Feat/jwt status list #225
Feat/jwt status list #225
Conversation
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
cre8
requested review from
lukasjhan,
zustkeeper and
berendsliedrecht
as code owners
|
Should this instead be using https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/? That's the replacement of JWT / CWT status list i believe. |
It was built on the referenced IETF. I also opened a PR in the sd-jwt-vc spec since it was pointing to the wrong file |
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
|
@berendsliedrecht @TimoGlastra To make a clean PR, how should we proceed? Merge this PR and then open another to transfer the Lib directly into the repo. Or do all in one step? I would prefer the first option since it makes a cleaner cut between the two tasks |
There was a problem hiding this comment.
Nice work @cre8, we were intending to start work on this later this month, and left some comments based on how we wanted to approach it
Co-authored-by: Timo Glastra <[email protected]> Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
… feat/jwt-status-list Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
First option is fine for me. |
Well, too late :D |
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Co-authored-by: Timo Glastra <[email protected]> Signed-off-by: Mirko Mollik <[email protected]>
There was a problem hiding this comment.
Really nice work @cre8. LGTM ✅
I'm going to implement this into Credo directly, and will let you know if I encounter any issues
Signed-off-by: Mirko Mollik <[email protected]>
Co-authored-by: Timo Glastra <[email protected]> Signed-off-by: Mirko Mollik <[email protected]>
|
@TimoGlastra new version |
closes #224
I extended the verify method so all checked that should be done via sd-jwt are called and then we are looking for revocation.
We will only check the revocation if the
statusfield is present. We are not throwing an error if somebody has referenced another status mechanism and we are not validating if the status field was correctly placed inside the payload when the credential is created (but types are provided).The verifier has to implement the fetch and validation function of the jwt-status-token and also the logic how to deal with the status (it can have multiple definitions but the values are not covered by the spec).
The statusValidator function is to stop the current validation. In case the status has a value to continue, the function executes without throwing an error and the verifier has to deal with the state after the successful verification.