When the generate_consistent_identifier flag to true for a presentation configuration, vc-authn canonicalizes the available presented attributes and places them in the sub claim of the token. This is not desirable, especially since the subject identifier MUST NOT exceed 255 ASCII characters in length (quoting the OpenID Spec. Additionally, a JSON object may include characters that require serialization/escaping.
The generate consistent identifier option should calculate a hash (suggested sha256) of the canonicalized JSON object currently used as a subject identifier to meet the field size restrictions as well as to make the value actually usable.
When the
generate_consistent_identifier
flag to true for a presentation configuration,vc-authn
canonicalizes the available presented attributes and places them in thesub
claim of the token. This is not desirable, especially since the subject identifierMUST NOT exceed 255 ASCII characters in length
(quoting the OpenID Spec. Additionally, a JSON object may include characters that require serialization/escaping.The generate consistent identifier option should calculate a hash (suggested sha256) of the canonicalized JSON object currently used as a subject identifier to meet the field size restrictions as well as to make the value actually usable.