fix: on sign vp, use auth proof purpose

Signed-off-by: Daniel Bluhm <[email protected]>

acapy_agent/protocols/present_proof/dif/pres_exch_handler.py

@@ -40,7 +40,10 @@
 from ....vc.vc_di.prove import create_signed_anoncreds_presentation
 from ....vc.vc_ld.prove import create_presentation, derive_credential, sign_presentation
 from ....wallet.base import BaseWallet, DIDInfo
-from ....wallet.default_verification_key_strategy import BaseVerificationKeyStrategy
+from ....wallet.default_verification_key_strategy import (
+    BaseVerificationKeyStrategy,
+    ProofPurposeStr,
+)
 from ....wallet.error import WalletError, WalletNotFoundError
 from ....wallet.key_type import BLS12381G2, ED25519
 from .pres_exch import (
@@ -115,15 +118,17 @@ async def _get_issue_suite(
         self,
         *,
         issuer_id: str,
+        proof_purpose: Optional[ProofPurposeStr] = None,
     ):
         """Get signature suite for signing presentation."""
+        proof_purpose = proof_purpose or "assertionMethod"
         did_info = await self._did_info_for_did(issuer_id)
         vm_id_strategy = self.profile.context.inject(BaseVerificationKeyStrategy)
         verification_method = await vm_id_strategy.get_verification_method_id_for_did(
             issuer_id,
             self.profile,
             proof_type=self.proof_type,
-            proof_purpose="assertionMethod",
+            proof_purpose=proof_purpose,
         )
 
         # Get signature class based on proof type
@@ -1300,8 +1305,9 @@ async def create_vp(
                 )
             else:
                 vp = self.__add_dif_fields_to_vp(vp, submission_property)
+                assert issuer_id
                 issue_suite = await self._get_issue_suite(
-                    issuer_id=issuer_id,
+                    issuer_id=issuer_id, proof_purpose="authentication"
                 )
                 signed_vp = await sign_presentation(
                     presentation=vp,

acapy_agent/wallet/default_verification_key_strategy.py

@@ -2,7 +2,7 @@
 
 from abc import ABC, abstractmethod
 import logging
-from typing import Optional
+from typing import Literal, Optional
 
 from pydid import DIDDocument
 
@@ -14,6 +14,20 @@
 LOGGER = logging.getLogger(__name__)
 
 
+ProofPurposeStr = Literal[
+    "assertionMethod",
+    "authentication",
+    "capabilityDelegation",
+    "capabilityInvocation",
+]
+PROOF_PURPOSES = (
+    "authentication",
+    "assertionMethod",
+    "capabilityInvocation",
+    "capabilityDelegation",
+)
+
+
 class VerificationKeyStrategyError(BaseError):
     """Raised on issues with verfication method derivation."""
 
@@ -28,7 +42,7 @@ async def get_verification_method_id_for_did(
         profile: Profile,
         *,
         proof_type: Optional[str] = None,
-        proof_purpose: Optional[str] = None,
+        proof_purpose: Optional[ProofPurposeStr] = None,
     ) -> Optional[str]:
         """Given a DID, returns the verification key ID in use.
 
@@ -62,7 +76,7 @@ async def get_verification_method_id_for_did(
         profile: Profile,
         *,
         proof_type: Optional[str] = None,
-        proof_purpose: Optional[str] = None,
+        proof_purpose: Optional[ProofPurposeStr] = None,
     ) -> Optional[str]:
         """Given a did:key or did:sov, returns the verification key ID in use.
 
@@ -77,12 +91,7 @@ async def get_verification_method_id_for_did(
         proof_type = proof_type or "Ed25519Signature2018"
         proof_purpose = proof_purpose or "assertionMethod"
 
-        if proof_purpose not in (
-            "authentication",
-            "assertionMethod",
-            "capabilityInvocation",
-            "capabilityDelegation",
-        ):
+        if proof_purpose not in PROOF_PURPOSES:
             raise ValueError("Invalid proof purpose")
 
         if did.startswith("did:key:"):