@@ -524,13 +524,20 @@ public function credential(Request $request): Response
524524 // Get valid claim paths so we can check if the user attribute is allowed to be included in the credential,
525525 // as per the credential configuration supported configuration.
526526 $ validClaimPaths$ this moduleConfig ->getVciValidCredentialClaimPathsFor ($ resolvedCredentialIdentifier
527-
527+ $ this loggerService ->debug (
528+ 'CredentialIssuerCredentialController::credential: Valid claim paths for credential configuration ' ,
529+ ['validClaimPaths ' => $ validClaimPaths
530+ );
528531 // Map user attributes to credential claims
529532 $ credentialSubject// For JwtVcJson
530533 $ disclosureBag$ this verifiableCredentials ->disclosureBagFactory ()->build (); // For DcSdJwt
531534 $ attributeToCredentialClaimPathMap$ this moduleConfig ->getVciUserAttributeToCredentialClaimPathMapFor (
532535 $ resolvedCredentialIdentifier
533536 );
537+ $ this loggerService ->debug (
538+ 'CredentialIssuerCredentialController::credential: Attribute to credential claim path map ' ,
539+ ['attributeToCredentialClaimPathMap ' => $ attributeToCredentialClaimPathMap
540+ );
534541 foreach ($ attributeToCredentialClaimPathMapas $ mapEntry
535542 if (!is_array ($ mapEntry
536543 $ this loggerService ->warning (
@@ -542,6 +549,11 @@ public function credential(Request $request): Response
542549 continue ;
543550 }
544551
552+ $ this loggerService ->debug (
553+ 'Map entry: ' ,
554+ ['mapEntry ' => $ mapEntry
555+ );
556+
545557 $ userAttributeNamekey ($ mapEntry
546558 if (!is_string ($ userAttributeName
547559 $ this loggerService ->warning (
@@ -553,6 +565,10 @@ public function credential(Request $request): Response
553565 continue ;
554566 }
555567
568+ $ this loggerService ->debug (
569+ 'User attribute name: ' . $ userAttributeName
570+ );
571+
556572 /** @psalm-suppress MixedAssignment */
557573 $ credentialClaimPathcurrent ($ mapEntry
558574 if (!is_array ($ credentialClaimPath
@@ -574,6 +590,11 @@ public function credential(Request $request): Response
574590 continue ;
575591 }
576592
593+ $ this loggerService ->debug (
594+ 'Credential claim path ' ,
595+ ['credentialClaimPath ' => $ credentialClaimPath
596+ );
597+
577598 if (!isset ($ userAttributes$ userAttributeName
578599 $ this loggerService ->warning (
579600 'Attribute "%s" does not exist in user attributes. ' ,
@@ -590,6 +611,7 @@ public function credential(Request $request): Response
590611 $ userAttributes$ userAttributeName
591612
592613 if ($ credentialFormatIdvalue ) {
614+ $ this loggerService ->debug ('JwtVcJson format detected, adding user attribute to credential subject. ' );
593615 $ this verifiableCredentials ->helpers ()->arr ()->setNestedValue (
594616 $ credentialSubject
595617 $ attributeValue
@@ -598,6 +620,11 @@ public function credential(Request $request): Response
598620 }
599621
600622 if (in_array ($ credentialFormatIdself ::SD_JWT_FORMAT_IDS , true )) {
623+ $ this loggerService ->debug (
624+ 'CredentialIssuerCredentialController::credential: Processing SD JWT credential format ID '
625+ . $ credentialFormatId
626+ );
627+
601628 // For now, we will only support disclosures for object properties.
602629 $ claimNamearray_pop ($ credentialClaimPath
603630 if (!is_string ($ claimName
@@ -611,8 +638,17 @@ public function credential(Request $request): Response
611638 continue ;
612639 }
613640
614- if ($ credentialFormatIdvalue ) {
641+ $ this loggerService ->debug ('Claim name: ' . $ claimName
642+
643+ if (
644+ $ credentialFormatIdvalue &&
645+ !in_array (ClaimsEnum::Credential_Subject->value , $ credentialClaimPathtrue )
646+ ) {
647+ $ this loggerService ->debug ('VC SD JWT - adding credential subject to claim path for claim "%s". ' );
615648 array_unshift ($ credentialClaimPathvalue );
649+ $ this loggerService ->debug (
650+ 'Credential claim path for credential subject: ' . print_r ($ credentialClaimPathtrue ),
651+ );
616652 }
617653
618654 /** @psalm-suppress ArgumentTypeCoercion */
@@ -722,14 +758,16 @@ public function credential(Request $request): Response
722758 // Always start with the VCDM 2.0 base context URL (mandatory).
723759 $ atContextvalue ];
724760
725- // If a JSON-LD context document is configured for this credential, append the module-hosted
726- // context URL so that verifiers can resolve the custom credential subject terms.
761+ // If a JSON-LD context document is configured for this credential,
762+ // append the module-hosted context URL so that verifiers can
763+ // resolve the custom credential subject terms.
727764 if ($ this moduleConfig ->getVciCredentialJsonLdContextFor ($ resolvedCredentialIdentifiernull ) {
728765 $ atContext$ this routes ->urlCredentialJsonLdContext ($ resolvedCredentialIdentifier
729766 }
730767
731- // Append any additional context URLs declared in the credential configuration's @context field
732- // (skipping the base W3C URL, which is already first in the list).
768+ // Append any additional context URLs declared in the credential
769+ // configuration's @context field (skipping the base W3C URL,
770+ // which is already first in the list).
733771 /** @psalm-suppress MixedAssignment */
734772 $ configuredContexts$ resolvedCredentialConfigurationvalue ] ?? [];
735773 if (is_array ($ configuredContexts
@@ -776,6 +814,7 @@ public function credential(Request $request): Response
776814 [
777815 ClaimsEnum::Kid->value => $ issuerDid'#0 ' ,
778816 ],
817+ disclosureBag: $ disclosureBag
779818 );
780819 }
781820
0 commit comments