Verify presentation tokens by Magnus-Kuhn · Pull Request #1005 · nmshd/runtime

Magnus-Kuhn · 2026-03-20T13:24:30Z

Readiness checklist

I added/updated tests.
I ensured that the PR title is good enough for the changelog.
I labeled the PR.
I self-reviewed the PR.

packages/runtime/src/useCases/consumption/openid4vc/VerifyPresentationToken.ts

packages/runtime/test/consumption/openid4vc.test.ts

packages/transport/src/modules/tokens/TokenController.ts

packages/app-runtime/src/AppStringProcessor.ts

packages/app-runtime/test/runtime/AppStringProcessor.test.ts

packages/runtime-types/src/dtos/transport/EmptyTokenDTO.ts

.dev/eudiplo/startEudiplo.ts

packages/app-runtime/test/runtime/AppStringProcessor.test.ts

packages/runtime/src/useCases/consumption/openid4vc/VerifyPresentationToken.ts

Copilot

Pull request overview

Adds runtime support to verify verifiable presentation “presentation tokens” (SD-JWT-based) and uses that verification to decide whether the app UI should treat a received presentation token as valid.

Changes:

Introduce VerifyPresentationToken use case + schema, expose it via the runtime OpenId4VcFacade.
Add holder/controller verification plumbing in @nmshd/consumption and extend runtime tests for verification outcomes.
Update AppStringProcessor and its tests to verify presentation tokens and add local Eudiplo dev/test container assets.

Reviewed changes

Copilot reviewed 13 out of 22 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
tsconfig.eslint.json	Includes `.dev/eudiplo` in ESLint TS project scope.
packages/runtime/test/consumption/openid4vc.test.ts	Adds tests for creating and verifying presentation tokens, including negative cases.
packages/runtime/src/useCases/consumption/openid4vc/index.ts	Exports the new verify use case.
packages/runtime/src/useCases/consumption/openid4vc/VerifyPresentationToken.ts	New use case to verify presentation token content against an expected nonce.
packages/runtime/src/useCases/common/Schemas.ts	Adds JSON schema for `VerifyPresentationTokenRequest`.
packages/runtime/src/extensibility/facades/consumption/OpenId4VcFacade.ts	Exposes `verifyPresentationToken()` on the facade.
packages/consumption/src/modules/openid4vc/local/Holder.ts	Adds holder-side verification via `SdJwtVcApi.verify()`.
packages/consumption/src/modules/openid4vc/OpenId4VcController.ts	Exposes holder verification via controller method.
packages/app-runtime/test/runtime/AppStringProcessor.test.ts	Updates test to obtain a real presentation token via Eudiplo and process its URL.
packages/app-runtime/src/AppStringProcessor.ts	Calls verify API and passes validity flag to `showVerifiablePresentation`.
.dev/eudiplo/startEudiplo.ts	Adds a testcontainer helper to run Eudiplo with local config.
.dev/eudiplo/config/test/presentation/test.json	Adds Eudiplo presentation config fixture.
.dev/eudiplo/config/test/keys/key.json	Adds Eudiplo key fixture.
.dev/eudiplo/config/test/issuance/issuance.json	Adds Eudiplo issuance config fixture.
.dev/eudiplo/config/test/issuance/credentials/test.json	Adds Eudiplo credential config fixture.
.dev/eudiplo/config/test/info.json	Adds Eudiplo tenant info fixture.
.dev/eudiplo/config/test/images/logo.png	Adds Eudiplo logo fixture used in displays.
.dev/eudiplo/config/test/clients/test-admin.json	Adds Eudiplo client fixture for tests.
.dev/eudiplo/config/test/certs/certificate.json	Adds Eudiplo certificate fixture.
.dev/compose.openid4vc.yml	Updates volume mount path for Eudiplo config assets.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

packages/runtime/src/useCases/common/Schemas.ts

packages/runtime/test/consumption/openid4vc.test.ts

packages/app-runtime/src/AppStringProcessor.ts

.dev/eudiplo/startEudiplo.ts

packages/runtime/src/useCases/consumption/openid4vc/VerifyPresentationToken.ts

.dev/eudiplo/startEudiplo.ts

packages/app-runtime/test/runtime/AppStringProcessor.test.ts

packages/runtime/test/consumption/openid4vc.test.ts

packages/app-runtime/test/runtime/AppStringProcessor.test.ts

…into verify-presentation

tnotheis · 2026-03-27T13:30:42Z

LGTM. @Milena-Czierlinski should perform a review as well though.

