feat(dc-api): use aptitude matcher for openid4vp

Author: Wicpar

apps/easypid/metro.config.ts

@@ -13,6 +13,7 @@ export default {
     ...config.resolver,
 
     nodeModulesPaths: [path.resolve(projectRoot, 'node_modules'), path.resolve(workspaceRoot, 'node_modules')],
+    assetExts: [...(config.resolver?.assetExts ?? []), 'wasm'],
     sourceExts: [...(config.resolver?.sourceExts ?? []), 'js', 'json', 'ts', 'tsx', 'cjs', 'mjs'],
     extraNodeModules: {
       // Needed for cosmjs trying to import node crypto

apps/easypid/src/app/(app)/_layout.tsx

@@ -2,12 +2,13 @@ import { TypedArrayEncoder } from '@credo-ts/core'
 import { useHasFinishedOnboarding } from '@easypid/features/onboarding'
 import { useFeatureFlag } from '@easypid/hooks/useFeatureFlag'
 import { useResetWalletDevMenu } from '@easypid/hooks/useResetWalletDevMenu'
+import { dcApiRegisterOptions } from '@easypid/utils/dcApiRegisterOptions'
 import { type CredentialDataHandlerOptions, useHaptics } from '@package/app'
 import { HeroIcons, IconContainer } from '@package/ui'
 import type { InvitationType } from '@paradym/wallet-sdk'
 import { activityStorage, deferredCredentialStorage, ParadymWalletSdk, useParadym } from '@paradym/wallet-sdk'
 import { Redirect, Stack, useGlobalSearchParams, usePathname, useRouter } from 'expo-router'
-import { useState } from 'react'
+import { useEffect, useRef, useState } from 'react'
 import { Pressable } from 'react-native-gesture-handler'
 import { useTheme } from 'tamagui'
 
@@ -34,9 +35,17 @@ export default function AppLayout() {
   const router = useRouter()
   const { withHaptics } = useHaptics()
   const [redirectAfterUnlocked, setRedirectAfterUnlocked] = useState<string>()
+  const registeredDcApiWalletId = useRef<string | undefined>(undefined)
   const pathname = usePathname()
   const params = useGlobalSearchParams()
 
+  useEffect(() => {
+    if (paradym.state !== 'unlocked' || registeredDcApiWalletId.current === paradym.paradym.walletId) return
+
+    registeredDcApiWalletId.current = paradym.paradym.walletId
+    void paradym.paradym.dcApi.registerCredentials(dcApiRegisterOptions({ paradym: paradym.paradym }))
+  }, [paradym])
+
   // It could be that the onboarding is cut of mid-process, and e.g. the user closes the app
   // if this is the case we will redo the onboarding
   const [hasFinishedOnboarding] = useHasFinishedOnboarding()

apps/easypid/src/features/share/DcApiSharingScreen.tsx

@@ -1,11 +1,12 @@
+import { paradymWalletSdkOptions } from '@easypid/config/paradym'
 import { setupWalletServiceProvider } from '@easypid/crypto/WalletServiceProviderClient'
 import { useLingui } from '@lingui/react/macro'
 import { PinDotsInput, type PinDotsInputRef } from '@package/app'
 import { commonMessages, TranslationProvider } from '@package/translations'
 import { Heading, Paragraph, Stack, TamaguiProvider, YStack } from '@package/ui'
 import type { DigitalCredentialsRequest } from '@paradym/wallet-sdk'
-import { useParadym } from '@paradym/wallet-sdk'
-import { useRef, useState } from 'react'
+import { ParadymWalletAuthenticationInvalidPinError, ParadymWalletSdk, useParadym } from '@paradym/wallet-sdk'
+import { useEffect, useRef, useState } from 'react'
 import { SafeAreaProvider, useSafeAreaInsets } from 'react-native-safe-area-context'
 import tamaguiConfig from '../../../tamagui.config'
 import { useStoredLocale } from '../../hooks/useStoredLocale'
@@ -18,15 +19,17 @@ export function DcApiSharingScreen({ request }: DcApiSharingScreenProps) {
   const [storedLocale] = useStoredLocale()
 
