credebl · shitrerohit · Feb 26, 2026 · Feb 11, 2026 · Feb 11, 2026 · Feb 11, 2026
diff --git a/src/controllers/openid4vc/holder/holder.service.ts b/src/controllers/openid4vc/holder/holder.service.ts
@@ -200,12 +200,14 @@ export class HolderService {
   public async resolveProofRequest(agentReq: Req, body: ResolveProofRequest) {
     return (await agentReq.agent.modules.openid4vc.holder.resolveOpenId4VpAuthorizationRequest(
       body.proofRequestUri,
+      body.options,
     )) as any
   }
 
   public async acceptPresentationRequest(agentReq: Req, body: ResolveProofRequest) {
     const resolved = await agentReq.agent.modules.openid4vc.holder.resolveOpenId4VpAuthorizationRequest(
       body.proofRequestUri,
+      body.options,
     )
     // const presentationExchangeService = agent.dependencyManager.resolve(DifPresentationExchangeService)
 
@@ -224,10 +226,20 @@ export class HolderService {
       dcql: {
         credentials: dcqlCredentials as DcqlCredentialsForRequest,
       },
+      origin: body.options?.origin,
     })
-    const result: any = submissionResult.serverResponse
-    result['authorizationResponsePayload'] = submissionResult.authorizationResponsePayload
-    return result
+    if (submissionResult.serverResponse) {
+      const { serverResponse, ...rest } = submissionResult
+
+      return {
+        ...serverResponse,
+        body: rest,
+      } as any
+    }
+    return {
+      status: 200,
+      body: submissionResult,
+    } as any
   }
 
   public async deleteCredential(agentReq: Req, { credentialId, credentialType }: DeleteCredentialBody) {

diff --git a/src/controllers/openid4vc/types/holder.types.ts b/src/controllers/openid4vc/types/holder.types.ts
@@ -1,3 +1,5 @@
+import type { ResolveOpenId4VpAuthorizationRequestOptions } from '@credo-ts/openid4vc'
+
 export interface ResolveCredentialOfferBody {
   credentialOfferUri: string
 }
@@ -17,6 +19,7 @@ export interface AuthorizeRequestCredentialOffer {
 
 export interface ResolveProofRequest {
   proofRequestUri: string
+  options?: ResolveOpenId4VpAuthorizationRequestOptions
 }
 
 export interface AcceptProofRequest {

diff --git a/src/controllers/openid4vc/types/verifier.types.ts b/src/controllers/openid4vc/types/verifier.types.ts
@@ -1,6 +1,6 @@
 /* eslint-disable @typescript-eslint/explicit-member-accessibility */
 import type { DifPresentationExchangeDefinitionV2 } from '@credo-ts/core'
-import type { SubmissionRequirement, Format, Issuance, InputDescriptorV2 } from '@sphereon/pex-models'
+import type { Format, Issuance, InputDescriptorV2 } from '@sphereon/pex-models'
 
 export enum ResponseModeEnum {
   DIRECT_POST = 'direct_post',
@@ -109,3 +109,9 @@ export class OpenId4VcSiopCreateVerifierOptions {
 export class OpenId4VcUpdateVerifierRecordOptions {
   clientMetadata?: OpenId4VcSiopVerifierClientMetadata
 }
+
+export interface OpenId4VCDCQLVerificationSessionRecord {
+  verificationSessionId: string
+  authorizationResponse: Record<string, unknown>
+  origin?: string
+}
diff --git a/src/controllers/openid4vc/verifier-sessions/verification-sessions.Controller.ts b/src/controllers/openid4vc/verifier-sessions/verification-sessions.Controller.ts
@@ -1,12 +1,11 @@
-import { Agent } from '@credo-ts/core'
 import { OpenId4VcVerificationSessionState } from '@credo-ts/openid4vc'
 import { Request as Req } from 'express'
 import { Controller, Get, Path, Query, Route, Request, Security, Tags, Post, Body } from 'tsoa'
 import { injectable } from 'tsyringe'
 
 import { SCOPES } from '../../../enums'
 import ErrorHandlingService from '../../../errorHandlingService'
-import { CreateAuthorizationRequest } from '../types/verifier.types'
+import { CreateAuthorizationRequest, OpenId4VCDCQLVerificationSessionRecord } from '../types/verifier.types'
 
 import { VerificationSessionsService } from './verification-sessions.service'
 
@@ -87,4 +86,19 @@ export class VerificationSessionsController extends Controller {
       throw ErrorHandlingService.handle(error)
     }
   }
+
+  /**
+   * Verify authorization response for a DCAPI proof request
+   */
+  @Post('/verify-authorization-response')
+  public async verifyDcqlProofRequest(
+    @Request() request: Req,
+    @Body() verifydcqlProofRquest: OpenId4VCDCQLVerificationSessionRecord,
+  ) {
+    try {
+      return await this.verificationSessionService.verifyAuthorizationResponse(request, verifydcqlProofRquest)
+    } catch (error) {
+      throw ErrorHandlingService.handle(error)
+    }
+  }
 }
diff --git a/src/controllers/openid4vc/verifier-sessions/verification-sessions.service.ts b/src/controllers/openid4vc/verifier-sessions/verification-sessions.service.ts
@@ -15,6 +15,10 @@ import {
   ClientIdPrefix,
   CreateAuthorizationRequest,
   OpenId4VcIssuerX5cOptions,
+  OpenId4VCDCQLVerificationSessionRecord,
+  OpenId4VcIssuerX5c,
+  ClientIdPrefix,
+  OpenId4VcIssuerX5cOptions,
   ResponseModeEnum,
 } from '../types/verifier.types'
 
@@ -200,4 +204,16 @@ export class VerificationSessionsService {
         : undefined,
     } as any
   }
+
+  public async verifyAuthorizationResponse(
+    agentReq: Req,
+    verifydcqlProofRquest: OpenId4VCDCQLVerificationSessionRecord,
+  ) {
+    const verifier = agentReq.agent.modules.openid4vc.verifier
+    if (!verifier) {
+      throw new Error('OID4VC verifier module not initialized')
+    }
+    const result = (await verifier.verifyAuthorizationResponse({ ...verifydcqlProofRquest })) as any
+    return result
+  }
 }