Clarify issuer/key-id mismatch error (currently just 'issuer not recognized')

[dmitrizagidulin]

Note: This started as an issue on LCW, but was diagnosed to be upstream in this VC lib (see #10 (comment) )

Something is off with the remote registry code -- a VC with a DID that's in community-registry is showing as not appearing in the registry by LCW detail screen.
To reproduce:

1. Load up latest main build, or Test Flight build 39.
2. Click on deep link: dccrequest://request?issuer=issuer.example.com&vc_request_url=https://verify.dcconsortium.org/request/credential&challenge=ke12345678-0001&auth_type=bearer (though heads-up, you might run into issue Issuer auth 'code' overriding auth_type 'bearer' openwallet-foundation-labs/learner-credential-wallet#255 )
3. Accept that VC. The VC should have an issuer DID of did:key:z6MktiSzqF9kqwdU8VkdBKx56EYzXfpgnNPUAGznpicNiWfn
4. This DID appears in Community Registry https://digitalcredentials.github.io/community-registry/registry.json

Expected behavior: This VC should have green checkmark, DID should appear in registry.
Actual behavior: Wallet says it's not found in registry.

[sethduffin]

@dmitrizagidulin I'll take a look at this. Thanks for proving repo steps!

[sethduffin]

@dmitrizagidulin Did you want me to look at this any further?

[bmuramatsu]

@sethduffin have you addressed this?

[sethduffin]

@bmuramatsu I believe this was follow up conversation in slack about the issue:

Nov 4, 2022 - @dmitrizagidulin

ah, wait, so I think I know what might be going on (with the community-registry).
so, one of the validation rules (that's not clearly spelled out, but it's there), is that the verificationMethod (key id) in the 'proof' has to match issuer.id (specifically, has to be authorized in the issuer's DID Document).

but in that test VC from the deep link, those two are mis-matched.

so what is likely happening, is that the issuer.id is indeed in the community-registry. But the validation is throwing a mismatch error, and it's showing up as 'issuer not recognized'

Happy to work on this further, just let me know!

[bmuramatsu]

Ok, Dmitri please close if appropriate.

…

On Fri, Dec 16, 2022 at 1:59 PM Seth Duffin ***@***.***> wrote: @bmuramatsu <https://github.com/bmuramatsu> I believe this was follow up conversation in slack <https://atomicjolt.slack.com/archives/C0298868CR1/p1667576735029569> about the issue: Nov 4, 2022 - @dmitrizagidulin <https://github.com/dmitrizagidulin> ah, wait, so I think I know what might be going on (with the community-registry). so, one of the validation rules (that's not clearly spelled out, but it's there), is that the verificationMethod (key id) in the 'proof' has to match issuer.id (specifically, has to be authorized in the issuer's DID Document). but in that test VC from the deep link, those two are mis-matched. so what is likely happening, is that the issuer.id is indeed in the community-registry. But the validation is throwing a mismatch error, and it's showing up as 'issuer not recognized' Happy to work on this further, just let me know! — Reply to this email directly, view it on GitHub <#10>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFXVRQFXGUMQLH3E4RONF3WNS3RVANCNFSM6AAAAAARXJH4VA> . You are receiving this because you were mentioned.Message ID: ***@***.*** .com>

[dmitrizagidulin]

@bmuramatsu right, ok, so, I think I've been keeping this issue open as a reminder to open a corresponding issue on our VC library. So I might as well just move this issue to that lib.
Update: issue transferred.

[kayaelle]

@dmitrizagidulin - can this be closed?

[dmitrizagidulin]

@kayaelle - this is still live/relevant, let's keep it open