Feat/sd jwt implementation #2487
Conversation
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
|
What a treat on a Friday afternoon!! Way cool! Would be great to see a doc file included that outlined the functionality. |
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
|
Some quick notes: this PR, like the JWT sign and verify endpoints added previously, adds basic support for creation and verification of SD-JWTs. The methods/endpoints do not place any expectations on the payload beyond those required by the SD-JWT specification; in other words, the payload is not required to be a VC. As it stands, this enables other services to take advantage of ACA-Py's secure storage and DID Resolution capabilities to create and verify SD-JWT VCs but does not enable ACA-Py to do the same on it's own. This is the foundational work required to later add support for SD-JWT VCs to the rest of ACA-Py's Issuance and Verification stacks. |
| @@ -51,6 +51,7 @@ unflatten="~0.1" | |||
| asyncpg = ">=0.25.0,<0.26.0" | |||
| web-py = ">=0.62,<1.0" | |||
| pygments = ">=2.10,<3.0" | |||
| sd_jwt = {git = "https://github.com/openwallet-foundation-labs/sd-jwt-python.git"} | |||
There was a problem hiding this comment.
We should nudge the OWF to publish a package to PyPI.
There was a problem hiding this comment.
Do we have any contacts over there?
There was a problem hiding this comment.
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
|
Looks comprehensive, thanks! Hopefully that library does get released on PyPI shortly. |
|
Kudos, SonarCloud Quality Gate passed!
|
Adds SD-JWT support for sign and verify endpoints, including optional key binding.
By default, all claims at all levels of the payload can be selectively disclosable (with the exception of essential verification data such as iss, iat, cnf, etc.), unless indicated otherwise by the issuer.
Info from @dbluhm: This PR, like the JWT sign and verify endpoints added previously, adds basic support for creation and verification of SD-JWTs. The methods/endpoints do not place any expectations on the payload beyond those required by the SD-JWT specification; in other words, the payload is not required to be a VC. As it stands, this enables other services to take advantage of ACA-Py's secure storage and DID Resolution capabilities to create and verify SD-JWT VCs but does not enable ACA-Py to do the same on its own. This is the foundational work required to later add support for SD-JWT VCs to the rest of ACA-Py's Issuance and Verification stacks.