Cannot receive proof from BC Wallet

[ianco]

(Not sure if this is an aca-py issue or a BC Wallet issue.)

Run a localtunnel instance to expose faber's aca-py port:

npx localtunnel --port 9010

Then run the faber demo agent (make sure to use the url from the above command, and make sure the agent port numbers match):

AGENT_PORT_OVERRIDE=9010 PUBLIC_TAILS_URL=https://tails-test.vonx.io LEDGER_URL=http://test.bcovrin.vonx.io AGENT_ENDPOINT=https://cold-numbers-enter.loca.lt ./run_demo run faber --wallet-type askar-anoncreds --revocation

Scan the displayed QR code to connect the BC Wallet to the faber agent, and then issue a credential from faber to the BC Wallet (menu option 1) - you should be able to accept and receive the credential in the BC Wallet.

(Note - if you get a "connection refused" error in localtunnel, just try again - this happens if the server is too busy.)

Now request a proof from the BC Wallet (menu option 2) - in BC Wallet try to "Share" the info, you should see the following error:

Unable to accept proof request. Error code 1027 - The file "..." couldn't be opened because there is no such file

This error happens consistently with the askar-anoncreds wallet, and happens periodically with askar

[swcurran]

@cvarjao @jleach — can you have someone from the BC Wallet Team look at this with @ianco . We really need to understand what is happening here and how to debug these cross-codebase issues. The error message is an odd one.

[loneil]

Tried this myself with askar (same BC Wallet version as Ian's screenshot)

AGENT_PORT_OVERRIDE=9010 PUBLIC_TAILS_URL=https://tails-test.vonx.io LEDGER_URL=http://test.bcovrin.vonx.io AGENT_ENDPOINT=https://rude-pandas-care.loca.lt ./run_demo run faber --wallet-type askar --revocation

and with remote debugging on the BC Wallet I get these logs

{"message":"Retrieving tails file from URL https://tails-test.vonx.io/oL3AyN9ySYVLZqhCvQ9vW:4:oL3AyN9ySYVLZqhCvQ9vW:3:CL:2720088:faber.agent.degree_schema:CL_ACCUM:527b119a-2078-48b3-93a8-ce1706383381"}


{"message":"Error while retrieving tails file from URL https://tails-test.vonx.io/oL3AyN9ySYVLZqhCvQ9vW:4:oL3AyN9ySYVLZqhCvQ9vW:3:CL:2720088:faber.agent.degree_schema:CL_ACCUM:527b119a-2078-48b3-93a8-ce1706383381","data":{"error":{}}}


