Resolving Mobile App Credential Verification 404 Error
Question
Why am I encountering this error in the mobile app wallet while verifying a credential issued from my issuer node, and how can I resolve it?
Error creating proof: [AuthenticateUseCase] error: status is not OK with code 0: unexpected status code: 404
Answer
The "unexpected status code: 404" error during credential verification typically stems from the URL stored in the authCoreClaim
being unavailable. This situation arises when the URL of the issuer node used during the creation of the issuer's identity is no longer accessible, thus hindering the revocation status check required for generating the proof.
To determine if this is the root cause of the error you are encountering, perform the following check:
Retrieve the problematic credential using the core API of the issuer node, which operates on port 3001. The endpoint format is:
GET /v1/{identifier}/claims/{id}
Here, {identifier}
is the DID of the issuer node, and {id}
is the ID of the credential within the database.
The issuer node's DID can be retrieved by executing the command make print-did
.
Authenticate with this API using the credentials found in the ISSUER_API_AUTH_USER
and ISSUER_API_AUTH_PASSWORD
environment variables.
The returned claim from this API endpoint provides detailed information, including the URL of the issuer node at the time the issuer's identity was established. This typically corresponds to the initial setup of the issuer node, involving the creation of the authCoreClaim
credential, the issuer DID, and the genesis state of the issuer identity.
Locate this URL within the JSON response at proof[0].issuerData.credentialStatus.id
.
If this URL is no longer operational, proceed with the following instructions. If not, the issue may differ.
Ensuring a Stable URL
First and foremost, ensure your issuer node has a stable URL. Services like ngrok or localtunnel often change URLs with each session, which can cause this issue. If utilizing ngrok, setting up a custom domain is advisable for consistency.
Manually Updating the URL in the Database
Manually updating the URL of the credentials in the database is not a straightforward process. For development or testing purposes, it might be simpler to recreate the issuer node's identity and start from scratch. This can be accomplished by removing and restarting the Docker containers. However, be advised that this approach will erase all existing data.
To manually update the URL in existing credentials, particularly if using Docker, follow these detailed steps:
- Launch a pgAdmin container for UI-based interaction:
docker run -p 8080:80 --network=issuer-network -e "[email protected]" -e "PGADMIN_DEFAULT_PASSWORD=password" --name pgadmin_container -d dpage/pgadmin4
Navigate to
http://localhost:8080
in your browser and log in with the provided credentials ([email protected]
/password
).Within the dashboard, opt to "Add New Server".
- Name it "Issuer Node".
- In the "Connection" tab, input the necessary details and confirm by clicking "Save".
- On the tree to the left, explore the nodes to
Servers > Issuer Node > Databases > platformid > Schemas > public > Tables
, right-click theclaims
table, and choose "View/Edit Data > All Rows".
- Locate the
credential_status
column in the loaded credentials (claims). This column contains a JSON value.
- Identify the credential with the
revocationNonce
of0
(theauthCoreClaim
credential). Modify the URL within theid
property of the JSON to the new domain of your issuer node.
- Confirm the update by clicking "Ok" and save the alterations to apply the updated issuer node URL.
By following these steps, new credentials issued will utilize the updated issuer node URL. Note that previously issued credentials will need their URLs updated individually to resolve any verification issues.
Updating the Issuer URL in Database Records
For those comfortable with direct database manipulation, the issuer node URL within existing credentials can be updated using a SQL command. This method is particularly useful if you have a large number of credentials that need updating to a new issuer node URL. Here is the SQL command to perform this update:
UPDATE claims
SET credential_status = jsonb_set(credential_status, '{id}', ('"' || regexp_replace(credential_status ->> 'id', '^https://123456', 'https://0.0.0.0') || '"')::jsonb)
WHERE jsonb_extract_path_text(credential_status, 'id') LIKE 'https://123456/%' AND identifier = 'myDID';
In this command:
https://123456
represents the old URL to be replaced.https://0.0.0.0
is the new URL you're updating to.myDID
should be replaced with the actual DID of the issuer whose credentials you're updating.
This SQL command specifically targets the credential_status
JSONB column within the claims
table, replacing the old URL with the new one only in records where the id
field of the credential_status
matches the specified pattern and belongs to the specified issuer DID.
Direct manipulation of database records can lead to data integrity issues if not performed carefully. Ensure you have backups or other recovery methods available before executing direct database updates.
Recommendations
- Stable URL: Secure a stable URL for your issuer node to prevent similar issues in the future.
- Database Caution: Directly modifying database entries should be done with caution to avoid unintended data corruption.
For further assistance or if you encounter additional challenges, do not hesitate to seek help from the support team.
To resolve the "unexpected status code: 404" error, simply retry the verification process until it succeeds, without needing to check or update the issuer node's URL in the database or reconsider the stability of your ngrok setup.