Currently, top-level object SdJwtVerifier exposes various verification methods as plain non-suspendable functions.
This is fine as long as the caller has obtained beforehand (or out-of-band) the public key of the issuer.
There are cases though, like those described in SD-JWT-VC profile (see here), where issuer's public key should be
Fetched (this is the case for an issuer that exposes an SD-JWT-VC metadata endpoint) or/and
Resolved (this is the case of an issuer that uses DIDs).
For this reason and in order to support in the future SD-JWT-VC the methods of SdJwtVerifier must be suspendable.
This will also affect also the interfaces of JwtSignatureVerifier and KeyBindingVerifier
Currently, top-level object
SdJwtVerifierexposes various verification methods as plain non-suspendable functions.This is fine as long as the caller has obtained beforehand (or out-of-band) the public key of the issuer. There are cases though, like those described in SD-JWT-VC profile (see here), where issuer's public key should be
For this reason and in order to support in the future SD-JWT-VC the methods of
SdJwtVerifiermust be suspendable. This will also affect also the interfaces ofJwtSignatureVerifierandKeyBindingVerifier