mnzaki
commented
3 years ago So I haven't really arrived at a good answer to "should we be validating at the layer of Interaction.processInteractionToken" and instead I just split out processInteractionToken into another private method _processToken which is used internally when we don't want to validate, but left processInteractionToken the same.... until further/more major refactoring of Interaction
Note that I still left the storage and PCA processing changes (i.e. moved them to agent.processJWT) because I think those make a lot more sense there, and it improves performance quite a bit for loading stuff from DB
agent.processJWTis now responsible for ~validating incoming JWTs,~ storing JWTs as necessary, and "encountering" new DIDs based onjwt.payload.pcaInteraction.processInteractionTokenneed not concern itself with those, and can remain rather "pure"This PR does not affect the public API's inputs/outputs, but does affect behavior: if someone was directly using
Interaction.processInteractionTokenthen they should now also handle the storage ~and validation~ concerns