Open rmw2 opened 5 years ago
Current readme docs might lead users to create signatures that are note recoverable:
const jwt = await didJWT.createJWT(
{
aud: "did:example:123",
exp: 1957463421,
name: "uPort Developer"
},
{
issuer: "did:example:123",
alg: "ES256K-R",
signer
}
);
Might be better to be explicit with the algorithm.
A few people have reported issues in which a response coming back from the mobile app is unable to be verified. It's unlikely that the problem is in the libraries, as a valid signature with other issues would not crash in this particular place.
In android chrome, a user provided this trace
A similar trace was provided by an EthDenver user, after receiving the response from a disclosure request:
Initial suspicions were that an old signer of some sort is using the wrong algorithm to sign -- I think I've seen something similar with ES256K vs ES256K-R? However, the latter crash was experienced by a user after supposedly creating a fresh account on the latest version of the app, so that's particularly confusing, and I have been unable to reproduce so far.