packages/app-runtime/src/AppStringProcessor.ts

Magnus-Kuhn added 12 commits March 19, 2026 13:56

feat: verify presentation token

4b27b9b

fix: allow empty tokens without password

250237f

Merge branch 'release/openid4vc' into verify-presentation

e715acf

test: adapt app string processor test

d4b4f58

test: remove happy path isolation test

25e1098

refactor: adapt to optional password protection of empty token

537ba85

refactor: export verify use case

db2b579

test: cleaner file copying into container

ff3a208

feat: improve unsupported VC type error message

45fc3cb

test: add negative tests

6a61c3a

refactor: don't return classes in UseCases

5dcc7e3

test: re-add test skip

eedcb09

Magnus-Kuhn requested review from Milena-Czierlinski, nicole-eb and tnotheis March 20, 2026 13:24

Magnus-Kuhn added the enhancement New feature or request label Mar 20, 2026

Magnus-Kuhn added 2 commits March 20, 2026 14:27

chore: build schemas

fb57fc7

test: null checks

09d9819

tnotheis requested changes Mar 23, 2026

View reviewed changes

Magnus-Kuhn added 7 commits March 23, 2026 09:52

test: split presentation token test

ddd726c

test: move startEudiplo into .dev

bb7a885

test: fix the split

f5b555c

test: remove now obsolete startEudiplo function

e17e518

Merge branch 'release/openid4vc' into verify-presentation

6c44bdd

fix: remove password protection from sendEmptyTokenParameters

760543f

fix: undo credential lifetime increase

355c488

Magnus-Kuhn requested a review from tnotheis March 26, 2026 14:06

tnotheis added 2 commits March 27, 2026 10:03

test: make tests independent of each other

f8441bf

test: improve startOid4VcComposeStack helper method

f47ac35

tnotheis requested changes Mar 27, 2026

View reviewed changes

tnotheis requested a review from Copilot March 27, 2026 09:07

Copilot started reviewing on behalf of tnotheis March 27, 2026 09:07 View session

tnotheis added 2 commits March 27, 2026 10:08

chore: npm audit fix

c535f42

chore: ignore vulnerability

3a712d0

Copilot AI reviewed Mar 27, 2026

View reviewed changes

Magnus-Kuhn and others added 9 commits March 27, 2026 10:26

test: rename eudiplo tenant

f75d8f1

test: namings in app string processor test

1b66718

feat: simplify use case interface

f1b73a5

test: set correct NMSHD_TEST_BASEURL in oid4vc compose stack

b9c59f6

Merge branch 'verify-presentation' of https://github.com/nmshd/runtime …

9a9ed4e

…into verify-presentation

fix: remove stack from error message

9b618b9

test: adapt runtime tests

c8acdb3

test: re-add invalid nonce test

d02508d

test: use new helper functions more

721f7c7

Magnus-Kuhn requested a review from tnotheis March 27, 2026 13:05

tnotheis approved these changes Mar 27, 2026

View reviewed changes

Milena-Czierlinski approved these changes Mar 27, 2026

View reviewed changes

packages/app-runtime/src/AppStringProcessor.ts Show resolved Hide resolved

Magnus-Kuhn merged commit 3e55d24 into release/openid4vc Mar 27, 2026
15 checks passed

Magnus-Kuhn deleted the verify-presentation branch March 27, 2026 15:42

Conversation

Magnus-Kuhn commented Mar 20, 2026

Readiness checklist

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

tnotheis commented Mar 27, 2026

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants