Revocation Clarification (does not work after the first revocation in a list)

[vk1992op]

TLDR: Revocation works fine for the first credential but if I try to revoke a second one in the same status list the ledger returns:

"state\":\"failed\",\"reason\":\"unknownError: Request failed: client request invalid: InvalidClientRequest('7wV7McGyL5MnfpDF321NS3', 1711548598037245847, 'Issued indices from txn: {0, 3, 4} are not present in the current revoked list from state: [1]')\"

There is a possibility that I do not fully understand how exactly the flow for revocation should work, so I will write down my flow.

Setup

I have done the flow as described in the test of the anoncreds package

1. register cred def
2. register revRegDef (max Number: 5)
3. register status list
4. issue a credential as revocable on that credDef with that revRegDef, with index 0
5. issue another one, with index 1
6. ...etc. (5 credentials total)
7. revoke credential at index 0 -> OK
8. check status of credential at index 0 -> OK
9. revoke credential at index 2 (or any other) -> Error

However
If I revoke all other credentials in the list (all except the one at index 0, which is already revoked) -> OK, everything works as expected and all credentials are successfully revoked.

For the exact calling of methods and parameters I am using the tests in the anoncreds package as a reference.

Could it be that the status list has to be used to revoke all credentials inside it, but if that is the case then why does it successfully revoke one but only the first time?

[TimoGlastra]

Thanks for the detailed description @vk1992op!

Could you provide a repo with a minimal reproduction in Node.JS? That way i can easily dig in and see if there's a bug or whether your flow needs tweaking.

[vk1992op]

https://github.com/vk1992op/revocation-demo

This is a cut-down version of the project I am working on, you can follow the readme, and you should have it up and running in a few steps.

A few important additional notes:

you will need your own S3 compatible bucket for the revocation tails (s3, backblaze b2, cloudflare, digital ocean)

the base url for the postman calls will be: http://0.0.0.0:8002 (if port is not changed in env)

the files of interest are:

• /libs/askar/src/credo/revocation/TailFileService
• /libs/askar/src/askar/agent.service -> offerCredential function (indices for the status list are automatically incremented and revocation definitions are automatically registered once the previous ones are full); revokeCredentialById function
• /libs/askar/src/askar-rest/rest.controller -> here you can find the various requests and what function of the service they use

flow is the following:

• POST /api/v1/schemas -> to register schema

BODY
{
  "name": "testtest-28-03-24",
  "attributes": [
    "asd1"
  ],
  "version": "1.0.0"
}

• POST /api/v1/definitions -> to register cred def

BODY
{
  "schemaId": "did:indy:....",
  "tag": "asd1asd",
  "supportRevocation": true
}

• POST /api/v1/credentials/offers -> to issue create a credential record

BODY
{
  "credentialDefinitionId": "did:indy:....",
  "attributes": [
    {
      "name": "asd1",
      "value": "asd123"
    }
  ],
  "revocable": true
}

• PATCH /api/v1/credentials/:id/revoke - to revoke by credential id