@abtnode/blocklet-services 1.16.23-beta-7b5b0175 → 1.16.23-beta-06c3a221

package/api/libs/connect/session.js

@@ -1,4 +1,5 @@
 // Holds shared logic for session-manager v1 and v2
+const { joinURL } = require('ufo');
 const get = require('lodash/get');
 const joinUrl = require('url-join');
 const formatContext = require('@abtnode/util/lib/format-context');
@@ -35,12 +36,19 @@ const {
 const { getKeyPairClaim, getAuthPrincipalForMigrateAppToV2 } = require('@abtnode/auth/lib/server');
 const merge = require('lodash/merge');
 const { fromAppDid } = require('@arcblock/did-ext');
-const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { LOGIN_PROVIDER, BLOCKLET_APP_SPACE_REQUIREMENT, DID_SPACES } = require('@blocklet/constant');
 const pick = require('lodash/pick');
 const createTranslator = require('@abtnode/util/lib/translate');
-
-const { getRolesFromAuthConfig, getBlockletAppIdList } = require('@blocklet/meta/lib/util');
+const {
+  getRolesFromAuthConfig,
+  getBlockletAppIdList,
+  forEachBlockletSync,
+  getAppName,
+  getAppDescription,
+  getAppUrl,
+} = require('@blocklet/meta/lib/util');
 const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/login');
+const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('@abtnode/auth/lib/util/spaces');
 
 const logger = require('../logger')('connect');
 const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../../util');
@@ -142,9 +150,34 @@ const checkAppOwner = ({ role, blocklet, userDid, locale = 'en' }) => {
   }
 };
 
+/**
+ * @description
+ * @param {import('@abtnode/client').BlockletState} blocklet
+ * @return {boolean}
+ */
+const isDidSpaceRequiredOnConnect = (blocklet) => {
+  let flag = false;
+
+  forEachBlockletSync(blocklet, (b) => {
+    flag = flag || b?.meta?.capabilities?.didSpace === BLOCKLET_APP_SPACE_REQUIREMENT.REQUIRED_ON_CONNECT;
+  });
+
+  return !!flag;
+};
+
 module.exports = {
   login: {
-    onConnect: async ({ node, request, userDid, locale, passportId = '', componentId, action, baseUrl }) => {
+    /**
+     *
+     * @param {{
+     *  node: import('@abtnode/core').TNode
+     * }} param0
+     * @returns
+     */
+    onConnect: async ({ node, request, userDid, locale = 'en', passportId = '', componentId, action, baseUrl }) => {
+      /**
+       * @type {import('@abtnode/client').BlockletState}
+       */
       const blocklet = await request.getBlocklet();
       const config = await request.getServiceConfig(NODE_SERVICES.AUTH, { componentId });
       const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
@@ -174,6 +207,35 @@ module.exports = {
         if (passportId) {
           claims.verifiableCredential.target = passportId;
         }
+
+        // attach assetOrVC claim when space is required for user
+        if (isDidSpaceRequiredOnConnect(blocklet)) {
+          const currentUser = await node.getUser({
+            teamDid,
+            user: {
+              did: userDid,
+            },
+          });
+
+          if (!currentUser?.didSpace?.endpoint) {
+            // 当这个用户没有 didSpace endpoint 时,我们需要用户主动授权
+            claims.assetOrVC = {
+              description: messages.requestDidSpace[locale],
+              optional: false,
+              filters: [
+                {
+                  tag: DID_SPACES.NFT_TAG, // 用于筛选 NFT
+                },
+                {
+                  type: DID_SPACES.VC_TYPES, // 用于筛选 VC
+                },
+              ],
+              meta: {
+                purpose: 'DidSpace',
+              },
+            };
+          }
+        }
       }
 
       if (action === 'exchangePassport') {
@@ -203,297 +265,390 @@ module.exports = {
       return claims;
     },
 
