search

Concordium / concordium-web3id

Tools for issuing, verification, and testing of Web3 ID
https://developer.concordium.software/en/mainnet/net/web3-id/index.html#web3-id
Mozilla Public License 2.0
2 stars 0 forks source link

Inconsistency in verifying account ownership with 4 different credentials #117

Open mh-concordium opened 10 months ago

mh-concordium commented 10 months ago

Bug Description This is a case where I have issued credentials twice, so I have 2 active credentials for Telegram (T1 and T2) and 2 active credentials for Discord (D1 and D2). It seems that there is inconsistent behavior in how it is possible to prove ownership over the accounts. Using credentials pairs to prove as described in the following steps below.

Steps to Reproduce

  1. Issue 2 credentials for Telegram (T1 and T2) and 2 credentials for Discord (D1 and D2).
  2. Verify with T1 and D1 -> Proof OK - Works as expected
  3. Don't remove verification.
  4. Verify with T2 and D2 -> Proof rejected - works as expected.
  5. Verify with T1 and D2 -> Proof OK - works as expected.
  6. Verify with T2 and D1 -> Proof rejected - not working as expected.

Expected Result It should be possible to verify ownership over the accounts in step 6. That would be consistent with verification in step 5.

Actual Result With the step 6, verification is not successful.

Versions

mh-concordium commented 10 months ago

With the current implementation this is expected behavior since at the step 6, the credentials that were used are both different than the ones that were used at step 5. In a sense, it is the same as proof rejected at step 4 where you are basically trying to prove the same thing twice.