search

walt-id / waltid-identity

All-in-one open-source identity and wallet toolkit.
Apache License 2.0
119 stars 45 forks source link

Signature and any type of proof is missing in a VC #594

Closed eminademburan closed 2 months ago

eminademburan commented 2 months ago

Using the Issuer API in the identity repo, I sign a credential and issue it to a wallet. Then, I view this issued credential using Wallet API. But no signature or proof is included in the credential returned from the API. Can you explain why? How can I find the signature of a VC? I think a proof or a signature should be included in a VC.

cpatsonakis commented 2 months ago

Hi!

Thanks for reaching out! Please refer to the following description for more information that might be helpful.

An example request to retrieve a VC from a wallet is as follows (wallet and credential id parameters vary):

curl -X 'GET' \
  'https://wallet.walt.id/wallet-api/wallet/08695502-e7a1-4637-97a7-84233991104b/credentials/urn%3Auuid%3A6bce1999-f2cd-4b43-8249-ceada991a8d8' \
  -H 'accept: application/json'

A sample response is as follows:

{
  "wallet": "08695502-e7a1-4637-97a7-84233991104b",
  "id": "urn:uuid:6bce1999-f2cd-4b43-8249-ceada991a8d8",
  "document": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDprZXk6ejZNa2pvUmhxMWpTTkpkTGlydVNYckZGeGFncXJ6dFphWEhxSEdVVEtKYmNOeXdwIn0.eyJpc3MiOiJkaWQ6a2V5Ono2TWtqb1JocTFqU05KZExpcnVTWHJGRnhhZ3FyenRaYVhIcUhHVVRLSmJjTnl3cCIsInN1YiI6ImRpZDpqd2s6ZXlKcmRIa2lPaUpQUzFBaUxDSmpjbllpT2lKRlpESTFOVEU1SWl3aWEybGtJam9pYm5sRE1IZDFTbVE1YW1WelZFWlJNbVZFZFhVeGFqUmlZV2xUUWpWcVpXeFdSM3BJT1RCQ2RsaDJWU0lzSW5naU9pSjROa3RPTjNsbGFVOWpSMkozUWtwMGNFTkRSamg1TmxSb1NsSmlaRE5JUXpsdGQyVllhVzU0VVVwekluMCIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwiaWQiOiJ1cm46dXVpZDo2YmNlMTk5OS1mMmNkLTRiNDMtODI0OS1jZWFkYTk5MWE4ZDgiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVW5pdmVyc2l0eURlZ3JlZSJdLCJpc3N1ZXIiOnsiaWQiOiJkaWQ6a2V5Ono2TWtqb1JocTFqU05KZExpcnVTWHJGRnhhZ3FyenRaYVhIcUhHVVRLSmJjTnl3cCJ9LCJpc3N1YW5jZURhdGUiOiIyMDI0LTA2LTAzVDExOjU1OjE0Ljg2NzgxNDkzMVoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDpqd2s6ZXlKcmRIa2lPaUpQUzFBaUxDSmpjbllpT2lKRlpESTFOVEU1SWl3aWEybGtJam9pYm5sRE1IZDFTbVE1YW1WelZFWlJNbVZFZFhVeGFqUmlZV2xUUWpWcVpXeFdSM3BJT1RCQ2RsaDJWU0lzSW5naU9pSjROa3RPTjNsbGFVOWpSMkozUWtwMGNFTkRSamg1TmxSb1NsSmlaRE5JUXpsdGQyVllhVzU0VVVwekluMCIsImRlZ3JlZSI6eyJ0eXBlIjoiQmFjaGVsb3JEZWdyZWUiLCJuYW1lIjoiQmFjaGVsb3Igb2YgU2NpZW5jZSBhbmQgQXJ0cyJ9fSwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA2LTAzVDExOjU1OjE0Ljg2NzkyMjg5N1oifSwianRpIjoidXJuOnV1aWQ6NmJjZTE5OTktZjJjZC00YjQzLTgyNDktY2VhZGE5OTFhOGQ4IiwiZXhwIjoxNzQ4OTUxNzE0LCJpYXQiOjE3MTc0MTU3MTQsIm5iZiI6MTcxNzQxNTcxNH0.TFC-t5oPeEzUmwASrlUGIfFqWvPCQW0Nqa5B333ok8ay6HlZliQNgJTAh5emQSdhv3VBaQr-ctuJBN2FP8IJDg",
  "addedOn": "2024-06-03T11:55:14.905Z",
  "deletedOn": "2024-06-14T09:55:57.141Z"
}

The value of document contains the JWT-serialized VC. Note that JWTs are signed objects and in this case they are signed by the private signing key that corresponds to the issuer's DID (iss field in the JWT's payload section). You can decode the JWT-serialized VC online via jwt.io, by copying the value and pasting it in the "Encoded" box.

Has the aforementioned information helped you in resolving your question?

eminademburan commented 2 months ago

Hi @cpatsonakis. Thank you for your answer. It helped me a lot to resolve my question.