When the generate_consistent_identifier flag to true for a presentation configuration, vc-authn canonicalizes the available presented attributes and places them in the sub claim of the token. This is not desirable, especially since the subject identifier MUST NOT exceed 255 ASCII characters in length (quoting the OpenID Spec. Additionally, a JSON object may include characters that require serialization/escaping.
The generate consistent identifier option should calculate a hash (suggested sha256) of the canonicalized JSON object currently used as a subject identifier to meet the field size restrictions as well as to make the value actually usable.
When the
generate_consistent_identifierflag to true for a presentation configuration,vc-authncanonicalizes the available presented attributes and places them in thesubclaim of the token. This is not desirable, especially since the subject identifierMUST NOT exceed 255 ASCII characters in length(quoting the OpenID Spec. Additionally, a JSON object may include characters that require serialization/escaping.The generate consistent identifier option should calculate a hash (suggested sha256) of the canonicalized JSON object currently used as a subject identifier to meet the field size restrictions as well as to make the value actually usable.