search

eclipse-tractusx / managed-identity-wallet

Apache License 2.0
9 stars 22 forks source link

Invalid `kid` header value when we create presentation as JWT #304

Open nitin-vavdiya opened 4 months ago

nitin-vavdiya commented 4 months ago

Current Behavior

When we create a presentation as JWT using api/presentations/iatp?asJwt=true and api/presentations?asJwt=true, the generated JWT token has an invalid kid header value

ie:

Did document:

{
    "@context":
    [
        "https://www.w3.org/ns/did/v1",
        "https://w3c.github.io/vc-jws-2020/contexts/v1"
    ],
    "id": "did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000",
    "verificationMethod":
    [
        {
            "publicKeyJwk":
            {
                "x": "2IU_u50oEO1ym0ZELQPKtYzJA6UJ_J11cpnoFxxFsNM",
                "crv": "Ed25519",
                "kty": "OKP"
            },
            "controller": "did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000",
            "id": "did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000#b879cfac-7e51-45c1-97fa-3db84db10e44",
            "type": "JsonWebKey2020"
        },
        {
            "publicKeyJwk":
            {
                "kty": "EC",
                "x": "hZvJ0heaxQxeeBXlSuC-4IPx_UFGeOL5UEYLzLdzfIQ",
                "y": "EufmJauadvvkKl7lB7HkzzF9AIVLx4qN9Ih5yf-7eLc",
                "crv": "secp256k1"
            },
            "controller": "did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000",
            "id": "did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000#1b4c2d5b-479b-4a19-834a-fecd42c3d60b",
            "type": "JsonWebKey2020"
        }
    ]
}

The header of JWT:

{
 "kid": "did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000",
 "typ": "JWT",
 "alg": "ES256K"
}

Here kid is just the did of the issuer without any specific key ID.

Here it should be did:web:3bdf-203-129-213-107.ngrok-free.app:BPNL000000000000#1b4c2d5b-479b-4a19-834a-fecd42c3d60b as kid

Expected Behavior

Value of kid value must contain issuer#keyId

Steps To Reproduce

  1. Create Wallet
  2. Create an STS token
  3. Create presentation as JWT using api/presentations/iatp?asJwt=true POST API
  4. Verify kid value of JWT
  5. Create presentation as JWT using api/presentations?asJwt=true POST API
  6. Verify kid value of JWT

For IATP, it can be fixed in MIW application For VP as JWT, the SSI lib version 0.0.18 does not support creating/signing JWT with keyId, we need to upgrade SSI lib version first.

We can plan this task once we after merging https://github.com/eclipse-tractusx/managed-identity-wallet/pull/284

Related to https://github.com/eclipse-tractusx/managed-identity-wallet/issues/303