Skip to content

Sync Improve WalletConfig and VPTokenSigningResult / UnsignedVPToken changes in library#2504

Merged
swatigoel merged 4 commits into
inji:developfrom
tw-mosip:lsh-feedback-1.0
Jun 29, 2026
Merged

Sync Improve WalletConfig and VPTokenSigningResult / UnsignedVPToken changes in library#2504
swatigoel merged 4 commits into
inji:developfrom
tw-mosip:lsh-feedback-1.0

Conversation

@KiruthikaJeyashankar

@KiruthikaJeyashankar KiruthikaJeyashankar commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator

Description

Wallet Config updates

Rename validatePreRegisteredVerifier → validateTrustedVerifier aligning with the trustedVerifiers convention
Remove supportedRequestUriMethods config

VPTokenSigningResult / UnsignedVPToken Updates

Include id in the VPTokenSigningResult / UnsignedVPToken data

Issue ticket number and link

Dependent PRs

This PR is dependent on

  1. Improve WalletConfig and VPTokenSigningResult / UnsignedVPToken inji-openid4vp-ios-swift#124
  2. Improve WalletConfig and VPTokenSigningResult / UnsignedVPToken inji-openid4vp#182

Summary by CodeRabbit

Summary by CodeRabbit

  • Bug Fixes
    • Ensured VP signing and parsing consistently include an id for unsigned tokens and signing results across iOS/Android, preventing token/result mismatches.
    • Improved OpenID4VP error reporting by surfacing clearer cause details in logs for failed VP operations.
    • Updated wallet configuration interpretation for presentation-definition URI support and trusted verifier validation behavior.
  • Style
    • Refreshed the credential disclosure key label color for improved readability.

Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@KiruthikaJeyashankar, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 18 minutes

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable usage-based reviews in Billing to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information, and refer to the rate limits docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5026bc2b-d000-4ea9-8193-e9e8c59efc00

📥 Commits

Reviewing files that changed from the base of the PR and between d3518ba and cefb45a.

📒 Files selected for processing (2)
  • ios/Inji.xcodeproj/project.pbxproj
  • ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved

Walkthrough

The PR adds id to OpenID4VP token types and propagates it through shared, Android, and iOS token serialization and signing-result parsing. Android wallet config parsing and error logging are updated, and the VC disclosure label color changes.

Changes

OpenID4VP token id propagation and wallet config update

Layer / File(s) Summary
Token type contracts: id field added
shared/openID4VP/openid4vp.types.ts
Removes the unused VC import and adds required id: string fields to UnsignedVPToken and VPTokenSigningResult.
TypeScript helpers and shared flow updates
shared/openID4VP/OpenID4VPHelper.ts, shared/openID4VP/OpenID4VP.ts, machines/openID4VP/openID4VPActions.ts
Propagates id into signDataForVpPreparation, refines isDcqlFlow to accept Record<string, unknown>, removes getSignatureSuite, and adds event.data.cause to setSendVPShareError logging.
Android token serialization and wallet config parsing
android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java
Adds parseUnsignedVPTokens, updates parseVPTokenSigningResults to require and carry id, and changes parseWalletConfig to read validate_trusted_verifier and wire the new trusted-verifier flag into WalletConfig.
Android module error handling and request payload
android/app/src/main/java/io/mosip/residentapp/InjiOpenID4VPModule.java, android/app/src/main/java/io/mosip/residentapp/InjiVCIClientCallback.kt
Delegates constructUnsignedVPToken to parseUnsignedVPTokens, adds Log.e output in rejectWithOpenID4VPExceptions, changes the emitted cause value to a cause-message string, and adds "id" to each signed-VP-token request entry.
iOS token serialization and signing-result parsing
ios/Utils/OpenId4VPUtils.swift, ios/Inji.xcodeproj/project.pbxproj, ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved
Adds "id" to unsigned VP token JSON output, requires "id" when parsing VPTokenSigningResult, and updates the Xcode project and SwiftPM lockfile to use the new OpenID4VP and VCIClient package references and revisions.

VC Card Disclosure Label Color

Layer / File(s) Summary
DisclosureNode label color update
components/VC/Views/VCCardViewContent.tsx
Updates the DisclosureNode text color styling to use Theme.Colors.Details.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

Possibly related PRs

  • inji/inji-wallet#2476: Both PRs touch the OpenID4VP Android token-signing pipeline and unsigned token serialization.
  • inji/inji-wallet#2486: Both PRs adjust wallet configuration handling around trusted verifier interpretation.

Suggested reviewers

  • swatigoel

Poem

🐇 Hop hop, a token found its name,
id now travels through the frame.
Android, iOS, and TS align,
Signed and tracked in tidy line.
The rabbit smiles: one path, one key,
and fewer mystery tokens for me.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 7.69% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title covers the main wallet config and VP token data changes, though it's a bit verbose.
Description check ✅ Passed It includes the required Description and Issue ticket sections; the Screenshots section is missing but non-critical here.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java (1)

245-257: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Validate id before constructing VPTokenSigningResult.

id is now required, but this path only asserts non-null; assertions are not reliable runtime validation on Android. Reject missing/null id before decoding/constructing the result.

