Sending a proof in an OOB invitation works on Camera/QR Code, but not ?_url deep-link

[loneil]

Description of problem

Using a https://didcomm.org/out-of-band/1.1/invitation with the proof attached is how we are doing OOB proofs in VCAuth-N.
This is working successfully when scanning a QR code with the BC Wallet camera. But using the same link that the QR code resolves to, but packed into the ?_url deep-link handler results in an "Unable to handle deep link" error:

I've only tried this on Android.

Expected behavior

The link that fetches the OOB envelope works in a deep link the same as it works in the QR code, and opens the proof in the BC Wallet.

Steps to reproduce

Can use VCAuth-N with the ?_url handler enabled and the OOB invitation mode on to reproduce this. Or some other setup that will provide a redirect link to an OOB envelope with a proof request in it.

• Have the BC Wallet open already (otherwise you may run into The "?_url=" deep link handler does not load the proof if the wallet is not already open (Android) #2052)
• Nav to a deep link with a format like bcwallet://aries_proof-request?_url=<base64 encoded redirect url to OOB proof>
• The app opens with an error shown above

Screenshots and/or log output

OOB Deep Link with VCAuth-N

• Shows the error, then the deep link URL, the redirect URL passed to the app, and the OOB that redirect gets.

OOB.deep.link.mp4

bcwallet://aries_proof-request?_url=aHR0cHM6Ly9lNjE4LTEwOC0xODAtMTcxLTI4Lm5ncm9rLWZyZWUuYXBwL3VybC9wcmVzX2V4Y2gvMWM5ZDQyZWItMzFhNi00NTZhLWFjZGYtNWIyZWUxOTA2NDEw

https://e618-108-180-171-28.ngrok-free.app/url/pres_exch/1c9d42eb-31a6-456a-acdf-5b2ee1906410

{
    "@id": "1418af22-fb96-490d-af6e-98a26522eeef",
    "@type": "https://didcomm.org/out-of-band/1.1/invitation",
    "goal_code": "request-proof",
    "label": "VC-AuthN Agent",
    "requests~attach": [
        {
            "@id": "request-0",
            "mime-type": "application/json",
            "data": {
                "json": {
                    "@type": "https://didcomm.org/present-proof/1.0/request-presentation",
                    "@id": "446b708b-262e-4bcf-bb2b-04dc986ba394",
                    "~thread": {
                        "pthid": "1418af22-fb96-490d-af6e-98a26522eeef"
                    },
                    "request_presentations~attach": [
                        {
                            "@id": "libindy-request-presentation-0",
                            "mime-type": "application/json",
                            "data": {
                                "base64": "eyJuYW1lIjogInByb29mX3JlcXVlc3RlZCIsICJ2ZXJzaW9uIjogIjAuMC4xIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJyZXFfYXR0cl8wIjogeyJuYW1lcyI6IFsiZ2l2ZW5fbmFtZXMiLCAiZmFtaWx5X25hbWUiLCAiY291bnRyeSJdLCAicmVzdHJpY3Rpb25zIjogW3sic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTDZBU2ptRERiREg3eVBMMXQyeUZqOSJ9LCB7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIlFFcXVBSGtNMzV3NFhWVDNLdTV5YXQifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJNNmRodUZqNVV3YmhXa1NMbXZZU1BjIn1dLCAibm9uX3Jldm9rZWQiOiB7ImZyb20iOiAxNzIwNDE3Mjk5LCAidG8iOiAxNzIwNDE3Mjk5fX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbmNlIjogIjMyNDAwNDQ3NTkzMjQ4ODI0ODExMTgzMyJ9"
                            }
                        }
                    ]
                }
            }
        }
    ],
    "services": [
        {
            "recipientKeys": [
                "did:key:z6MkrKNsaqDooff89jVHEB2geXVdi5hSKQA6UcVsX7gdK4iZ#z6MkrKNsaqDooff89jVHEB2geXVdi5hSKQA6UcVsX7gdK4iZ"
            ],
            "routingKeys": null,
            "serviceEndpoint": "https://c019-108-180-171-28.ngrok-free.app",
            "id": "#inline",
            "type": "did-communication",
            "priority": 0
        }
    ]
}