-    onApprove: async ({
-      node,
-      request,
-      locale,
-      challenge,
-      userDid,
-      userPk,
-      claims,
-      baseUrl,
-      createSessionToken,
-      componentId,
-      action,
-      visitorId,
-    }) => {
-      const blocklet = await request.getBlocklet();
-      const blockletInfo = await request.getBlockletInfo();
-      const { wallet, secret, name, passportColor, did: teamDid } = blockletInfo;
-      const sourceAppPid = getSourceAppPid(request);
-
-      // Check user approved
-      const currentUser = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
-      if (currentUser && !currentUser.approved) {
-        throw new Error(messages.notAllowed[locale]);
-      }
+    onApprove:
+      /**
+       * @description
+       * @param {{
+       *  node: import('@abtnode/core').TNode,
+       *  claims: any[],
+       * }} {
+       *         node,
+       *         request,
+       *         locale,
+       *         challenge,
+       *         userDid,
+       *         userPk,
+       *         claims,
+       *         baseUrl,
+       *         createSessionToken,
+       *         componentId,
+       *         action,
+       *         visitorId,
+       *       }
+       * @return {*}
+       */
+      async ({
+        node,
+        request,
+        locale,
+        challenge,
+        userDid,
+        userPk,
+        claims,
+        baseUrl,
+        createSessionToken,
+        componentId,
+        action,
+        visitorId,
+      }) => {
+        /** @type {import('@abtnode/client').BlockletState} */
+        const blocklet = await request.getBlocklet();
+        const blockletInfo = await request.getBlockletInfo();
+        const { wallet, secret, name, passportColor, did: teamDid } = blockletInfo;
+        const sourceAppPid = getSourceAppPid(request);
+
+        // Check user approved
+        const currentUser = await getUserWithinFederated(
+          { sourceAppPid, teamDid, userDid, userPk },
+          { node, blocklet }
+        );
+        if (currentUser && !currentUser.approved) {
+          throw new Error(messages.notAllowed[locale]);
+        }
 
-      const realDid = currentUser?.did || userDid;
-      const realPk = currentUser?.pk || userPk;
+        const realDid = currentUser?.did || userDid;
+        const realPk = currentUser?.pk || userPk;
+
+        // Get auth config
+        const authConfig = (await request.getServiceConfig(NODE_SERVICES.AUTH, { componentId })) || {};
+
+        let vc;
+        let nftState;
+        let invitedUserOnly = false;
+        let defaultRole = ROLES.GUEST;
+        let defaultTtl = 0;
+        let defaultTtlPolicy = 'never';
+        let issuePassport = false;
+
+        const provider = getLoginProvider(request);
+        const masterSite = getFederatedMaster(blocklet);
+
+        // Get passport vc
+        if (action === 'login') {
+          vc = await getPassportVc({
+            blocklet,
+            claims,
+            challenge,
+            locale,
+            sourceAppPid,
+          });
+          [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(authConfig, node, teamDid);
+          if (invitedUserOnly && !vc) {
+            throw new Error(messages.missingCredentialClaim[locale]);
+          }
+          const shouldConnectSpace = claims.some(
+            (x) => x?.meta?.purpose === 'DidSpace' && ['asset', 'verifiableCredential'].includes(x.type)
+          );
+          if (shouldConnectSpace) {
+            const didSpaceInfo = await getDidSpacesInfoByClaims({ claims });
+
+            const appUrl = getAppUrl(blocklet);
+            const { data } = await silentAuthorizationInConnect(didSpaceInfo, {
+              appInfo: {
+                appDid: blocklet.appDid,
+                appName: getAppName(blocklet),
+                appDescription: getAppDescription(blocklet),
+                appUrl,
+                scopes: 'list:object read:object write:object',
+                referrer: joinURL(appUrl, '/.well-known/service/connect'),
+              },
+              verifyNFTParams: {
+                claims,
+                challenge,
+                locale,
+              },
+            });
 
-      // Get auth config
-      const authConfig = (await request.getServiceConfig(NODE_SERVICES.AUTH, { componentId })) || {};
+            /**
+             * @type {Omit<import('@abtnode/client').SpaceGatewayInput, 'protected'>}
+             */
+            const spaceGateway = {
+              did: data.did,
+              name: data.name,
+              endpoint: data.endpoint,
+              url: didSpaceInfo.didSpacesCoreUrl,
+            };
+
+            const user = await node.getUser({
+              teamDid,
+              user: {
+                did: userDid,
+              },
+            });
 