{"message":"Error retrieving revocation registry for proof request","data":{"error":{},"proofRequest":{"name":"Proof of Education","version":"1.0","requested_attributes":{"0_name_uuid":{"name":"name","restrictions":[{"schema_name":"degree schema"}]},"0_date_uuid":{"name":"date","restrictions":[{"schema_name":"degree schema"}]},"0_degree_uuid":{"name":"degree","restrictions":[{"schema_name":"degree schema"}],"non_revoked":{"to":1741724591}}},"requested_predicates":{"0_birthdate_dateint_GE_uuid":{"name":"birthdate_dateint","p_type":"<=","p_value":20070311,"restrictions":[{"schema_name":"degree schema"}]}},"non_revoked":{"to":1741724592},"nonce":"656072683100715626170663"},"selectedCredentials":{"attributes":{"0_name_uuid":{"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","revealed":true,"credentialInfo":{"attributes":{"date":"2018-05-28","name":"Alice Smith","timestamp":1741724571,"birthdate_dateint":20010311,"degree":"Maths"},"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","credentialDefinitionId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/CLAIM_DEF/2720088/faber.agent.degree_schema","schemaId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/SCHEMA/degree schema/100.70.70","revocationRegistryId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/REV_REG_DEF/2720088/faber.agent.degree_schema/527b119a-2078-48b3-93a8-ce1706383381","credentialRevocationId":"1","methodName":"indy","linkSecretId":"8e628955-b83d-460b-b3fa-9cc830b65beb","createdAt":"2025-03-11T20:23:04.993Z","updatedAt":"2025-03-11T20:23:05.024Z"},"timestamp":1741724539,"revoked":false},"0_date_uuid":{"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","revealed":true,"credentialInfo":{"attributes":{"date":"2018-05-28","name":"Alice Smith","timestamp":1741724571,"birthdate_dateint":20010311,"degree":"Maths"},"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","credentialDefinitionId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/CLAIM_DEF/2720088/faber.agent.degree_schema","schemaId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/SCHEMA/degree schema/100.70.70","revocationRegistryId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/REV_REG_DEF/2720088/faber.agent.degree_schema/527b119a-2078-48b3-93a8-ce1706383381","credentialRevocationId":"1","methodName":"indy","linkSecretId":"8e628955-b83d-460b-b3fa-9cc830b65beb","createdAt":"2025-03-11T20:23:04.993Z","updatedAt":"2025-03-11T20:23:05.024Z"},"timestamp":1741724539,"revoked":false},"0_degree_uuid":{"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","revealed":true,"credentialInfo":{"attributes":{"date":"2018-05-28","name":"Alice Smith","timestamp":1741724571,"birthdate_dateint":20010311,"degree":"Maths"},"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","credentialDefinitionId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/CLAIM_DEF/2720088/faber.agent.degree_schema","schemaId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/SCHEMA/degree schema/100.70.70","revocationRegistryId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/REV_REG_DEF/2720088/faber.agent.degree_schema/527b119a-2078-48b3-93a8-ce1706383381","credentialRevocationId":"1","methodName":"indy","linkSecretId":"8e628955-b83d-460b-b3fa-9cc830b65beb","createdAt":"2025-03-11T20:23:04.993Z","updatedAt":"2025-03-11T20:23:05.024Z"},"timestamp":1741724539,"revoked":false}},"predicates":{"0_birthdate_dateint_GE_uuid":{"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","credentialInfo":{"attributes":{"date":"2018-05-28","name":"Alice Smith","timestamp":1741724571,"birthdate_dateint":20010311,"degree":"Maths"},"credentialId":"d29677b6-5624-4cc8-af0f-7326f9a39f89","credentialDefinitionId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/CLAIM_DEF/2720088/faber.agent.degree_schema","schemaId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/SCHEMA/degree schema/100.70.70","revocationRegistryId":"did:indy:bcovrin:test:oL3AyN9ySYVLZqhCvQ9vW/anoncreds/v0/REV_REG_DEF/2720088/faber.agent.degree_schema/527b119a-2078-48b3-93a8-ce1706383381","credentialRevocationId":"1","methodName":"indy","linkSecretId":"8e628955-b83d-460b-b3fa-9cc830b65beb","createdAt":"2025-03-11T20:23:04.993Z","updatedAt":"2025-03-11T20:23:05.024Z"},"timestamp":1741724539,"revoked":false}},"selfAttestedAttributes":{}}}}


{"message":"Error while retrieving tails file from URL https://tails-test.vonx.io/oL3AyN9ySYVLZqhCvQ9vW:4:oL3AyN9ySYVLZqhCvQ9vW:3:CL:2720088:faber.agent.degree_schema:CL_ACCUM:527b119a-2078-48b3-93a8-ce1706383381","data":{"error":{"nativeStackAndroid":[],"userInfo":null,"message":"ENOENT: no such file or directory, open '/data/user/0/ca.bc.gov.BCWallet/cache/.afj/cache/anoncreds/tails/6jn3QxVov6CosxAMz7giqHDHfhxajBjVtarwuqbNNpM3'","code":"ENOENT"}}}

{"message":"Saved tails file to FileSystem at path /data/user/0/ca.bc.gov.BCWallet/cache/.afj/cache/anoncreds/tails/6jn3QxVov6CosxAMz7giqHDHfhxajBjVtarwuqbNNpM3"}

[swcurran]

So either problems with the tails server, or a problem with the format of the file? Given this is intermittent (although consistent with askar-anoncreds) perhaps it is the tails server. Can you retrieve the indicated tails file from the server in a browser?

[ianco]

Can you retrieve the indicated tails file from the server in a browser?

I was able to manually download this file (from the error logs above):

https://tails-test.vonx.io/oL3AyN9ySYVLZqhCvQ9vW:4:oL3AyN9ySYVLZqhCvQ9vW:3:CL:2720088:faber.agent.degree_schema:CL_ACCUM:527b119a-2078-48b3-93a8-ce1706383381

[ianco]

Re-tested with the latest aca-py, ran the tails server locally and exposed with localtunnel. The proof worked with askar but got an error with askar-anoncreds. Not sure what's happening with askar wallet (the error seems to be intermittent) but askar-anoncreds is failing consistently.

[swcurran]

Does that error indicate that the Wallet is unable to get the tails file? Is it possible that it is a timing issue? For example, does waiting 5 minutes before doing the presentation with askar-anoncreds make a difference? Its very odd that the problem is with getting the tails file.

[ianco]

There's no issues with the showcase demo (https://digital.gov.bc.ca/digital-trust/showcase/), so it's possibly related to an aca-py update? Although I'm not sure what ... The tails file is available and I'm able to manually download it from the tails server, so it looks like an issue on the BC Wallet side, either with downloading or saving the tails file (the error message is specifically looking for the saved file). Maybe a bad character in the file name?

[ianco]

Would probably be worthwhile to update the showcase demo (or a dev or test version of it) to the latest aca-py, and to configure it to use an anoncreds wallet.

[swcurran]

Any difference in the naming style? I recall a change to the tails server and API a while go by @dbluhm and team a while ago, but not the timing. It was a backwards compatible, change IIRC, so shouldn’t be an issue. Perhaps look for changes in the tails file handling on the ACA-Py side?

Its weird that it is inconsistent with the askar wallet type and consistent with the askar-anoncreds.

[loneil]

I've been using VCAuth-N on ACA-Py 1.2.3 for a while and no issues with proofs there from what I've seen, Traction is on 1.2.3 in dev as well (all that with askar though). All that stuff is with existing creds from any testing I've done but could easily try out at https://traction-tenant-ui-dev.apps.silver.devops.gov.bc.ca/ with creating from scratch.

[ianco]

{"message":"Error while retrieving tails file from URL ...

@loneil how do you get the BC Wallet debug logs?

[swcurran]

@ianco — can you try 1.2.3 and askar/askar-anoncreds with BC Wallet?

[ianco]

@ianco — can you try 1.2.3 and askar/askar-anoncreds with BC Wallet?

OK

[ianco]

For example, does waiting 5 minutes before doing the presentation with askar-anoncreds make a difference?

I tried waiting for a few minutes in between each step - connecting, issuing the credential and requesting the proof. With askar everything worked. With anoncreds I got a "timeout" error when I tried to submit the proof, and then when I requested the proof for a second time I got a new error:

[ianco]

@ianco — can you try 1.2.3 and askar/askar-anoncreds with BC Wallet?

Same behaviour with aca-py 1.2.3

[ianco]

Debug log for a "Schema not provided for ID" error.

Note that from the logs I see "schemaId":"did:indy:bcovrin:test:KVDJoLaZHEjoPWGQ6K6HPg/anoncreds/v0/SCHEMA/degree schema/48.100.18" which doesn't match the schema id in the error message.

... and earlier on in the log: "message":"Got un-parsed schema 'KVDJoLaZHEjoPWGQ6K6HPg:2:degree schema:48.100.18' from ledger 'bcovrin:test'"

Explore-logs-2025-03-12 10_17_56.txt

[jamshale]

Maybe somewhat related to openwallet-foundation/credo-ts#2206.

I do know that cheqd, and I believe hedera, tested this with credo. The only thing I knew was having issues was with the revocation notification with unqualified did:sov's. Possibly an unqualified did problem here as well 🤔

[ianco]

Maybe somewhat related to openwallet-foundation/credo-ts#2206.

I do know that cheqd, and I believe hedera, tested this with credo. The only thing I knew was having issues was with the revocation notification with unqualified did:sov's. Possibly an unqualified did problem here as well 🤔

We're not revoking anything, we're sending a proof request and the holder has a valid/un-revoked credential

[jamshale]

I just mean the way it seems to be querying for anoncreds objects. I don't know anything about the credo storage. There is a comment about them being stored both as qualified and unqualified dids.

[ianco]

Ah ok got it. Anyways I think there are 2 separate errors we are dealing with - the tails file download (which affects anoncreds and also sometimes affects askar) and the schema id error (which seems to be anoncreds specific).

[al-rosenthal]

After some investigation with @ianco it seems that credo is failing to handle proofs for anoncreds. Running acapy (with the above setup) and the wallet locally I'm able to pinpoint the function that is throwing the error and it is bubbling up from a credo call for accepting the proof. I'm seeing the below error consistently across my testing. It seems that locally the wallet is able to resolve the tails file issue on it's own, I haven't seen that particular error in my testing.

There is a PR that was just merged with an upgrade to credo 0.5.13, which mentions changes to the anoncreds module Credo docs. Next steps will be to test with the latest changes and see if the issue persists.

[ianco]

With some further testing, I believe there are two separate issues.

The tails file issue - this seems to happen periodically when running aca-py/faber on both askar and anoncreds wallets. When responding to a proof, I get a "file not found" error when the wallet is looking for the tails file. If I re-submit the proof, or send a new proof request, the BC wallet seems to get past this issue. (So likely just a timing issue between downloading the tails file and then looking for it on the filesystem?) For an askar wallet, the next step is to submit the proof successfully. For anoncreds, the next step is to run into the "schema not provided for id" error.

The "schema not provided for id" error is preventing any proof from being validated using anoncreds.

PS I've been testing this afternoon with BC Wallet Version 1.0.24 Build (2182)

[swcurran]

That makes sense. Now we have to solve the schema ID problem. Hopefuly the BC Wallet folks can help with figuring out what is going wrong.

[swcurran]

Is it about the unqualified DID at the start of the identifier? It would be good to know what the format of the Schema ID is for the askar wallet — the one that is working.

[jamshale]

It should be the same. I believe credo may be handling it differently. They have an Anoncreds format service that only allows qualified identifiers and a legacy indy format service that should handle the un-qualified identifiers.

It seems like both projects have a bit of a problem. acapy should only have qualified identifiers for anoncreds and credo should be able to handle unqualified identifiers when it encounters them in anoncreds.

I don't really know what is wrong or right. acapy always has represented did:sov's as unqualified in anoncreds and handles them fine.

[swcurran]

@cvarjao — this is pretty urgent for us to get resolved across the communities. We need to get as simple as possible an example of this failing, bring together the maintainers for the two projects, and make a decisions on actions to be taken. It is still not clear to me exactly what the issue, so the first step of getting a demonstration of the point of failure is crucial.

[swcurran]

Per @cvarjao request in RC — do we have a way to test this with a “plain” credo instance — without Bifold/BC Wallet? Also with the Indy VDR Proxy that BC Wallet uses.

[ianco]

What's the state of the Credo backchannel in OATH? Would be good if we could setup an interoperability test ...

[swcurran]

I was thinking that, but we would have to update the ACA-Py side to use the askar-anoncreds wallet type — e.g. changing all of the endpoint calls.

[jamshale]

The acapy --> credo test are working decent https://allure.vonx.io/allure-docker-service-ui/projects/acapy-b-credo. It runs a decent amount of tests. Just have to run the same as the acapy-anoncreds tests with credo.

I was working on adding the did:sov prefix to the anoncreds id's as a much larger change. I could try and pull just that change out and we could try and test it with the wallet. Shouldn't take a long time.

4XVnaUcnStQ295ws9QvBdH:2:degree schema:51.8.99 would become did:sov:4XVnaUcnStQ295ws9QvBdH:2:degree schema:51.8.99 in anoncreds. I believe this is what credo is expecting.