Now, showing the same type of setup as above, but working successfully with a QR code scan

oob.camera.mp4

https://e618-108-180-171-28.ngrok-free.app/url/pres_exch/c4e9ba54-429a-4a55-89bd-354c064d8c66

{
    "@id": "25e7e7be-1abb-43d8-b568-5119c0cd7b61",
    "@type": "https://didcomm.org/out-of-band/1.1/invitation",
    "goal_code": "request-proof",
    "label": "VC-AuthN Agent",
    "requests~attach": [
        {
            "@id": "request-0",
            "mime-type": "application/json",
            "data": {
                "json": {
                    "@type": "https://didcomm.org/present-proof/1.0/request-presentation",
                    "@id": "18ec0283-158a-4685-89de-1665f59192bd",
                    "~thread": {
                        "pthid": "25e7e7be-1abb-43d8-b568-5119c0cd7b61"
                    },
                    "request_presentations~attach": [
                        {
                            "@id": "libindy-request-presentation-0",
                            "mime-type": "application/json",
                            "data": {
                                "base64": "eyJuYW1lIjogInByb29mX3JlcXVlc3RlZCIsICJ2ZXJzaW9uIjogIjAuMC4xIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJyZXFfYXR0cl8wIjogeyJuYW1lcyI6IFsiZ2l2ZW5fbmFtZXMiLCAiZmFtaWx5X25hbWUiLCAiY291bnRyeSJdLCAicmVzdHJpY3Rpb25zIjogW3sic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgImlzc3Vlcl9kaWQiOiAiTDZBU2ptRERiREg3eVBMMXQyeUZqOSJ9LCB7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJpc3N1ZXJfZGlkIjogIlFFcXVBSGtNMzV3NFhWVDNLdTV5YXQifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAiaXNzdWVyX2RpZCI6ICJNNmRodUZqNVV3YmhXa1NMbXZZU1BjIn1dLCAibm9uX3Jldm9rZWQiOiB7ImZyb20iOiAxNzIwNDE3MTcyLCAidG8iOiAxNzIwNDE3MTcyfX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbmNlIjogIjg5OTcxNjc4NjI0MDAyMTkwODE0MTU4In0="
                            }
                        }
                    ]
                }
            }
        }
    ],
    "services": [
        {
            "recipientKeys": [
                "did:key:z6MktD3zFPX6TU9xGCka98c5a23hUYuwNmp32LihBNa7Vs8U#z6MktD3zFPX6TU9xGCka98c5a23hUYuwNmp32LihBNa7Vs8U"
            ],
            "routingKeys": null,
            "serviceEndpoint": "https://c019-108-180-171-28.ngrok-free.app",
            "id": "#inline",
            "type": "did-communication",
            "priority": 0
        }
    ]
}

Environment

• Occurs on Android
• Occurs on iOS

Build #: 1.0.18 Build(1782)

Android Device Model: Pixel 8

iOS Device Model:

Workaround

Severity

• High
• Medium
• Low

[wadeking98]

@loneil trying to reproduce this, I'm assuming I need to set some config arguments or something? I'm not running into it with the default configuration

[loneil]

@wadeking98 yeah I would reproduce this with VCAuth-N, think that would be easiest/applicable to the current use case.

If you use VCAuth-N locally you can go into manage and set the
USE_OOB_PRESENT_PROOF
USE_URL_DEEP_LINK
exports to true
Then start it up. Depending on lcoal setup might need to start up demo app and then send the link from the QR code page when logging in to your mobile using IP address instead of localhost (that's how I test deep links locally at least)

Or I can set the dev environment up to have those settings as well if you ping me. Then you could just go to a2a-dev on a mobile (but we probably wouldn't want to leave that env permanently set up like that at this time)

[wadeking98]

I've created a PR to fix this: openwallet-foundation/bifold-wallet#1197. We're still running into an issue due to the acapy / credo empty handshake thing here: bcgov/vc-authn-oidc#583 but once that's fixed then we should be good to go

[wadeking98]

Jason's changes actually fix this now, but to properly test you'll have to spin up vc-authn locally and comment out the handshake_protocols field from out_of_band.py

[loneil]

👍
Note handshake protocol part was commented out and merged back in bcgov/vc-authn-oidc#582 so just getting from main should suffice

[bryce-mcmath]

fixed in the latest build