-      let vc;
-      let nftState;
-      let invitedUserOnly = false;
-      let defaultRole = ROLES.GUEST;
-      let defaultTtl = 0;
-      let defaultTtlPolicy = 'never';
-      let issuePassport = false;
+            await node.updateUser({
+              teamDid,
+              user: {
+                did: userDid,
+                didSpace: {
+                  ...user.didSpace,
+                  ...spaceGateway,
+                },
+              },
+            });
+          }
+        } else if (action === 'exchangePassport') {
+          const claim = claims.find((x) => x.type === 'asset');
+          const isConnected = await node.isConnectedAccount({ teamDid, did: claim.asset });
+          if (isConnected) {
+            throw new Error(messages.nftAlreadyUsed[locale]);
+          }
 
-      const provider = getLoginProvider(request);
-      const masterSite = getFederatedMaster(blocklet);
+          nftState = await verifyNFT({ claims, challenge, locale, chainHost: MAIN_CHAIN_ENDPOINT });
+          const matchFactory = blocklet.trustedFactories.find((x) => x.factoryAddress === nftState.parent);
+          if (!matchFactory) {
+            throw new Error(messages.invalidNftParent[locale]);
+          }
 
-      // Get passport vc
-      if (action === 'login') {
-        vc = await getPassportVc({ blocklet, claims, challenge, locale, sourceAppPid });
-        [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(authConfig, node, teamDid);
-        if (invitedUserOnly && !vc) {
-          throw new Error(messages.missingCredentialClaim[locale]);
-        }
-      } else if (action === 'exchangePassport') {
-        const claim = claims.find((x) => x.type === 'asset');
-        const isConnected = await node.isConnectedAccount({ teamDid, did: claim.asset });
-        if (isConnected) {
-          throw new Error(messages.nftAlreadyUsed[locale]);
+          defaultRole = matchFactory.passport.role;
+          defaultTtl = matchFactory.passport.ttl;
+          defaultTtlPolicy = matchFactory.passport.ttlPolicy;
+          issuePassport = true;
         }
 
-        nftState = await verifyNFT({ claims, challenge, locale, chainHost: MAIN_CHAIN_ENDPOINT });
-        const matchFactory = blocklet.trustedFactories.find((x) => x.factoryAddress === nftState.parent);
-        if (!matchFactory) {
-          throw new Error(messages.invalidNftParent[locale]);
-        }
+        if (issuePassport) {
+          let expirationDate;
+          if (nftState && defaultTtl) {
+            if (defaultTtlPolicy === 'mint') {
+              expirationDate = +new Date(nftState.context.genesisTime) + defaultTtl;
+            }
+            if (defaultTtlPolicy === 'exchange') {
+              expirationDate = +new Date() + defaultTtl;
+            }
+          }
 
-        defaultRole = matchFactory.passport.role;
-        defaultTtl = matchFactory.passport.ttl;
-        defaultTtlPolicy = matchFactory.passport.ttlPolicy;
-        issuePassport = true;
-      }
+          logger.info(`issue passport to user at the ${action} workflow`, {
+            role: defaultRole,
+            expire: expirationDate,
+            policy: defaultTtlPolicy,
+            ttl: defaultTtl,
+          });
 
-      if (issuePassport) {
-        let expirationDate;
-        if (nftState && defaultTtl) {
-          if (defaultTtlPolicy === 'mint') {
-            expirationDate = +new Date(nftState.context.genesisTime) + defaultTtl;
-          }
-          if (defaultTtlPolicy === 'exchange') {
-            expirationDate = +new Date() + defaultTtl;
-          }
+          const profile = claims.find((x) => x.type === 'profile');
+          vc = createPassportVC({
+            issuerName: name,
+            issuerWallet: wallet,
+            issuerAvatarUrl: getAppAvatarUrl(baseUrl),
+            ownerDid: realDid,
+            passport: await createPassport({
+              name: defaultRole,
+              node,
+              teamDid,
+              locale,
+              endpoint: baseUrl,
+            }),
+            endpoint: getPassportStatusEndpoint({
+              baseUrl: joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+              userDid: realDid,
+              teamDid,
+            }),
+            ownerProfile: profile,
+            preferredColor: passportColor,
+            expirationDate: expirationDate ? new Date(expirationDate).toISOString() : undefined,
+          });
         }
 
