move examples, remove workspace, update docs

Author: Juliano1612

Cargo.toml

@@ -1,6 +1,3 @@
-[workspace]
-members = [".", "openid4vp-frontend", "examples/wallet-conformance-adapter", "examples/verifier-conformance-adapter", "examples/cli-verifier"]
-
 [package]
 name = "openid4vp"
 version = "0.1.0"
@@ -37,18 +34,40 @@ serde_json_path = "0.7.1"
 serde_urlencoded = "0.7.1"
 sha2 = "0.10"
 ssi = { version = "0.12", features = ["secp256r1"] }
+thiserror = "1.0.65"
 tokio = "1.32.0"
 tracing = "0.1.37"
 url = { version = "2.4.1", features = ["serde"] }
 x509-cert = "0.2.4"
-thiserror = "1.0.65"
 
 [dev-dependencies]
+anyhow = "1.0"
+async-trait = "0.1"
+axum = { version = "0.7", features = ["macros"] }
+base64 = "0.21"
+chrono = { version = "0.4", features = ["serde"] }
+clap = { version = "4.4", features = ["derive", "env"] }
+did-method-key = "0.3"
 hex = "0.4"
+http = "1.1"
+p256 = { version = "0.13", features = ["jwk", "ecdsa"] }
+qrcode = "0.14"
+rand = "0.8"
+rcgen = "0.13"
+reqwest = { version = "0.12", features = ["rustls-tls", "json"] }
+serde = { version = "1.0", features = ["derive"] }
 serde_json = { version = "1.0", features = ["preserve_order"] }
 serde_path_to_error = "0.1.8"
-tokio = { version = "1.32.0", features = ["macros"] }
-did-method-key = "0.3"
+serde_urlencoded = "0.7"
+sha2 = "0.10"
+thiserror = "1.0"
+tokio = { version = "1.32.0", features = ["macros", "full"] }
+tower = "0.5"
+tower-http = { version = "0.6", features = ["cors", "trace", "timeout", "limit"] }
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
+url = { version = "2.5", features = ["serde"] }
+uuid = { version = "1.6", features = ["v4", "serde"] }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 uuid = { version = "1.2", features = ["v4", "serde", "js"] }

README.md

@@ -4,8 +4,10 @@
 [![Docs.rs](https://docs.rs/openid4vp/badge.svg)](https://docs.rs/openid4vp)
 [![License](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
-### Rust implementation of the OpenID for Verifiable Presentations (OID4VP) specification.
+Rust implementation of the OpenID for Verifiable Presentations (OID4VP) specification.
 
+<!-- cargo-rdme start -->
+<!-- cargo-rdme end -->
 
 ## Install
 
@@ -24,34 +26,39 @@ cargo add openid4vp
 
 ## Testing
 
-Ensure the `/tests/presentation-exchange` submodule is initialized, run the following in the root of the project:
+Ensure the `/tests/presentation-exchange` submodule is initialized by running the following in the root of the project:
 
 ```shell
 git submodule init --recursive
 ```
 
-
-## Presentation Exchange Overview
+## Protocol Flow Diagram
 
 ```mermaid
 sequenceDiagram
-    participant Holder
+    participant Wallet
     participant Verifier
     participant Issuer
 
-    Verifier->>Holder: 1. Request Presentation (with Presentation Definition)
-    Note over Holder: 2. User consents to share credentials
-    Holder->>Holder: 3. Select appropriate credentials
-    Holder->>Holder: 4. Create Verifiable Presentation
-    Holder->>Holder: 5. Create Presentation Submission
-    Holder->>Verifier: 6. Send VP Token (VP + Presentation Submission)
-    Verifier->>Verifier: 7. Validate VP Token
+    Verifier->>Wallet: 1. Authorization Request (Presentation Definition/DCQL)
+    Note over Wallet: 2. User consents to share credentials
+    Wallet->>Wallet: 3. Select appropriate credentials
+    Wallet->>Wallet: 4. Create Verifiable Presentation
+    Wallet->>Wallet: 5. Create Presentation Submission
+    Wallet->>Verifier: 6. Authorization Response (VP Token + Submission)
+    Verifier->>Verifier: 7. Validate VP Token signatures
     Verifier->>Issuer: 8. (Optional) Verify credential status
     Issuer-->>Verifier: 9. (Optional) Credential status response
-    Verifier->>Verifier: 10. Check claims against Presentation Definition
-    Verifier->>Holder: 11. Grant or deny access based on verification
+    Verifier->>Verifier: 10. Verify claims against Presentation Definition
+    Verifier->>Wallet: 11. Grant or deny access based on verification
 ```
 
+## Examples
+
+Check the [`examples`](examples/) directory for complete implementations:
+- [`cli-verifier`](examples/cli-verifier/): Command-line verifier for testing OID4VP flows
+- [`verifier-conformance-adapter`](examples/verifier-conformance-adapter/): Conformance testing adapter
+- [`oid4vp-wallet-adapter`](examples/oid4vp-wallet-adapter/): Headless wallet adapter
 
 ## License
 

examples/cli-verifier/Cargo.toml

@@ -21,7 +21,7 @@ A minimal command-line verifier for testing OID4VP v1.0 protocol with mobile wal
 ngrok http 3000
 
 # Run the verifier with your ngrok URL
-cargo run -p cli-verifier -- --public-url https://your-url.ngrok.io
+cargo run --example cli-verifier -- --public-url https://your-url.ngrok.io
 ```
 
 ### CLI Options
@@ -48,15 +48,15 @@ cargo run -p cli-verifier -- --public-url https://your-url.ngrok.io
 ### Request a single mDL
 
