nklomp
commented
2 years ago Hi @siacomuzzi Right now they are not. Current version of the SIOP package is still in an alpha stage. We are actually working on it for the next few weeks to get it more to a beta stage, as well to update it to the latest SIOPv2 and OIDC4VP specs. We will certainly make provisions in the form of callbacks to verify VPs and thus VCs with whatever library of choice for VCs
Hi,
I'm wondering if the
rp.verifyAuthenticationResponseJwtis taking into account the integrity of the VCs included into the VP. For example, to detect a possible scenario where a (malicious) holder has changed some attributes of the VC (likecredentialSubject) before submit the VP to the relying party (verifier).Thank you