changeset-bot[bot]
commented
1 month ago 🦋 Changeset detected
Latest commit: bee17c8d54d2acd7d5c261a436c5b3a3a6fb3b60
The changes in this PR will be included in the next version bump.
This PR includes changesets to release 14 packages
| Name | Type | | ------------------------------------- | ----- | | @credo-ts/openid4vc | Minor | | @credo-ts/action-menu | Minor | | @credo-ts/anoncreds | Minor | | @credo-ts/askar | Minor | | @credo-ts/bbs-signatures | Minor | | @credo-ts/cheqd | Minor | | @credo-ts/core | Minor | | @credo-ts/drpc | Minor | | @credo-ts/indy-sdk-to-askar-migration | Minor | | @credo-ts/indy-vdr | Minor | | @credo-ts/node | Minor | | @credo-ts/question-answer | Minor | | @credo-ts/react-native | Minor | | @credo-ts/tenants | Minor |Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
Initially I wanted to target this for 0.5.14, but to get rid of some technical debt and allow better adoption of new features I decided to make several breaking changes. Although OID4VCI is marked as experimental i think it warrants a 0.6 release due to the impact it will cause.
As we've been discussing a 0.6 already i think it's ok to make a new breaking release.
Also all credential offers that were made previously will now be invalidated. As they are only valid for a short period of time anyway, I think for this time it's ok. Due to how nonce are now managed in newer drafts (stateless) i had to rework the solution. Nonce ar enow even shorter lived and are signed, so we don't have to store them. In a follow up PR I'll add caching so we can still catch replay of nonces. We'll need a proper cache implementation for that though (if you do multi-instance in-memoery won't do it)
Todo
I don't think we need an actual PAR endpoint for general authorization, as we don't really have anything to authorize the user with (except for requesting a presentation using OID4VP). For all other flows an external authorization server makes sense.