-        logger.info(`issue passport to user at the ${action} workflow`, {
-          role: defaultRole,
-          expire: expirationDate,
-          policy: defaultTtlPolicy,
-          ttl: defaultTtl,
-        });
+        // Get user passport from vc
+        let passport = vc ? createUserPassport(vc) : null;
+        if (currentUser && passport && isUserPassportRevoked(currentUser, passport)) {
+          throw new Error(messages.passportRevoked[locale](passport.title, name));
+        }
 
-        const profile = claims.find((x) => x.type === 'profile');
-        vc = createPassportVC({
-          issuerName: name,
-          issuerWallet: wallet,
-          issuerAvatarUrl: getAppAvatarUrl(baseUrl),
-          ownerDid: realDid,
-          passport: await createPassport({
-            name: defaultRole,
-            node,
-            teamDid,
-            locale,
-            endpoint: baseUrl,
-          }),
-          endpoint: getPassportStatusEndpoint({
-            baseUrl: joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
-            userDid: realDid,
-            teamDid,
-          }),
-          ownerProfile: profile,
-          preferredColor: passportColor,
-          expirationDate: expirationDate ? new Date(expirationDate).toISOString() : undefined,
-        });
-      }
+        // Get role
+        const role = await getRoleFromVC({ vc, node, locale, blocklet, teamDid, sourceAppPid });
+        await validateRole({ role, authConfig, locale, node, teamDid });
 
-      // Get user passport from vc
-      let passport = vc ? createUserPassport(vc) : null;
-      if (currentUser && passport && isUserPassportRevoked(currentUser, passport)) {
-        throw new Error(messages.passportRevoked[locale](passport.title, name));
-      }
+        checkAppOwner({ role, blocklet, userDid, locale });
 
-      // Get role
-      const role = await getRoleFromVC({ vc, node, locale, blocklet, teamDid, sourceAppPid });
-      await validateRole({ role, authConfig, locale, node, teamDid });
-
-      checkAppOwner({ role, blocklet, userDid, locale });
+        // Recreate passport with correct role
+        passport = vc ? createUserPassport(vc, { role }) : null;
 
-      // Recreate passport with correct role
-      passport = vc ? createUserPassport(vc, { role }) : null;
+        const now = new Date().toISOString();
+        const connectedNft = nftState
+          ? {
+              provider: LOGIN_PROVIDER.NFT,
+              did: nftState.address,
+              owner: nftState.owner,
+              firstLoginAt: now,
+              lastLoginAt: now,
+            }
+          : null;
 
-      const now = new Date().toISOString();
-      const connectedNft = nftState
-        ? {
-            provider: LOGIN_PROVIDER.NFT,
-            did: nftState.address,
-            owner: nftState.owner,
-            firstLoginAt: now,
-            lastLoginAt: now,
-          }
-        : null;
+        let fullName = currentUser?.fullName;
+        // Update profile
+        const passportForLog = passport || { name: 'Guest', role: 'guest' };
 
-      let fullName = currentUser?.fullName;
-      // Update profile
-      const passportForLog = passport || { name: 'Guest', role: 'guest' };
+        const connectAccount = { provider, did: userDid, pk: userPk };
 
-      const connectAccount = { provider, did: userDid, pk: userPk };
+        let updatedUser;
+        if (currentUser) {
+          updatedUser = await node.loginUser({
+            teamDid,
+            user: {
+              did: currentUser.did,
+              pk: currentUser.pk,
+              locale,
+              passport,
+              sourceAppPid,
+              lastLoginIp: get(request, 'headers[x-real-ip]') || '',
+              connectedAccount: [connectAccount, connectedNft],
+            },
+          });
+          await node.createAuditLog(
+            {
+              action,
+              args: { teamDid, userDid: realDid, passport: passportForLog, provider, sourceAppPid },
+              context: formatContext(Object.assign(request, { user: updatedUser })),
+              result: updatedUser,
+            },
+            node
+          );
+        } else {
+          // Create user
+          const profile = claims.find((x) => x.type === 'profile');
+          fullName = profile.fullName;
+
+          updatedUser = await node.loginUser({
+            teamDid,
+            user: {
+              ...profile,
+              avatar: await extractUserAvatar(get(profile, 'avatar'), {
+                dataDir: blocklet.env.dataDir,
+              }),
+              did: realDid,
+              pk: realPk,
+              locale,
+              passport,
+              sourceAppPid,
+              lastLoginIp: get(request, 'headers[x-real-ip]') || '',
+              connectedAccount: [connectAccount, connectedNft],
+            },
+          });
+          await node.createAuditLog(
+            {
+              action: 'addUser',
+              args: {
+                teamDid,
+                userDid: realDid,
+                sourceAppPid,
+                provider,
+                reason: `first login as ${passportForLog.role}`,
+              },
+              context: formatContext(Object.assign(request, { user: updatedUser })),
+              result: updatedUser,
+            },
+            node
+          );
+        }
+        const lastLoginIp = request.headers['x-real-ip'];
+        const ua = request.headers['user-agent'];
+        // request.context.store.connectedWallet
+        const walletOS = request.context.didwallet.os;
 
