Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(sd-jwt-vc): improve alignment with draft-03 #175

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 3 additions & 11 deletions packages/sd-jwt-vc/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
/**
* The type of the SD-JWT-VC set in the header.typ field.
*/
protected type = 'sd-jwt-vc';
protected type = 'vc+sd-jwt';

/**
* Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
Expand All @@ -18,21 +18,13 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
protected validateReservedFields(
disclosureFrame: DisclosureFrame<SdJwtVcPayload>,
): void {
//validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2
//validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-03.html#section-3.2.2.2
if (
disclosureFrame?._sd &&
Array.isArray(disclosureFrame._sd) &&
disclosureFrame._sd.length > 0
) {
const reservedNames = [
'iss',
'iat',
'nbf',
'exp',
'cnf',
'vct',
'status',
];
const reservedNames = ['iss', 'nbf', 'exp', 'cnf', 'vct', 'status'];
// check if there is any reserved names in the disclosureFrame._sd array
const reservedNamesInDisclosureFrame = (
disclosureFrame._sd as string[]
Expand Down
14 changes: 7 additions & 7 deletions packages/sd-jwt-vc/src/sd-jwt-vc-payload.ts
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
import type { SdJwtPayload } from '@sd-jwt/core';

export interface SdJwtVcPayload extends SdJwtPayload {
// The Issuer of the Verifiable Credential. The value of iss MUST be a URI. See [RFC7519] for more information.
// REQUIRED. The Issuer of the Verifiable Credential. The value of iss MUST be a URI. See [RFC7519] for more information.
iss: string;
// The time of issuance of the Verifiable Credential. See [RFC7519] for more information.
iat: number;
// OPTIONAL. The time before which the Verifiable Credential MUST NOT be accepted before validating. See [RFC7519] for more information.
nbf?: number;
//OPTIONAL. The expiry time of the Verifiable Credential after which the Verifiable Credential is no longer valid. See [RFC7519] for more information.
// OPTIONAL. The expiry time of the Verifiable Credential after which the Verifiable Credential is no longer valid. See [RFC7519] for more information.
exp?: number;
// REQUIRED when Cryptographic Key Binding is to be supported. Contains the confirmation method as defined in [RFC7800]. It is RECOMMENDED that this contains a JWK as defined in Section 3.2 of [RFC7800]. For Cryptographic Key Binding, the Key Binding JWT in the Combined Format for Presentation MUST be signed by the key identified in this claim.
// OPTIONAL unless cryptographic Key Binding is to be supported, in which case it is REQUIRED. Contains the confirmation method identifying the proof of possession key as defined in [RFC7800]. It is RECOMMENDED that this contains a JWK as defined in Section 3.2 of [RFC7800]. For proof of cryptographic Key Binding, the Key Binding JWT in the presentation of the SD-JWT MUST be signed by the key identified in this claim.
cnf?: unknown;
//REQUIRED. The type of the Verifiable Credential, e.g., https://credentials.example.com/identity_credential, as defined in Section 3.2.2.1.1.
// REQUIRED. The type of the Verifiable Credential, e.g., https://credentials.example.com/identity_credential, as defined in Section 3.2.2.1.1.
vct: string;
// OPTIONAL. The information on how to read the status of the Verifiable Credential. See [I-D.looker-oauth-jwt-cwt-status-list] for more information.
status?: unknown;

//The identifier of the Subject of the Verifiable Credential. The Issuer MAY use it to provide the Subject identifier known by the Issuer. There is no requirement for a binding to exist between sub and cnf claims.
// OPTIONAL. The identifier of the Subject of the Verifiable Credential. The Issuer MAY use it to provide the Subject identifier known by the Issuer. There is no requirement for a binding to exist between sub and cnf claims.
sub?: string;
// OPTIONAL. The time of issuance of the Verifiable Credential. See [RFC7519] for more information.
iat?: number;
}
4 changes: 2 additions & 2 deletions packages/sd-jwt-vc/test/app-e2e.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ async function JSONtest(filename: string) {

expect(validated).toBeDefined();
expect(validated).toStrictEqual({
header: { alg: 'EdDSA', typ: 'sd-jwt-vc' },
header: { alg: 'EdDSA', typ: 'vc+sd-jwt' },
payload,
});

Expand All @@ -256,7 +256,7 @@ async function JSONtest(filename: string) {

expect(verified).toBeDefined();
expect(verified).toStrictEqual({
header: { alg: 'EdDSA', typ: 'sd-jwt-vc' },
header: { alg: 'EdDSA', typ: 'vc+sd-jwt' },
payload,
});
}
Expand Down