generateMdocPayload

suspend fun generateMdocPayload(issuerSigned: ByteArray, docType: String, validFrom: Long, validTo: Long, excludedElementIdentifiers: Set<String> = emptySet(), dropByteStringClaims: Boolean = false, deviceSign: suspend (ByteArray) -> ByteArray): ByteArray

Builds the SignedQR transport payload for presenting a held mdoc credential: the issued issuerSigned (optionally with some claims omitted) plus a fresh device signature over the signed-QR SessionTranscript. Frame it for display with SecureQRRenderer.encodeMdocFrames — mirroring how the SD-JWT path returns one payload the renderer frames. The assembled frames verify with com.dewa.walletsdk.secureqr.altid.AltIdQrVerifier.

Return

the raw SignedQRPayload CBOR bytes.

Parameters

issuerSigned

the issued IssuerSigned CBOR (e.g. a credential's issuer-provided data).

docType

the mdoc docType.

validFrom

/validTo QR validity window in Unix seconds (prefer trusted server time).

excludedElementIdentifiers

claims to omit by identifier.

dropByteStringClaims

omit byte-string claims (portraits/biometrics) that bloat the payload into many frames. Omission is safe — retained claims still verify.

deviceSign

signs the COSE Sig_structure with the credential's device key, returning the raw (r‖s) ES256 signature.