-      let updatedUser;
-      if (currentUser) {
-        updatedUser = await node.loginUser({
+        const userSessionDoc = await node.upsertUserSession({
           teamDid,
-          user: {
-            did: currentUser.did,
-            pk: currentUser.pk,
-            locale,
-            passport,
-            sourceAppPid,
-            lastLoginIp: get(request, 'headers[x-real-ip]') || '',
-            connectedAccount: [connectAccount, connectedNft],
+          visitorId,
+          userDid: realDid,
+          appPid: teamDid,
+          passportId: passport?.id,
+          status: 'online',
+          ua,
+          lastLoginIp,
+          extra: {
+            walletOS,
           },
         });
-        await node.createAuditLog(
-          {
-            action,
-            args: { teamDid, userDid: realDid, passport: passportForLog, provider, sourceAppPid },
-            context: formatContext(Object.assign(request, { user: updatedUser })),
-            result: updatedUser,
-          },
+
+        if (shouldSyncFederated(sourceAppPid, blocklet)) {
           node
-        );
-      } else {
-        // Create user
-        const profile = claims.find((x) => x.type === 'profile');
-        fullName = profile.fullName;
+            .syncFederated({
+              did: teamDid,
+              data: {
+                users: [
+                  {
+                    did: updatedUser.did,
+                    pk: updatedUser.pk,
+                    fullName: updatedUser.fullName,
+                    email: updatedUser.email || '',
+                    avatar: getUserAvatarUrl(updatedUser.avatar, blocklet),
+                    connectedAccount: [connectAccount, connectedNft],
+                    action: 'connectAccount',
+                    sourceAppPid: sourceAppPid || masterSite.appPid,
+                  },
+                ],
+              },
+            })
+            .then(() => {
+              node.syncUserSession({
+                teamDid,
+                userDid: realDid,
+                visitorId: userSessionDoc.visitorId,
+                passportId: passport?.id,
+                targetAppPid: sourceAppPid,
+                ua,
+                lastLoginIp,
+                extra: {
+                  walletOS,
+                },
+              });
+            });
+        }
 
-        updatedUser = await node.loginUser({
-          teamDid,
-          user: {
-            ...profile,
-            avatar: await extractUserAvatar(get(profile, 'avatar'), {
-              dataDir: blocklet.env.dataDir,
-            }),
-            did: realDid,
-            pk: realPk,
-            locale,
-            passport,
-            sourceAppPid,
-            lastLoginIp: get(request, 'headers[x-real-ip]') || '',
-            connectedAccount: [connectAccount, connectedNft],
-          },
-        });
-        await node.createAuditLog(
+        // Generate new session token that client can save to localStorage
+        const createToken = createTokenFn(createSessionToken);
+        const sessionConfig = blocklet.settings?.session || {};
+
+        const { sessionToken, refreshToken } = createToken(
+          realDid,
           {
-            action: 'addUser',
-            args: {
-              teamDid,
-              userDid: realDid,
-              sourceAppPid,
-              provider,
-              reason: `first login as ${passportForLog.role}`,
-            },
-            context: formatContext(Object.assign(request, { user: updatedUser })),
-            result: updatedUser,
+            secret,
+            passport,
+            role,
+            fullName,
+            // NOTE: token 中存储当前的 login provider
+            provider,
+            walletOS,
           },
-          node
+          { ...sessionConfig, didConnectVersion: getDidConnectVersion(request) }
         );
-      }
-      const lastLoginIp = request.headers['x-real-ip'];
-      const ua = request.headers['user-agent'];
-      // request.context.store.connectedWallet
-      const walletOS = request.context.didwallet.os;
-
-      const userSessionDoc = await node.upsertUserSession({
-        teamDid,
-        visitorId,
-        userDid: realDid,
-        appPid: teamDid,
-        passportId: passport?.id,
-        status: 'online',
-        ua,
-        lastLoginIp,
-        extra: {
-          walletOS,
-        },
-      });
+        logger.info(`${action}.success`, { userDid: realDid, role });
+
+        if (
+          // if user provides owner passport AND app does not have owner, set this user to owner
+          (vc && role === ROLES.OWNER && !blocklet.settings?.owner) ||
+          // if the user will receive a owner passport AND app does not have owner, set this user to owner
+          (issuePassport && defaultRole === ROLES.OWNER && !blocklet.settings?.owner)
+        ) {
+          logger.info('Bind owner for blocklet', { teamDid, userDid: realDid });
+          await node.setBlockletInitialized({ did: teamDid, owner: { did: realDid, pk: realPk } });
+        }
 
-      if (shouldSyncFederated(sourceAppPid, blocklet)) {
-        node
-          .syncFederated({
-            did: teamDid,
-            data: {
-              users: [
-                {
-                  did: updatedUser.did,
-                  pk: updatedUser.pk,
-                  fullName: updatedUser.fullName,
-                  email: updatedUser.email || '',
-                  avatar: getUserAvatarUrl(updatedUser.avatar, blocklet),
-                  connectedAccount: [connectAccount, connectedNft],
-                  action: 'connectAccount',
-                  sourceAppPid: sourceAppPid || masterSite.appPid,
-                },
-              ],
-            },
-          })
-          .then(() => {
-            node.syncUserSession({
-              teamDid,
+        // issue passport for the first login user in a invite-only team
+        if (issuePassport) {
+          return {
+            disposition: 'attachment',
+            type: 'VerifiableCredential',
+            data: vc,
+            sessionToken,
+            refreshToken,
+            visitorId: userSessionDoc.visitorId,
+            nextWorkflowData: {
               userDid: realDid,
-              visitorId: userSessionDoc.visitorId,
-              passportId: passport?.id,
-              targetAppPid: sourceAppPid,
-              ua,
-              lastLoginIp,
-              extra: {
-                walletOS,
-              },
-            });
-          });
-      }
-
-      // Generate new session token that client can save to localStorage
-      const createToken = createTokenFn(createSessionToken);
-      const sessionConfig = blocklet.settings?.session || {};
-
-      const { sessionToken, refreshToken } = createToken(
-        realDid,
-        {
-          secret,
-          passport,
-          role,
-          fullName,
-          // NOTE: token 中存储当前的 login provider
-          provider,
-          walletOS,
-        },
-        { ...sessionConfig, didConnectVersion: getDidConnectVersion(request) }
-      );
-      logger.info(`${action}.success`, { userDid: realDid, role });
-
-      if (
-        // if user provides owner passport AND app does not have owner, set this user to owner
-        (vc && role === ROLES.OWNER && !blocklet.settings?.owner) ||
-        // if the user will receive a owner passport AND app does not have owner, set this user to owner
-        (issuePassport && defaultRole === ROLES.OWNER && !blocklet.settings?.owner)
-      ) {
-        logger.info('Bind owner for blocklet', { teamDid, userDid: realDid });
-        await node.setBlockletInitialized({ did: teamDid, owner: { did: realDid, pk: realPk } });
-      }
+            },
+          };
+        }
 
-      // issue passport for the first login user in a invite-only team
-      if (issuePassport) {
         return {
-          disposition: 'attachment',
-          type: 'VerifiableCredential',
-          data: vc,
           sessionToken,
           refreshToken,
           visitorId: userSessionDoc.visitorId,
@@ -501,17 +656,7 @@ module.exports = {
             userDid: realDid,
           },
         };
-      }
-
-      return {
-        sessionToken,
-        refreshToken,
-        visitorId: userSessionDoc.visitorId,
-        nextWorkflowData: {
-          userDid: realDid,
-        },
-      };
-    },
+      },
   },
 
   switchProfile: {