 ```bash
-cargo run -p cli-verifier -- --public-url https://abc.ngrok.io -c mdl
+cargo run --example cli-verifier -- --public-url https://abc.ngrok.io -c mdl
 ```
 
 ### Request multiple credentials (AND logic)
 
 All credentials are required:
 
 ```bash
-cargo run -p cli-verifier -- --public-url https://abc.ngrok.io -c mdl,jwt_vc
+cargo run --example cli-verifier -- --public-url https://abc.ngrok.io -c mdl,jwt_vc
 ```
 
 This creates:
@@ -70,7 +70,7 @@ Wallet must present **both** credentials.
 Accept either LDP VC or mDL:
 
 ```bash
-cargo run -p cli-verifier -- --public-url https://abc.ngrok.io -c ldp_or_mdl
+cargo run --example cli-verifier -- --public-url https://abc.ngrok.io -c ldp_or_mdl
 ```
 
 This creates:
@@ -81,7 +81,7 @@ Wallet can present **either** credential.
 ### Combine OR and AND logic
 
 ```bash
-cargo run -p cli-verifier -- --public-url https://abc.ngrok.io -c ldp_or_mdl,jwt_vc
+cargo run --example cli-verifier -- --public-url https://abc.ngrok.io -c ldp_or_mdl,jwt_vc
 ```
 
 This creates:

examples/cli-verifier/README.md

@@ -482,9 +482,6 @@ fn build_client_metadata(credential_types: &[String]) -> ClientMetadata {
                 // Per OID4VP v1.0 Section B.1.3.2.1:
                 // "The Credential Format Identifier is `ldp_vc` to request a W3C Verifiable
                 // Credential... or a Verifiable Presentation of such a Credential."
-                //
-                // So ldp_vc covers BOTH the credential AND the presentation format.
-                // There is NO ldp_vp in the spec.
                 vp_formats.insert(
                     ClaimFormatDesignation::LdpVc,
                     ClaimFormatPayload::ProofTypeValues(vec![
@@ -503,9 +500,6 @@ fn build_client_metadata(credential_types: &[String]) -> ClientMetadata {
                 // Per OID4VP v1.0 Section B.1.3.1.1:
                 // "The Credential Format Identifier is `jwt_vc_json` to request a W3C Verifiable
                 // Credential... or a Verifiable Presentation of such a Credential."
-                //
-                // So jwt_vc_json covers BOTH the credential AND the presentation format.
-                // There is NO jwt_vp_json in the spec.
                 vp_formats.insert(
                     ClaimFormatDesignation::JwtVcJson,
                     ClaimFormatPayload::AlgValues(vec![

examples/cli-verifier/src/main.rs examples/cli-verifier/main.rsexamples/cli-verifier/src/main.rs renamed to examples/cli-verifier/main.rs

@@ -21,10 +21,10 @@ ngrok http 3000
 
 ```bash
 # For direct_post (unencrypted)
-cargo run -p oid4vp-verifier-adapter -- --public-url https://YOUR_NGROK_URL.ngrok-free.app
+cargo run --example verifier-conformance-adapter -- --public-url https://YOUR_NGROK_URL.ngrok-free.app
 
 # For direct_post.jwt (encrypted)
-cargo run -p oid4vp-verifier-adapter -- --public-url https://YOUR_NGROK_URL.ngrok-free.app --response-mode direct_post.jwt
+cargo run --example verifier-conformance-adapter -- --public-url https://YOUR_NGROK_URL.ngrok-free.app --response-mode direct_post.jwt
 ```
 
 The adapter prints the signing key configuration on startup - you'll need this for the OIDF test setup.
@@ -132,10 +132,10 @@ Go back to the OIDF conformance tool and check if the test passed.
 
 ```bash
 # Debug logging
-RUST_LOG=debug cargo run -p oid4vp-verifier-adapter -- --public-url https://YOUR_NGROK_URL.ngrok-free.app
+RUST_LOG=debug cargo run --example verifier-conformance-adapter -- --public-url https://YOUR_NGROK_URL.ngrok-free.app
 
 # With encrypted responses
-RUST_LOG=debug cargo run -p oid4vp-verifier-adapter -- \
+RUST_LOG=debug cargo run --example verifier-conformance-adapter -- \
   --public-url https://YOUR_NGROK_URL.ngrok-free.app \
   --response-mode direct_post.jwt
 ```

examples/verifier-conformance-adapter/Cargo.toml

@@ -9,7 +9,7 @@ pub fn decrypt_jwe(jwe: &str, private_key_jwk: &JWK) -> Result<Value> {
     let jwk_str = serde_json::to_string(private_key_jwk)?;
     let jwk = Jwk::from_bytes(jwk_str.as_bytes()).context("Invalid private key JWK")?;
 
-    let decrypter = ECDH_ES
+    let decrypter: josekit::jwe::alg::ecdh_es::EcdhEsJweDecrypter<p256::NistP256> = ECDH_ES
         .decrypter_from_jwk(&jwk)
         .context("Failed to create ECDH-ES decrypter")?;
 

examples/verifier-conformance-adapter/README.md

@@ -13,7 +13,6 @@ mod server;
 use server::{create_router, AppState, OidfConfig};
 
 #[derive(Parser, Debug)]
-#[command(name = "oid4vp-verifier-adapter")]
 #[command(about = "OID4VP 1.0 Verifier Adapter for Conformance Testing")]
 struct Args {
     /// Port to listen on