search

decentralized-identity / veramo

A JavaScript Framework for Verifiable Data
https://veramo.io
Apache License 2.0
443 stars 133 forks source link

Integrate the SD-JWT #1358

Open lukasjhan opened 8 months ago

lukasjhan commented 8 months ago

Hi I'm currently developing sd-jwt typescript library in Open Wallet Foundation with @cre8. I want to continuously contribute to Veramo by working on sd-jwt-related integration.

Related Issue: #1276

This is my first time contributing to Veramo. If there is anything you would like to change, please let me know. I'm open to any changes :)

What issue is this PR fixing

Example: closes #123 fixes #456

Linking to an issue provides some context and a reason for the PR to be reviewed, as well as simplifying the release notes and changelogs that get generated automatically. If an issue is linked like this it will be automatically closed when the PR is merged.

What is being changed

Add SD-JWT features in Veramo

Quality

Check all that apply:

Details

sd-jwt package has 4 main features

About Testing

This is the sample of tests, but

I failed setup the agent in test file in this way

const context = {
  agent: {
    execute: jest.fn(),
    availableMethods: jest.fn(),
    getSchema: jest.fn(),
    emit: jest.fn(),
  },
} as IAgentContext<any>

If there is a guide on how to set up this context, please let me know and I will add it.

Or, this is the original test file in cre8's repo. https://github.com/cre8/sd-jwt-veramo/blob/main/src/agent-plugin/sd-jwt-plugin.spec.ts If it's okay to add it like this, then I'll add it like this.

Please take a look and let me know about the test. Thank you.

cre8 commented 8 months ago

At this point I don't feel well opening the PR to the veramo repo yet. Linting is based on biome and not prettier, testing on vitest and not jest.

lukasjhan commented 8 months ago

At this point I don't feel well opening the PR to the veramo repo yet. Linting is based on biome and not prettier, testing on vitest and not jest.

Okay, I'll make it draft and keep working on here. :)

lukasjhan commented 8 months ago

@cre8 I added test and fixed the schema generation :)

lukasjhan commented 8 months ago

Good I'll definitely add this module test-react-app :) I'll do it after I resolved all comments.

vadimchilinciuc commented 5 months ago

Hi @lukasjhan and @cre8 :) maybe this is not the thread but i want to try to ask you a question maybe you can help me . To bee compliant in the European (EUDI) the format is SD-JWT with OpenID4VC ; do you think at this moment its possible realize something with OpenID4VC? Cause i see something like https://github.com/IDunion/OpenIDIDComm but they dont support SD-JWT ? :( (under the hood they use sphereon sdk but they dont support SD_JWT) )did you guys use with OpenID4VC or without it . Thanks a lot for your reply .

cre8 commented 5 months ago

Hi @lukasjhan and @cre8 :) maybe this is not the thread but i want to try to ask you a question maybe you can help me . To bee compliant in the European (EUDI) the format is SD-JWT with OpenID4VC ; do you think at this moment its possible realize something with OpenID4VC? Cause i see something like https://github.com/IDunion/OpenIDIDComm but they dont support SD-JWT ? :( did you guys use with OpenID4VC or without it , thanks a lot for your reply in case i'll cancel my comment .

Yes, it's possible, I implemented it here: https://github.com/openwallet-foundation-labs/credhub This project comes without using verano, but it should be possible with the verano plugin for oid4vci by sphereon

nklomp commented 5 months ago

Also be aware that sd-jwt is supported by our lower level libraries, including our credential mappers. If you include the sd-jwt veramo plugin into the idunion didcomm project using our SDK it should work including presentation exchange etc

vadimchilinciuc commented 5 months ago

Also be aware that sd-jwt is supported by our lower level libraries, including our credential mappers. If you include the sd-jwt veramo plugin into the idunion didcomm project using our SDK it should work including presentation exchange etc

Thanks a lot @nklomp : I think the problem will bee that the IDunion Project use the @sphereon/ssi-sdk.oid4vci-issuer package,tha is a Veramo Plugin

// Creating a creadential we have this snippet :

        const response = await agent.oid4vciIssueCredential({
            credential: credential,
            credentialIssuer: this.store_id,
            credentialRequest: {
                format: 'jwt_vc_json', **_// allowing formats are those types = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc';_**
                proof: request.proof,
                types: request.types
            }
        })

i think i will get some kind of error passing a sd-jwt type; cause the allowing formats are only those types = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc'; ? Thanks a lot for reply

nklomp commented 5 months ago

Since that is using our low-level libs, which have sd-jwt support it should work at that point. Having said that, we are actually integrating sd-jwt into our SDKs, wallets and agents as we speak. So we should have this working probably next week.

stale[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

nickreynolds commented 2 months ago

@lukasjhan I'm just wondering if there's been any progress on this recently? Is there anything in particular keeping us from moving forward? I know it will need to be refactored to support the new credential-w3c architecture, but that shouldn't be difficult.

cre8 commented 2 months ago

@lukasjhan I'm just wondering if there's been any progress on this recently? Is there anything in particular keeping us from moving forward? I know it will need to be refactored to support the new credential-w3c architecture, but that shouldn't be difficult.

Sphereon has published an SD jwt package in the meantime: https://github.com/Sphereon-Opensource/SSI-SDK/tree/develop/packages%2Fsd-jwt

I haven't tested it yet, but when it works it makes no sense to continue the work on a second package from my point of view.

nklomp commented 2 months ago

Please be aware that our one, especially in a feature branch depends on very specific modules from our SDK. We have modules for uniform identifier/key resolution, x.509 support, jwt/jws signatures that the sd-jwt module depends on.

nklomp commented 2 months ago

All of that to say, that our module is more versatile as it does not have some of the errors and assumptions in this plugin (encountering a jwk, doesn't mean a did:jwk perse of course). At the same time since our sdk can work with regular jwks, x5cs etc next to DIDs and since we have our own jose signature service, our plugin depends on multiple of our other modules. So you cannot simply include our module as a single dep into a vanilla Veramo environment

lukasjhan commented 2 months ago

Hi @nickreynolds, sry I've been busy for this summer.

I think I can do test-react-app job this weekends. Could you please explain in more detail about the new credential-w3c architecture

nickreynolds commented 2 months ago

@lukasjhan great to hear that you can pick this back up!

The best way to understand the new architecture is probably to review this PR: https://github.com/decentralized-identity/veramo/pull/1395

Basically, credential plugins now implement a new shared interface and each of these is passed as a provider to credential-w3c. Looking at credential-jwt, credential-eip712 and credential-ld should give you examples of how credential providers are now written. I don't think it's too complex, but I can try to provide more info soon (was planning on writing a short blog post explaining this anyways, before we release veramo v7)

lukasjhan commented 2 weeks ago

Sry for delay. I'll finish this pr by ends of this year.