feat(wallet-api): add OpenID4VP 1.0 holder support with draft compatibility (includes holder-bound key selection alignment)

[szijpeter]

Summary

This PR adds OpenID4VP 1.0 holder-flow support to wallet-api and wallet web flow, while preserving existing draft OpenID4VC presentation compatibility.

It also includes holder-bound key selection alignment in the same PR so task-1 is reviewable as one coherent unit.

Why

The stack already has OpenID4VP 1.0 libraries and verifier2 support, but wallet-api still primarily followed draft-centric handling.
This PR bridges that gap by wiring wallet-api + wallet UI to the v1 holder path without breaking legacy draft behavior.

What this PR changes

• Adds wallet-api request resolution/routing for OpenID4VP 1.0 authorization requests.
• Handles v1 request shapes (request_uri, unsigned request, signed request-object path) through shared resolver logic.
• Keeps legacy draft compatibility path in place.
• Includes holder-bound key selection alignment needed for robust SD-JWT presentation behavior under verifier2-style flows.

In scope / out of scope

• In scope: wallet-api + wallet UI support for OpenID4VP 1.0 alongside draft compatibility.
• Out of scope: transaction_data feature set (covered by follow-up PR).

References

• OpenID4VP 1.0: https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
• Draft-20 context: https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html
• Foundation PRs:
  • OpenID4VP 1.0 with mdocs + OID4VP1.0 Verifier refactors (including mdocs handling) + OID4VP 1.0 Wallet refactors (including mdocs handling) #1254
  • verifier2-compliance #1274
  • Merge remotes/origin/wallet #1492
• Historical holder-binding context:
  • Missing revealed disclosures during a sd-jwt-vc authentication session  #713
  • [Verifier] SdJwtVCSignaturePolicy x5c DER -> PEM not being converted #1272
  • Support issuance and verification of IETF SD-JWT VCs without DID/X.509  #779

[coderabbitai]

Warning

Rate limit exceeded

@szijpeter has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 53 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 53 minutes and 53 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7efca41f-5493-4a9b-a7f8-4847d80308e3

📥 Commits

Reviewing files that changed from the base of the PR and between 3a0ab00 and d85ec0a.

📒 Files selected for processing (21)

• waltid-applications/waltid-web-wallet/apps/waltid-demo-wallet/src/pages/api/siop/initiatePresentation.vue
• waltid-applications/waltid-web-wallet/apps/waltid-demo-wallet/src/pages/wallet/[wallet]/exchange/presentation.vue
• waltid-applications/waltid-web-wallet/apps/waltid-dev-wallet/src/pages/api/siop/initiatePresentation.vue
• waltid-applications/waltid-web-wallet/apps/waltid-dev-wallet/src/pages/wallet/[wallet]/exchange/presentation.vue
• waltid-applications/waltid-web-wallet/libs/composables/presentation.ts
• waltid-applications/waltid-web-wallet/libs/utils/jwt.ts
• waltid-libraries/protocols/waltid-openid4vp-wallet/src/commonMain/kotlin/id/waltid/openid4vp/wallet/WalletPresentFunctionality2.kt
• waltid-libraries/protocols/waltid-openid4vp-wallet/src/commonMain/kotlin/id/waltid/openid4vp/wallet/request/AuthorizationRequestParameterCodec.kt
• waltid-libraries/protocols/waltid-openid4vp-wallet/src/commonMain/kotlin/id/waltid/openid4vp/wallet/request/AuthorizationRequestResolver.kt
• waltid-libraries/protocols/waltid-openid4vp-wallet/src/commonMain/kotlin/id/waltid/openid4vp/wallet/request/ResolvedAuthorizationRequest.kt
• waltid-services/waltid-wallet-api/README.md
• waltid-services/waltid-wallet-api/build.gradle.kts
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/SSIKit2WalletService.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/WalletService.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/service/exchange/OpenId4VpPresentationService.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/usecase/event/EventLogUseCase.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/utils/UuidSerializer.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/auth/AuthController.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/exchange/ExchangeController.kt
• waltid-services/waltid-wallet-api/src/main/kotlin/id/walt/webwallet/web/controllers/exchange/openapi/ExchangeDocs.kt
• waltid-services/waltid-wallet-api/src/test/kotlin/id/walt/webwallet/service/exchange/OpenId4VpPresentationServiceTest.kt

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.4% Duplication on New Code

See analysis details on SonarQube Cloud