   return (
-    <TranslationProvider customLocale={storedLocale}>
-      <TamaguiProvider disableInjectCSS defaultTheme="light" config={tamaguiConfig}>
-        <SafeAreaProvider>
-          <Stack flex-1 justifyContent="flex-end">
-            <DcApiSharingScreenWithContext request={request} />
-          </Stack>
-        </SafeAreaProvider>
-      </TamaguiProvider>
-    </TranslationProvider>
+    <ParadymWalletSdk.UnlockProvider configuration={paradymWalletSdkOptions}>
+      <TranslationProvider customLocale={storedLocale}>
+        <TamaguiProvider disableInjectCSS defaultTheme="light" config={tamaguiConfig}>
+          <SafeAreaProvider>
+            <Stack flex-1 justifyContent="flex-end">
+              <DcApiSharingScreenWithContext request={request} />
+            </Stack>
+          </SafeAreaProvider>
+        </TamaguiProvider>
+      </TranslationProvider>
+    </ParadymWalletSdk.UnlockProvider>
   )
 }
 
@@ -37,63 +40,65 @@ export function DcApiSharingScreenWithContext({ request }: DcApiSharingScreenPro
   const { t } = useLingui()
   const paradym = useParadym()
 
-  const onShareResponse = async () => {
-    if (paradym.state !== 'unlocked') {
-      throw new Error(`Invalid state for paradym wallet sdk. Expected 'unlocked', received '${paradym.state}'`)
-    }
-
-    const resolvedRequest = await paradym.paradym.dcApi
+  const onShareResponse = async (sdk: ParadymWalletSdk) => {
+    const resolvedRequest = await sdk.dcApi
       .resolveRequest({ request })
-      .then((resolvedRequest) => {
-        // We can't share multiple documents at the moment
-        if (resolvedRequest.formattedSubmission.entries.length > 1) {
-          throw new Error('Multiple cards requested, but only one card can be shared with the digital credentials api.')
-        }
-
-        return resolvedRequest
-      })
+      .then((resolvedRequest) => resolvedRequest)
       .catch((error) => {
-        paradym.paradym.logger.error('Error getting credentials for dc api request', {
+        sdk.logger.error('Error getting credentials for dc api request', {
           error,
         })
 
         // Not shown to the user
-        paradym.paradym.dcApi.sendErrorResponse('Presentation information could not be extracted')
+        sdk.dcApi.sendErrorResponse('Presentation information could not be extracted')
       })
 
     if (!resolvedRequest) return
 
     // Once this returns we just assume it's successful
     try {
-      await paradym.paradym.dcApi.sendResponse({
+      await sdk.dcApi.sendResponse({
         dcRequest: request,
         resolvedRequest,
       })
     } catch (error) {
-      paradym.paradym.logger.error('Could not share response', { error })
+      sdk.logger.error('Could not share response', { error })
 
       // Not shown to the user
-      paradym.paradym.dcApi.sendErrorResponse('Unable to share credentials')
+      sdk.dcApi.sendErrorResponse('Unable to share credentials')
       return
     }
   }
 
+  useEffect(() => {
+    if (!isProcessing || paradym.state !== 'acquired-wallet-key') return
+
+    paradym
+      .unlock()
+      .then(async (sdk) => {
+        await setupWalletServiceProvider(sdk)
+        await onShareResponse(sdk)
+      })
+      .catch((error) => {
+        if (error instanceof ParadymWalletAuthenticationInvalidPinError) {
+          pinRef.current?.clear()
+          pinRef.current?.shake()
+        }
+      })
+      .finally(() => setIsProcessing(false))
+  }, [paradym, isProcessing])
+
   const onUnlockSdk = async (pin: string) => {
+    if (paradym.state !== 'locked') return
+
     setIsProcessing(true)
-    if (paradym.state === 'locked') {
+    try {
       await paradym.unlockUsingPin(pin)
+    } catch (_error) {
+      pinRef.current?.clear()
+      pinRef.current?.shake()
+      setIsProcessing(false)
     }
-
-    if (paradym.state === 'acquired-wallet-key') {
-      const sdk = await paradym.unlock()
-      await setupWalletServiceProvider(sdk)
-    }
-
-    if (paradym.state === 'unlocked') {
-      await onShareResponse()
-    }
-
-    throw new Error(`Invalid state. Received: '${paradym.state}'`)
   }
 
   return (
@@ -113,7 +118,7 @@ export function DcApiSharingScreenWithContext({ request }: DcApiSharingScreenPro
       <Stack pt="$5">
         <PinDotsInput
           onPinComplete={onUnlockSdk}
-          isLoading={isProcessing}
+          isLoading={isProcessing || paradym.state === 'initializing'}
           pinLength={6}
           ref={pinRef}
           useNativeKeyboard={false}

dep_packages/animo-id-expo-digital-credentials-api-0.0.0-local-20260223190806.tgz

