feat: add option to keep payload fields when creating JWT VC/VP (#431)

fixes #394
decentralized-identity · Mar 26, 2021 · 43923e1 · 43923e1
1 parent 9e23a10
commit 43923e1
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 3 deletions.
diff --git a/__tests__/shared/verifiableData.ts b/__tests__/shared/verifiableData.ts
@@ -1,6 +1,7 @@
 import { TAgent, IDIDManager, IIdentifier, IDataStore } from '../../packages/core/src'
 import { IDataStoreORM } from '../../packages/data-store/src'
 import { ICredentialIssuer } from '../../packages/credential-w3c/src'
+import { decodeJWT } from 'did-jwt'
 
 type ConfiguredAgent = TAgent<IDIDManager & ICredentialIssuer & IDataStore & IDataStoreORM>
 
@@ -69,6 +70,34 @@ export default (testContext: {
       expect(verifiableCredential).toHaveProperty('issuanceDate')
       expect(verifiableCredential['@context']).toEqual(['https://www.w3.org/2018/credentials/v1'])
       expect(verifiableCredential['type']).toEqual(['VerifiableCredential'])
+
+      const token = verifiableCredential.proof.jwt
+      const { payload } = decodeJWT(token)
+      expect(payload.vc.credentialSubject.id).not.toBeDefined()
+    })
+
+    it('should create verifiable credential keeping original fields', async () => {
+      expect.assertions(5)
+      const verifiableCredential = await agent.createVerifiableCredential({
+        credential: {
+          issuer: { id: identifier.did },
+          credentialSubject: {
+            id: 'did:web:example.com',
+            you: 'Rock',
+          },
+        },
+        proofFormat: 'jwt',
+        removeOriginalFields: false,
+      })
+
+      expect(verifiableCredential).toHaveProperty('proof.jwt')
+      expect(verifiableCredential).toHaveProperty('issuanceDate')
+      expect(verifiableCredential['@context']).toEqual(['https://www.w3.org/2018/credentials/v1'])
+      expect(verifiableCredential['type']).toEqual(['VerifiableCredential'])
+
+      const token = verifiableCredential.proof.jwt
+      const { payload } = decodeJWT(token)
+      expect(payload.vc.credentialSubject.id).toEqual('did:web:example.com')
     })
 
     it('should create verifiable presentation', async () => {
@@ -142,6 +171,41 @@ export default (testContext: {
 
       const verifiablePresentation2 = await agent.dataStoreGetVerifiablePresentation({ hash })
       expect(verifiablePresentation).toEqual(verifiablePresentation2)
+
+      const token = verifiablePresentation.proof.jwt
+      const { payload } = decodeJWT(token)
+      expect(payload.holder).not.toBeDefined()
+    })
+
+    it('should create verifiable presentation (simple) keeping original fields', async () => {
+      const verifiableCredential = await agent.createVerifiableCredential({
+        credential: {
+          issuer: { id: identifier.did },
+          credentialSubject: {
+            id: 'did:web:example.com',
+            you: 'Rock',
+          },
+        },
+        proofFormat: 'jwt',
+      })
+
+      const verifiablePresentation = await agent.createVerifiablePresentation({
+        presentation: {
+          holder: identifier.did,
+          verifier: [],
+          verifiableCredential: [verifiableCredential],
+        },
+        proofFormat: 'jwt',
+        removeOriginalFields: false,
+      })
+
+      expect(verifiablePresentation).toHaveProperty('proof.jwt')
+      expect(verifiablePresentation['@context']).toEqual(['https://www.w3.org/2018/credentials/v1'])
+      expect(verifiablePresentation['type']).toEqual(['VerifiablePresentation'])
+
+      const token = verifiablePresentation.proof.jwt
+      const { payload } = decodeJWT(token)
+      expect(payload.holder).toEqual(identifier.did)
     })
 
     it('should query for credentials', async () => {

diff --git a/packages/credential-w3c/src/action-handler.ts b/packages/credential-w3c/src/action-handler.ts
@@ -72,6 +72,12 @@ export interface ICreateVerifiablePresentationArgs {
    * Currently, only JWT is supported
    */
   proofFormat: EncodingFormat
+
+  /**
+   * Remove payload members during JWT-JSON transformation. Defaults to `true`.
+   * See https://www.w3.org/TR/vc-data-model/#jwt-encoding
+   */
+  removeOriginalFields?: boolean
 }
 
 /**
@@ -119,6 +125,12 @@ export interface ICreateVerifiableCredentialArgs {
    * Currently, only JWT is supported
    */
   proofFormat: EncodingFormat
+
+  /**
+   * Remove payload members during JWT-JSON transformation. Defaults to `true`.
+   * See https://www.w3.org/TR/vc-data-model/#jwt-encoding
+   */
+  removeOriginalFields?: boolean
 }
 
 /**
@@ -215,7 +227,11 @@ export class CredentialIssuer implements IAgentPlugin {
       //FIXME: Throw an `unsupported_format` error if the `args.proofFormat` is not `jwt`
       const signer = (data: string | Uint8Array) => context.agent.keyManagerSignJWT({ kid: key.kid, data })
       debug('Signing VP with', identifier.did)
-      const jwt = await createVerifiablePresentationJwt(presentation, { did: identifier.did, signer })
+      const jwt = await createVerifiablePresentationJwt(
+        presentation,
+        { did: identifier.did, signer },
+        { removeOriginalFields: args.removeOriginalFields },
+      )
       //FIXME: flagging this as a potential privacy leak.
       debug(jwt)
       const verifiablePresentation = normalizePresentation(jwt)
@@ -256,8 +272,11 @@ export class CredentialIssuer implements IAgentPlugin {
       if (key.type === 'Ed25519') {
         alg = 'EdDSA'
       }
-
-      const jwt = await createVerifiableCredentialJwt(credential, { did: identifier.did, signer, alg })
+      const jwt = await createVerifiableCredentialJwt(
+        credential,
+        { did: identifier.did, signer, alg },
+        { removeOriginalFields: args.removeOriginalFields },
+      )
       //FIXME: flagging this as a potential privacy leak.
       debug(jwt)
       const verifiableCredential = normalizeCredential(jwt)