fix: expectedOrigins added to intent based proof request creation API

[RinkalBhojani]

What?

• Added missing parameter 'expectedOrigins' to intent based proof request creation API to support dcapi flow

Summary by CodeRabbit

• New Features

  • Added expectedOrigins field to intent-based verification workflows, allowing specification of authorized origin endpoints. This field becomes required when using DC_API or DC_API_JWT response modes.

• Improvements

  • Refined verification endpoint messaging for improved accuracy and consistency across success responses and error handling.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request extends the intent-based verification flow by adding an expectedOrigins field (optional string array) across the API gateway and OID4VC verification service layers, with conditional validation requiring the field when responseMode is DC_API or DC_API_JWT. Additionally, terminology in success and error messages was updated from "verifier" to "verification" in the API gateway controller.

Changes

Cohort / File(s)	Summary
Input Validation & Schema apps/api-gateway/src/oid4vc-verification/dtos/create-intent-based-verification.dto.ts	Added expectedOrigins: string[] field with conditional validation (required when responseMode is DC_API or DC_API_JWT), array validation, and Swagger metadata. Updated imports to include IsArray and ValidateIf.
API Gateway Layer apps/api-gateway/src/oid4vc-verification/oid4vc-verification.controller.ts, apps/api-gateway/src/oid4vc-verification/oid4vc-verification.service.ts	Updated success/error messages in controller from "verifier" to "verification" terminology. Service now destructures and propagates expectedOrigins through the intent-based verification payload.
OID4VC Verification Service Layer apps/oid4vc-verification/src/oid4vc-verification.controller.ts, apps/oid4vc-verification/src/oid4vc-verification.service.ts	Extended controller to handle expectedOrigins field in payload and added optional class field. Service method signature updated to accept optional expectedOrigins parameter and incorporate it into the session request payload.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Feat/oid4vc verification template #1534: Adds/propagates the expectedOrigins field through the CreateIntentBasedVerification DTO and IPresentationRequest in related intent-based verification wiring.

Suggested reviewers

• shitrerohit
• GHkrishna
• tipusinghaw

Poem

🐰 A field hops through the verification dance,
expectedOrigins springs to prance,
From gateway down to service deep,
Conditions guard what origins to keep.
Terminology refreshed with care—verifier becomes verification's flair! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: expectedOrigins added to intent based proof request creation API' directly and clearly summarizes the main change—adding the expectedOrigins parameter to the intent-based proof request creation API, which is reflected across all modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/add-expected-origin-for-dcapi

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (1)

apps/oid4vc-verification/src/oid4vc-verification.service.ts (1)

431-431: Prefer a more precise type over Record<string, object> for query parameters.

At Line 431, the cast to Record<string, object> is broader than necessary since VerificationSessionQuery contains only string and string-enum fields. While the underlying serializer uses String(value) to handle any type safely, the cast unnecessarily widens the type signature and could allow unintended object types to pass at the TypeScript level.

♻️ Suggested refactor

-        url = buildUrlWithQuery(url, query as Record<string, object>);
+        url = buildUrlWithQuery(
+          url,
+          query as Record<string, string | number | boolean | null | undefined>
+        );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/oid4vc-verification/src/oid4vc-verification.service.ts` at line 431, The
cast to Record<string, object> is too broad—narrow the type when calling
buildUrlWithQuery by converting the VerificationSessionQuery values to strings
(or using Record<string, string>) so only string-valued query params are passed;
for example, transform query via Object.entries(query).map/ reduce to produce a
Record<string,string> (or explicitly cast to Record<string,string>) and pass
that to buildUrlWithQuery, referencing the VerificationSessionQuery value being
passed into buildUrlWithQuery in oid4vc-verification.service (the url variable
and buildUrlWithQuery call).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@apps/oid4vc-verification/src/oid4vc-verification.service.ts`:
- Line 431: The cast to Record<string, object> is too broad—narrow the type when
calling buildUrlWithQuery by converting the VerificationSessionQuery values to
strings (or using Record<string, string>) so only string-valued query params are
passed; for example, transform query via Object.entries(query).map/ reduce to
produce a Record<string,string> (or explicitly cast to Record<string,string>)
and pass that to buildUrlWithQuery, referencing the VerificationSessionQuery
value being passed into buildUrlWithQuery in oid4vc-verification.service (the
url variable and buildUrlWithQuery call).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 30d8cb1d-1333-4d6c-a26a-be4e600473e9

📥 Commits

Reviewing files that changed from the base of the PR and between 09cbab1 and 0c6dc70.

📒 Files selected for processing (5)

• apps/api-gateway/src/oid4vc-verification/dtos/create-intent-based-verification.dto.ts
• apps/api-gateway/src/oid4vc-verification/oid4vc-verification.controller.ts
• apps/api-gateway/src/oid4vc-verification/oid4vc-verification.service.ts
• apps/oid4vc-verification/src/oid4vc-verification.controller.ts
• apps/oid4vc-verification/src/oid4vc-verification.service.ts