Suggested fix
       if (vpTokenSigningResultMap == null
         || !vpTokenSigningResultMap.hasKey("signedData")
-        || vpTokenSigningResultMap.isNull("signedData")) {
+        || vpTokenSigningResultMap.isNull("signedData")
+        || !vpTokenSigningResultMap.hasKey("id")
+        || vpTokenSigningResultMap.isNull("id")) {
         continue;
       }
 
       String signedData = vpTokenSigningResultMap.getString("signedData");
       String id = vpTokenSigningResultMap.getString("id");
       byte[] signedDataBytes = Base64.decode(signedData, Base64.URL_SAFE | Base64.NO_WRAP | Base64.NO_PADDING);
 
-      assert id != null;
       formattedVpTokenSigningResults.add(
-        new VPTokenSigningResult(id,signedDataBytes));
+        new VPTokenSigningResult(id, signedDataBytes));
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java`
around lines 245 - 257, The OpenId4VPUtils path that builds VPTokenSigningResult
only asserts id is non-null, so replace that with real runtime validation before
decoding signedData and constructing the result. In the loop that reads
vpTokenSigningResultMap, check the id field alongside signedData, skip or reject
entries with missing/null id, and only call new VPTokenSigningResult(id,
signedDataBytes) when id is present.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java`:
- Around line 81-84: In OpenId4VPUtils, the optional config flag reads for
presentationDefinitionUriSupported and validateTrustedVerifier should not call
getBoolean directly because a present null value can fail instead of falling
back to true. Update these checks to use the existing null-safe boolean helper
already used for optional config flags, so the defaulting behavior stays
consistent when the key is missing or null.

---

Outside diff comments:
In `@android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java`:
- Around line 245-257: The OpenId4VPUtils path that builds VPTokenSigningResult
only asserts id is non-null, so replace that with real runtime validation before
decoding signedData and constructing the result. In the loop that reads
vpTokenSigningResultMap, check the id field alongside signedData, skip or reject
entries with missing/null id, and only call new VPTokenSigningResult(id,
signedDataBytes) when id is present.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2c6df879-aefb-41ef-a3c0-269390039014

📥 Commits

Reviewing files that changed from the base of the PR and between 0bb38f2 and d2b2c14.

📒 Files selected for processing (9)
  • android/app/src/main/java/io/mosip/residentapp/InjiOpenID4VPModule.java
  • android/app/src/main/java/io/mosip/residentapp/InjiVCIClientCallback.kt
  • android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java
  • components/VC/Views/VCCardViewContent.tsx
  • ios/Utils/OpenId4VPUtils.swift
  • machines/openID4VP/openID4VPActions.ts
  • shared/openID4VP/OpenID4VP.ts
  • shared/openID4VP/OpenID4VPHelper.ts
  • shared/openID4VP/openid4vp.types.ts
💤 Files with no reviewable changes (1)
  • shared/openID4VP/OpenID4VP.ts

Comment thread android/app/src/main/java/io/mosip/residentapp/utils/OpenId4VPUtils.java Outdated
@KiruthikaJeyashankar KiruthikaJeyashankar changed the title Lsh feedback 1.0 Sync Improve WalletConfig and VPTokenSigningResult / UnsignedVPToken changes in library Jun 25, 2026
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
ios/Inji.xcodeproj/project.pbxproj (1)

1198-1212: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Pin these Swift package dependencies to exact revisions or tags before release. Package.resolved currently locks specific commits, but develop requirements will drift on the next resolution and can pull in different code unexpectedly.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ios/Inji.xcodeproj/project.pbxproj` around lines 1198 - 1212, Pin the
XCRemoteSwiftPackageReference entries for inji-vci-client-ios-swift and
inji-openid4vp-ios-swift to exact tags or revisions instead of the develop
branch requirement. Update the package requirements in the project.pbxproj so
these dependencies are stable and match the locked commits already reflected in
Package.resolved, preventing future resolves from drifting to different code.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ios/Inji.xcodeproj/project.pbxproj`:
- Around line 56-60: Remove the duplicated SwiftPM product wiring in Inji so
each dependency is linked only once. In the project.pbxproj entries for the app
target, keep the correct package-bound references for VCIClient and OpenID4VP
and delete the older duplicate product references from both the Frameworks build
phase and the packageProductDependencies list. Use the existing VCIClient and
OpenID4VP entries to locate the redundant refs and ensure the Inji target ends
up with a single link for each product.

---

Nitpick comments:
In `@ios/Inji.xcodeproj/project.pbxproj`:
- Around line 1198-1212: Pin the XCRemoteSwiftPackageReference entries for
inji-vci-client-ios-swift and inji-openid4vp-ios-swift to exact tags or
revisions instead of the develop branch requirement. Update the package
requirements in the project.pbxproj so these dependencies are stable and match
the locked commits already reflected in Package.resolved, preventing future
resolves from drifting to different code.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 20bbcaaf-8e90-40de-8a71-fab6b7748c5b

📥 Commits

Reviewing files that changed from the base of the PR and between a5cf48d and d3518ba.

📒 Files selected for processing (2)
  • ios/Inji.xcodeproj/project.pbxproj
  • ios/Inji.xcworkspace/xcshareddata/swiftpm/Package.resolved

Comment thread ios/Inji.xcodeproj/project.pbxproj Outdated
Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com>
@swatigoel swatigoel merged commit 1b140ef into inji:develop Jun 29, 2026
17 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants