Closed siacomuzzi closed 1 year ago
Hi @siacomuzzi Right now they are not. Current version of the SIOP package is still in an alpha stage. We are actually working on it for the next few weeks to get it more to a beta stage, as well to update it to the latest SIOPv2 and OIDC4VP specs. We will certainly make provisions in the form of callbacks to verify VPs and thus VCs with whatever library of choice for VCs
v0.3.0 has callback support for verification
Hi,
I'm wondering if the
rp.verifyAuthenticationResponseJwt
is taking into account the integrity of the VCs included into the VP. For example, to detect a possible scenario where a (malicious) holder has changed some attributes of the VC (likecredentialSubject
) before submit the VP to the relying party (verifier).Thank you