-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): support image url in invitations #463
feat(core): support image url in invitations #463
Conversation
non-standard approach for showing images with connections. Almost all wallets and implementations support this (ACA-Py, AF.NET, Connect.Me, Lissi, Trinsic, etc...) Signed-off-by: Timo Glastra <[email protected]>
@janrtvld ^^ |
I am somewhat concerned about moving our support away from the Aries RFCs standards, including #456. If this image url is something that all agents are supporting, perhaps it's pertinent to update the protocol? Also, is this something present in OOB? If not, that'd definitely be a place to consider too. |
I understand the concern. There was a brief discussion about this at the Aries WG. It's not in the protocol I think because of privacy reasons (so that should maybe also be a reason to not include it in the mobile wallet) Re #456, d_m is the oob approach but it seems Trinsic uses this for their invitations. I'd vote for having interop at the moment and keep good track of the non-standard features we introduce. But maybe we should have a discussion about it at the WG call. E.g. if you create an invitation in trinsic studio it shows a shortened url which resolved to: https://trinsic.studio/link/?d_m=eyJsYWJlbCxxxxx |
Thanks for the feedback!
I must have missed that discussion, but I'd be interested in exploring what we can do to either include in the protocol, or identify a better methodology for doing it given that everyone is doing it but not having it documented in the protocol.
Perhaps I'm missing something but shouldn't the query be for OOB:
I am okay for including for now, but I think it'd be wise to add a MD file or list in the repo of deviations made, IMO. Happy to talk about it more in the WG call. |
No you're right, I think it is often used for connnectionless exchanges. So if I want to issue you a credential without connection, pre-oob d_m (from didcomm_message) is used. Just found a reference to it in RFC 0268: https://github.com/hyperledger/aries-rfcs/blob/08653f21a489bf4717b54e4d7fd2d0bdfe6b4d1a/concepts/0268-unified-didcomm-agent-deeplinking/README.md#message-requirements |
Let's see if we can discuss it at the next Aries WG |
Ah yeah--maybe followup dumb question, but given that it's in a state of proposed this isn't something broadly accepted yet and would warrant consideration before adding to the framework? But it does make me a little bit more comfortable with the previous PR #456 though. Hopefully we'll be able to better align around OOB going forward. So yeah, I'm not opposed here then, but I think a followup discussion in the Aries WG call would be good. Thanks for the discussion! |
Will discuss in Aries call. The primary problem with this is the ease of impersonation and phishing. I believe the desire to include more information in an invitation is the result of a bad mental model (likely contributed to by me) that a user must approve the creation of a connection and exchange of verified information. |
f69f293
to
54aee66
Compare
Codecov Report
@@ Coverage Diff @@
## main #463 +/- ##
==========================================
- Coverage 86.42% 86.42% -0.01%
==========================================
Files 266 266
Lines 5733 5739 +6
Branches 923 923
==========================================
+ Hits 4955 4960 +5
- Misses 777 778 +1
Partials 1 1
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks great here @TimoGlastra! Happy to approve and get merged as soon as we add some short text to the README detailing our divergence from the RFC as discussed on the AFJ Call on 10-8-21.
Signed-off-by: Timo Glastra <[email protected]>
@JamesKEbert I've added a brief explanation of the divergence from the Aries RFCs. Could you take a look? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes! Your docs additions here are wonderful, thanks @TimoGlastra!
non-standard approach for showing images with connections. Almost all wallets and implementations support this (ACA-Py, AF.NET, Connect.Me, Lissi, Trinsic, etc...)
Signed-off-by: Timo Glastra [email protected]