresentationRequestDefinition myDefinition = new PresentationRequestDefinition() {
@Override
public DcqlQuery.Query dcqlQuery() {
public DcqlQuery.Query templateDcqlQuery() {
return new DcqlQuery.Query(List.of(
new DcqlQuery.CredentialQuery(
"my_credential_query_id",
Expand Down
Loading
Loading