@@ -24,6 +24,7 @@
 	},
 	"pnpm": {
 		"overrides": {
+			"@animo-id/expo-digital-credentials-api": "file:dep_packages/animo-id-expo-digital-credentials-api-0.0.0-local-20260223190806.tgz",
 			"react-native-fs": "catalog:"
 		},
 		"patchedDependencies": {

dep_packages/animo-id-expo-digital-credentials-api-aptitude-consortium-0.0.0-20260430150021.tgz

@@ -26,6 +26,7 @@
 	"dependencies": {
 		"@animo-id/eudi-wallet-functionality": "catalog:",
 		"@animo-id/expo-digital-credentials-api": "catalog:",
+		"@animo-id/expo-digital-credentials-api-aptitude-consortium": "file:../../dep_packages/animo-id-expo-digital-credentials-api-aptitude-consortium-0.0.0-20260430150021.tgz",
 		"@astronautlabs/jsonpath": "catalog:",
 		"@credo-ts/anoncreds": "catalog:",
 		"@credo-ts/askar": "catalog:",

package.json

@@ -1,5 +1,8 @@
-import { type RegisterCredentialsOptions, registerCredentials } from '@animo-id/expo-digital-credentials-api'
-import { DateOnly, type Logger, type MdocNameSpaces, type MdocRecord } from '@credo-ts/core'
+import {
+  type AptitudeConsortiumConfig,
+  registerCredentials,
+} from '@animo-id/expo-digital-credentials-api-aptitude-consortium'
+import { DateOnly, type Logger, type MdocNameSpaces, type MdocRecord, type SdJwtVcRecord } from '@credo-ts/core'
 import { t } from '@lingui/core/macro'
 import { commonMessages, i18n } from '@package/translations'
 import { ImageFormat, Skia } from '@shopify/react-native-skia'
@@ -12,8 +15,9 @@ import { getCredentialForDisplay } from '../display/credential'
 import { resolveClaimsWithRecordMetadata, resolveLabelFromClaimsPath } from '../format/attributes'
 import type { ParadymWalletSdk } from '../ParadymWalletSdk'
 
-type CredentialItem = RegisterCredentialsOptions['credentials'][number]
-type CredentialDisplayClaim = NonNullable<CredentialItem['display']['claims']>[number]
+type CredentialItem = NonNullable<AptitudeConsortiumConfig['credentials']>[number]
+type CredentialDisplayClaim = NonNullable<CredentialItem['fields']>[number]
+const noTransactionDataTypes: NonNullable<CredentialItem['transaction_data_types']> = []
 
 function mapMdocAttributes(namespaces: MdocNameSpaces) {
   return Object.fromEntries(
@@ -43,7 +47,7 @@ function mapMdocAttributesToClaimDisplay(namespaces: MdocNameSpaces, record: Mdo
   return Object.entries(namespaces).flatMap(([namespace, values]) =>
     Object.keys(values).map((key) => ({
       path: [namespace, key],
-      displayName: resolveLabelFromClaimsPath([namespace, key], claims, i18n.locale) ?? t(commonMessages.unknown),
+      display_name: resolveLabelFromClaimsPath([namespace, key], claims, i18n.locale) ?? t(commonMessages.unknown),
     }))
   )
 }
@@ -62,13 +66,32 @@ function mapSdJwtAttributesToClaimDisplay(
     return [
       {
         path: [...path, claimName],
-        displayName: resolveLabelFromClaimsPath([...path, claimName], claims, i18n.locale) ?? t(commonMessages.unknown),
+        display_name:
+          resolveLabelFromClaimsPath([...path, claimName], claims, i18n.locale) ?? t(commonMessages.unknown),
       },
       ...nestedClaims,
     ]
   })
 }
 
