-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiuse invitations and Qualified DIDs #3111
Comments
In the minimum example you posted it's using the discovery v1 protocol. I did just add the connection_ready check on this handler. So, this might be why this test started failing. However, I made some observations.
Not sure if this helps at all? Seems like there's definitely an existing issue with the connection_ready status and multi-use invitations using did-exchange/1.1, that already existed, and adding this check recently got it caught by this test. |
This lines up with what I was finding on Friday, thanks for your additional observations! I think I've narrowed down what's going on. In didex 1.1 when using did:peer:4, we shorten the DID to its short form in a few spots, particularly in inbound connection resolution in the base connection manager. However, the DID stored on the connection record isn't shortened until response/complete phase. So when we are receiving a connection complete response, we fail to look up the connection record by DID and instead it falls through and gets looked up by invitation message ID (parent thread ID) and we end up with the connection record for the multiuse invitation. The verkey to connection lookup is then cached, which is why we get the invitation connection again on subsequent message handlers and why restarting the agent fixes the issue. |
This corrects an issue where did:peer:4 connection records were failing to be resolved on inbound message, resulting in the multiuse invitation that created the connection being resolved instead. Fixes openwallet-foundation#3111. Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
This corrects an issue where did:peer:4 connection records were failing to be resolved on inbound message, resulting in the multiuse invitation that created the connection being resolved instead. Fixes openwallet-foundation#3111. Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
This corrects an issue where did:peer:4 connection records were failing to be resolved on inbound message, resulting in the multiuse invitation that created the connection being resolved instead. Fixes openwallet-foundation#3111. Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Affected versions: 0.12.1, 1.0.0rc4, nightly-2024-07-19
There seems to be an issue in determining the correct inbound connection when using multi-use invitations and didexchange 1.1 with qualified DIDs.
Reproducible example can be found here: https://github.com/Indicio-tech/acapy-minimal-example/blob/test/multiuse-oob/examples/multiuse-oob/example.py
Small amount of context: ACA-Py uses a connection record to represent multi-use invitations.
If a connection is made with a multi-use invitation and then a message is sent to the resulting connection, the response to that message will be handled as though it had been sent by the multi-use invitation connection. In the example, this is demonstrated by sending a feature discovery message; ACA-Py's handler for the disclose message checks the
connection_ready
condition on the context and finds it as false, which is accurate because the multi-use invitation conn record is still in stateinvitation
. The connection record as extracted from the logs of the call to the DiscloseHandler:The text was updated successfully, but these errors were encountered: