Wallet reports unable to handle deeplink error

[NithinKuruba]

Description of problem

When I am trying to login to an app through my digital credential, I end up with an error Unable to handle deeplink.

Expected behavior

Provided that my wallet is unlocked either through PIN or Biometrics, I expect to login seamlessly when logging into an application through mobile user agent.

Steps to reproduce

I am using my mobile as the user agent to login to an application that supports login via Digital Credentials. During the login I am asked to choose from two options as shown in below screen shot.

Provided that my wallet is unlocked, when I choose BC Wallet I end up getting error as shown below

Screenshots and/or log output

^^^above

Environment

• Occurs on Android
• Occurs on iOS

Build #: v1.0.16 (1636)

Android Device Model: Samsung S22 ultra

iOS Device Model:

Workaround

Severity

• High
• Medium
• Low

[loneil]

@NithinKuruba curious which VCAuthN environment this is occurring in?

[NithinKuruba]

@NithinKuruba curious which VCAuthN environment this is occurring in?

It's in dev environment

[loneil]

@NithinKuruba curious which VCAuthN environment this is occurring in?

It's in dev environment

Which application is it serving? Access to Court Materials? Something else? Do you have a URL?

I'm not a BC Wallet maintainer but I am for VCAuthN so this looks like it's possible the VCAuthN setup could be providing an invalid deep link.

[esune]

@NithinKuruba curious which VCAuthN environment this is occurring in?

It's in dev environment

Which application is it serving? Access to Court Materials? Something else? Do you have a URL?

I'm not a BC Wallet maintainer but I am for VCAuthN so this looks like it's possible the VCAuthN setup could be providing an invalid deep link.

@NithinKuruba is using dev to poke at the SSO Team PoC. I had this error reported as well on the proof-request used to access Courthouse Libraries. My beta wallet seems to be messed-up enough that I get a completely different error though so I can't reproduce myself

[esune]

Sample payloads generated by dev for ACM:

{
  "@id": "bca89a1f-f2aa-4e8e-9f88-f4cf9a2e6860",
  "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
  "request_presentations~attach": [
    {
      "@id": "libindy-request-presentation-0",
      "mime-type": "application/json",
      "data": {
        "base64": "eyJub25jZSI6ICI2Njk3MDk2NjYwNzc1NDczMjA0MTk0NTAiLCAibmFtZSI6ICJwcm9vZl9yZXF1ZXN0ZWQiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsicmVxX2F0dHJfMCI6IHsibmFtZXMiOiBbIlBQSUQiLCAiR2l2ZW4gTmFtZSIsICJTdXJuYW1lIiwgIk1lbWJlciBTdGF0dXMiLCAiTWVtYmVyIFN0YXR1cyBDb2RlIl0sICJyZXN0cmljdGlvbnMiOiBbeyJzY2hlbWFfbmFtZSI6ICJNZW1iZXIgQ2VydGlmaWNhdGUiLCAic2NoZW1hX3ZlcnNpb24iOiAiMC41LjAiLCAiaXNzdWVyX2RpZCI6ICJSem5ZRlBWaEhwWVpnc240SHUzU3RWIn0sIHsic2NoZW1hX25hbWUiOiAiTWVtYmVyIENlcnRpZmljYXRlIiwgInNjaGVtYV92ZXJzaW9uIjogIjEuMC4xIiwgImlzc3Vlcl9kaWQiOiAiUnpuWUZQVmhIcFlaZ3NuNEh1M1N0ViJ9LCB7InNjaGVtYV9uYW1lIjogIk1lbWJlciBDZXJ0aWZpY2F0ZSIsICJzY2hlbWFfdmVyc2lvbiI6ICIwLjUuMCIsICJpc3N1ZXJfZGlkIjogIkRaQmFIZ2hLc1ZIY0pvaXdreWtHM3IifSwgeyJzY2hlbWFfbmFtZSI6ICJNZW1iZXIgQ2VydGlmaWNhdGUiLCAic2NoZW1hX3ZlcnNpb24iOiAiMS4wLjEiLCAiaXNzdWVyX2RpZCI6ICJEWkJhSGdoS3NWSGNKb2l3a3lrRzNyIn0sIHsic2NoZW1hX25hbWUiOiAiTWVtYmVyIENhcmQiLCAic2NoZW1hX3ZlcnNpb24iOiAiMS41LjEiLCAiaXNzdWVyX2RpZCI6ICJBdUpyaWdLUUdSTEphaktBZWJUZ1d1In0sIHsic2NoZW1hX25hbWUiOiAiTWVtYmVyIENhcmQiLCAic2NoZW1hX3ZlcnNpb24iOiAiMS41LjEiLCAiaXNzdWVyX2RpZCI6ICJVVUhBM29rbnBydktycGE3YTZzbmNLIn1dLCAibm9uX3Jldm9rZWQiOiB7ImZyb20iOiAxNzE0NzcyMTIyLCAidG8iOiAxNzE0NzcyMTIyfX0sICJyZXFfYXR0cl8xIjogeyJuYW1lcyI6IFsiZmFtaWx5X25hbWUiLCAiZ2l2ZW5fbmFtZXMiXSwgInJlc3RyaWN0aW9ucyI6IFt7InNjaGVtYV9uYW1lIjogIlBlcnNvbiIsICJzY2hlbWFfdmVyc2lvbiI6ICIxLjAiLCAiaXNzdWVyX2RpZCI6ICJYcGdlUWE5M2VadkdTWkJaZWYzUEhuIn0sIHsic2NoZW1hX25hbWUiOiAiUGVyc29uIiwgInNjaGVtYV92ZXJzaW9uIjogIjEuMCIsICJpc3N1ZXJfZGlkIjogIjd4amZhd2NueVRVY2R1V1Z5c0x3dzUifSwgeyJzY2hlbWFfbmFtZSI6ICJ1bnZlcmlmaWVkX3BlcnNvbiIsICJzY2hlbWFfdmVyc2lvbiI6ICIwLjEuMCIsICJpc3N1ZXJfZGlkIjogIlVpNkhBMzZGdk44M2NFdG1ZWUh4cm4ifSwgeyJzY2hlbWFfbmFtZSI6ICJ1bnZlcmlmaWVkX3BlcnNvbiIsICJzY2hlbWFfdmVyc2lvbiI6ICIwLjQuMCIsICJpc3N1ZXJfZGlkIjogIk5Dd0d3RHJ6YlpFcWVzWVF1bW16V1cifSwgeyJzY2hlbWFfbmFtZSI6ICJQZXJzb24iLCAic2NoZW1hX3ZlcnNpb24iOiAiMS4wIiwgImlzc3Vlcl9kaWQiOiAiUkdqV2JXMWV5Y1A3RnJNZjRRSnZYOCJ9LCB7InNjaGVtYV9uYW1lIjogIk1lbWJlciBDYXJkIiwgInNjaGVtYV92ZXJzaW9uIjogIjEuNS4xIiwgImlzc3Vlcl9kaWQiOiAiNHhFNjhiNlM1VlJGcktNTUcxVTk1TSJ9XSwgIm5vbl9yZXZva2VkIjogeyJmcm9tIjogMTcxNDc3MjEyMiwgInRvIjogMTcxNDc3MjEyMn19fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge319"
      }
    }
  ],
  "comment": null,
  "~service": {
    "recipientKeys": ["6bQ4cCjJkaeWgazXauu8fbFEP5jaZE4ncv4ETu7537Ha"],
    "routingKeys": null,
    "serviceEndpoint": "https://vc-authn-oidc-agent-dev.apps.silver.devops.gov.bc.ca"
  }
}

Decode payload:

{
    "nonce": "669709666077547320419450",
    "name": "proof_requested",
    "version": "0.0.1",
    "requested_attributes": {
        "req_attr_0": {
            "names": [
                "PPID",
                "Given Name",
                "Surname",
                "Member Status",
                "Member Status Code"
            ],
            "restrictions": [
                {
                    "schema_name": "Member Certificate",
                    "schema_version": "0.5.0",
                    "issuer_did": "RznYFPVhHpYZgsn4Hu3StV"
                },
                {
                    "schema_name": "Member Certificate",
                    "schema_version": "1.0.1",
                    "issuer_did": "RznYFPVhHpYZgsn4Hu3StV"
                },
                {
                    "schema_name": "Member Certificate",
                    "schema_version": "0.5.0",
                    "issuer_did": "DZBaHghKsVHcJoiwkykG3r"
                },
                {
                    "schema_name": "Member Certificate",
                    "schema_version": "1.0.1",
                    "issuer_did": "DZBaHghKsVHcJoiwkykG3r"
                },
                {
                    "schema_name": "Member Card",
                    "schema_version": "1.5.1",
                    "issuer_did": "AuJrigKQGRLJajKAebTgWu"
                },
                {
                    "schema_name": "Member Card",
                    "schema_version": "1.5.1",
                    "issuer_did": "UUHA3oknprvKrpa7a6sncK"
                }
            ],
            "non_revoked": {
                "from": 1714772122,
                "to": 1714772122
            }
        },
        "req_attr_1": {
            "names": [
                "family_name",
                "given_names"
            ],
            "restrictions": [
                {
                    "schema_name": "Person",
                    "schema_version": "1.0",
                    "issuer_did": "XpgeQa93eZvGSZBZef3PHn"
                },
                {
                    "schema_name": "Person",
                    "schema_version": "1.0",
                    "issuer_did": "7xjfawcnyTUcduWVysLww5"
                },
                {
                    "schema_name": "unverified_person",
                    "schema_version": "0.1.0",
                    "issuer_did": "Ui6HA36FvN83cEtmYYHxrn"
                },
                {
                    "schema_name": "unverified_person",
                    "schema_version": "0.4.0",
                    "issuer_did": "NCwGwDrzbZEqesYQummzWW"
                },
                {
                    "schema_name": "Person",
                    "schema_version": "1.0",
                    "issuer_did": "RGjWbW1eycP7FrMf4QJvX8"
                },
                {
                    "schema_name": "Member Card",
                    "schema_version": "1.5.1",
                    "issuer_did": "4xE68b6S5VRFrKMMG1U95M"
                }
            ],
            "non_revoked": {
                "from": 1714772122,
                "to": 1714772122
            }
        }
    },
    "requested_predicates": {}
}

[jleach]

@esune Is it possible to see the URL that is generated? It's probably passing something like bcwallet://something.com?c_i=some_base_64_string. The wallet parses out the c_i param, then decodes the base64 and runs it through JSON.parse to get the payload. Maybe an unexpected character is getting it the there.

We use deep links in the Showcase and I just tested - they seem to be working fine.

[jleach]

I can reproduce the error with this code in the BC Wallet:

const s = 'eyJuYW1lIjogImJsYXJiIFzvv70ifQo=' // bad
const b = Buffer.from(s, 'base64')
const j = JSON.parse(b.toString())

Where the base64 string contains:

➜  vc-wallet-mobile git:(main) ✗ pbpaste|base64 -d
{"name": "blarb \�"}

You get a different error in node but the hermes JS engine in BC Wallet has a matching error message.

[esune]

@loneil and I did a bit more digging, it looks like one issue we may be facing is with deep links exceeding 2048 characters URL length limit: this will cause the behaviour @jleach found, which is a decoded payload that is not complete and therefore throws the JSON parsing error.

[jleach]

@loneil and I did a bit more digging, it looks like one issue we may be facing is with deep links exceeding 2048 characters URL length limit: this will cause the behaviour @jleach found, which is a decoded payload that is not complete and therefore throws the JSON parsing error.

Nice catch!

[knguyenBC]

A different error message but same issue, deeplinking isn't working in the app store builds.

[esune]

A different error message but same issue, deeplinking isn't working in the app store builds.

This is a different problem, same symptom: in this case it looks like BC Wallet is not finding the exchange record for the presentation - c.c. @jleach @bryce-mcmath in case you haven't seen this.

[loneil]

I can reproduce this with a deployed VCAuthN with these steps (only on my iPad on public version of app 1636, not on my preview Android version 1700)

1 Go to a2a site on safari and enter
2 Hit deep link button
3 Do nothing in app, switch back manually to safari
4 Hit deep link button again

So one thing is the VCAuthN is supposed to disable the button when it's pending, that has broken at some point. We should clean that up regardless quick bcgov/vc-authn-oidc#518

However, I think it's probably still a consideration in the wallet for what should happen if a same deep link is used twice? How should that error out rather than message Kim is showing?
Also this is a different issue than the one commenting on here so probably worth opening that separately.

[knguyenBC]

I can't seem to replicate the issue I had originally commented on May 10. Now, I'm seeing a couple of different things when I try to access ACM or courthouse libraries on a mobile phone.

• Sometimes the proof request is sent to the wallet but does not open automatically
• Sometimes the BC Wallet app opens but nothing happens, no proof request sent or anything
• Sometimes the wallet asks for the attestation credential, and not the proof request
• Sometimes it works just fine

I can't seem to get that same error message though. Tested on an android device, pixel 8, build 1700

[wadeking98]

best way to sort out the base64 decode/encode issue is probably a rolling base64 decode, ie(decode 3 bytes at a time)

https://stackoverflow.com/questions/7920780/is-it-possible-to-base64-encode-a-file-in-chunks

[cvarjao]

@wadeking98 , is that in Testflight? is there a PR associate with this fix?