+function normalizeAptitudeIcon(iconDataUrl?: string) {
+  if (!iconDataUrl) return undefined
+
+  const commaIndex = iconDataUrl.indexOf(',')
+  return commaIndex >= 0 ? iconDataUrl.slice(commaIndex + 1) : iconDataUrl
+}
+
+function getSdJwtVcts(record: SdJwtVcRecord) {
+  const chainVcts = record.typeMetadataChain
+    ?.map((entry) => entry.vct)
+    .filter((vct): vct is string => typeof vct === 'string' && vct.length > 0)
+
+  const tagVct = record.getTags().vct
+  const vcts = chainVcts && chainVcts.length > 0 ? chainVcts : tagVct ? [tagVct] : []
+
+  return vcts.length > 0 ? Array.from(new Set(vcts)) : undefined
+}
+
 /**
  * Returns base64 data url
  */
@@ -196,18 +219,15 @@ export async function dcApiRegisterCredentials({
           : undefined
 
       return {
-        id: record.id,
-        credential: {
-          doctype: mdoc.docType,
-          format: 'mso_mdoc',
-          namespaces: mapMdocAttributes(mdoc.issuerSignedNamespaces),
-        },
-        display: {
-          title: display.name ?? displayTitleFallback,
-          subtitle: display.issuer.name ? displaySubtitle(display.issuer.name) : displaySubtitleFallback,
-          claims: mapMdocAttributesToClaimDisplay(mdoc.issuerSignedNamespaces, record),
-          iconDataUrl,
-        },
+        id: getCredentialForDisplay(record).id,
+        format: 'mso_mdoc',
+        title: display.name ?? displayTitleFallback,
+        subtitle: display.issuer.name ? displaySubtitle(display.issuer.name) : displaySubtitleFallback,
+        fields: mapMdocAttributesToClaimDisplay(mdoc.issuerSignedNamespaces, record),
+        icon: normalizeAptitudeIcon(iconDataUrl),
+        doctype: mdoc.docType,
+        transaction_data_types: noTransactionDataTypes,
+        claims: mapMdocAttributes(mdoc.issuerSignedNamespaces),
       } as const
     })
 
@@ -224,28 +244,31 @@ export async function dcApiRegisterCredentials({
       const claims = resolveClaimsWithRecordMetadata(record)
 
       return {
-        id: record.id,
-        credential: {
-          vct: record.getTags().vct,
-          format: 'dc+sd-jwt',
-          // biome-ignore lint/suspicious/noExplicitAny: no explanation
-          claims: sdJwtVc.prettyClaims as any,
-        },
-        display: {
-          title: display.name ?? displayTitleFallback,
-          subtitle: display.issuer.name ? displaySubtitle(display.issuer.name) : displaySubtitleFallback,
-          claims: mapSdJwtAttributesToClaimDisplay(claims, record),
-          iconDataUrl,
-        },
+        id: getCredentialForDisplay(record).id,
+        format: 'dc+sd-jwt',
+        title: display.name ?? displayTitleFallback,
+        subtitle: display.issuer.name ? displaySubtitle(display.issuer.name) : displaySubtitleFallback,
+        fields: mapSdJwtAttributesToClaimDisplay(claims, sdJwtVc.prettyClaims),
+        icon: normalizeAptitudeIcon(iconDataUrl),
+        vcts: getSdJwtVcts(record),
+        transaction_data_types: noTransactionDataTypes,
+        // biome-ignore lint/suspicious/noExplicitAny: no explanation
+        claims: sdJwtVc.prettyClaims as any,
       } as const
     })
 
     const credentials = await Promise.all([...sdJwtCredentials, ...mdocCredentials])
     paradym.logger.trace('Registering credentials for Digital Credentials API')
 
     await registerCredentials({
-      credentials,
-      matcher: 'ubique',
+      aptitudeConsortiumConfig: {
+        log_level: __DEV__ ? 'debug' : undefined,
+        dcql: {
+          credential_set_option_mode: 'all_satisfiable',
+          optional_credential_sets_mode: 'prefer_present',
+        },
+        credentials,
+      },
     })
   } catch (error) {
     // Since this is an experimental feature, and it doedisplayTitleFallbacksn't work if you don't have the latest