Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: openid4vci mdoc-issuanc #2069

Merged
merged 4 commits into from
Oct 28, 2024
Merged

feat: openid4vci mdoc-issuanc #2069

merged 4 commits into from
Oct 28, 2024

Conversation

auer-martin
Copy link
Contributor

No description provided.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 25, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 9ed736e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@auer-martin
feat: openid4vci mdoc-issuance alpha
0c4a093 
Signed-off-by: Martin Auer <martin.auer97@gmail.com>
TimoGlastra
TimoGlastra approved these changes Oct 25, 2024
View reviewed changes
Copy link
Contributor

@TimoGlastra TimoGlastra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!! Some small suggestions

demo-openid/src/Issuer.ts Outdated
format: ClaimFormat.MsoMdoc,
docType: universityDegreeCredentialMdoc.doctype,
issuerCertificate: trustedCertificates[0],
holderKey,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we return the holder binding like we do with sd-jwt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can, but then we need to decide internally how to e.g. extract a key from a did-holder biding with mdoc, which I think should be up to the user?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm how to extract the key is generally straigtforward. You resolve the did, find the key with the key id, transform it to a key instance (like you do now). I think we should just not allow did holder binding when using mdoc?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm but I understand now what you mean, it will break the API. Okay let's keep it like this 👍

Could we also add the key to the binding / credential request mapper? Then you at least don't have to call the mdoc service.

packages/core/src/modules/mdoc/MdocOptions.ts Outdated
Comment on lines 61 to 64
export type MdocCredentialHolderDidBinding = {
method: 'did'
didUrl: string
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you bind a mdoc to a did? I think only a key right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I mean, the reason for the method was simply compatibility. For example, the credentialRequestToCredentialMapper gives you the holder binding in this format. So at some level we need to extract the key from the holder binding. Where should that be done? I think everyone needs to implement the getKeyFromMdocCredentialHolderBinding method in the credentialRequestMapper itself if we don't provide it. But I understand your reasoning.
What would you suggest?

packages/core/src/modules/mdoc/MdocService.ts Outdated
holderBinding: MdocCredentialHolderBinding
) {
let holderKey: Key
if (holderBinding.method !== 'jwk') {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (holderBinding.method !== 'jwk') {
if (holderBinding.method === 'did') {

But again, i don't think we should allow the did holder binding without the did actually being put in the mdoc (like is the case with sd-jwt, the binding actually represents what gets put in the cred, did or jwk). So do we need mdoc holder binding at all? I think jwk is closest to what gets put in the actual mdoc

@auer-martin
fix: mdoc-issuance feedback
7000ca8 
Signed-off-by: Martin Auer <martin.auer97@gmail.com>
@auer-martin auer-martin marked this pull request as ready for review October 28, 2024 10:53
@TimoGlastra
Copy link
Contributor

LGTM but CI is failing

@auer-martin
fix: holderbinding
cba86a8 
Signed-off-by: Martin Auer <martin.auer97@gmail.com>
@TimoGlastra
Copy link
Contributor

Still failing :(

@auer-martin
fix: tests
9ed736e 
Signed-off-by: Martin Auer <martin.auer97@gmail.com>
@TimoGlastra TimoGlastra enabled auto-merge (squash) October 28, 2024 11:52
@TimoGlastra TimoGlastra merged commit 5695055 into openwallet-foundation:main Oct 28, 2024
13 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimoGlastra TimoGlastra TimoGlastra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@auer-martin @TimoGlastra