TimoGlastra
commented
3 months ago Should this instead be using https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/?
That's the replacement of JWT / CWT status list i believe.
Closed cre8 closed 3 months ago
TimoGlastra
commented
3 months ago Should this instead be using https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/?
That's the replacement of JWT / CWT status list i believe.
cre8
commented
3 months ago Should this instead be using https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/?
That's the replacement of JWT / CWT status list i believe.
It was built on the referenced IETF. I also opened a PR in the sd-jwt-vc spec since it was pointing to the wrong file
cre8
commented
3 months ago @berendsliedrecht @TimoGlastra To make a clean PR, how should we proceed? Merge this PR and then open another to transfer the Lib directly into the repo.
Or do all in one step? I would prefer the first option since it makes a cleaner cut between the two tasks
berendsliedrecht
commented
3 months ago @berendsliedrecht @TimoGlastra To make a clean PR, how should we proceed? Merge this PR and then open another to transfer the Lib directly into the repo.
Or do all in one step? I would prefer the first option since it makes a cleaner cut between the two tasks
First option is fine for me.
cre8
commented
3 months ago @berendsliedrecht @TimoGlastra To make a clean PR, how should we proceed? Merge this PR and then open another to transfer the Lib directly into the repo. Or do all in one step? I would prefer the first option since it makes a cleaner cut between the two tasks
First option is fine for me.
Well, too late :D
cre8
commented
3 months ago @TimoGlastra new version 0.7.0 got released.
closes #224
I extended the verify method so all checked that should be done via sd-jwt are called and then we are looking for revocation.
We will only check the revocation if the
statusfield is present. We are not throwing an error if somebody has referenced another status mechanism and we are not validating if the status field was correctly placed inside the payload when the credential is created (but types are provided).The verifier has to implement the fetch and validation function of the jwt-status-token and also the logic how to deal with the status (it can have multiple definitions but the values are not covered by the spec).
The statusValidator function is to stop the current validation. In case the status has a value to continue, the function executes without throwing an error and the verifier has to deal with the state after the successful verification.