-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat/sd jwt implementation #2487
Feat/sd jwt implementation #2487
Conversation
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
What a treat on a Friday afternoon!! Way cool! Would be great to see a doc file included that outlined the functionality. |
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Some quick notes: this PR, like the JWT sign and verify endpoints added previously, adds basic support for creation and verification of SD-JWTs. The methods/endpoints do not place any expectations on the payload beyond those required by the SD-JWT specification; in other words, the payload is not required to be a VC. As it stands, this enables other services to take advantage of ACA-Py's secure storage and DID Resolution capabilities to create and verify SD-JWT VCs but does not enable ACA-Py to do the same on it's own. This is the foundational work required to later add support for SD-JWT VCs to the rest of ACA-Py's Issuance and Verification stacks. |
@@ -51,6 +51,7 @@ unflatten="~0.1" | |||
asyncpg = ">=0.25.0,<0.26.0" | |||
web-py = ">=0.62,<1.0" | |||
pygments = ">=2.10,<3.0" | |||
sd_jwt = {git = "https://github.com/openwallet-foundation-labs/sd-jwt-python.git"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should nudge the OWF to publish a package to PyPI.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have any contacts over there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Signed-off-by: Char Howland <[email protected]>
Looks comprehensive, thanks! Hopefully that library does get released on PyPI shortly. |
Kudos, SonarCloud Quality Gate passed! |
Adds SD-JWT support for sign and verify endpoints, including optional key binding.
By default, all claims at all levels of the payload can be selectively disclosable (with the exception of essential verification data such as iss, iat, cnf, etc.), unless indicated otherwise by the issuer.
Info from @dbluhm: This PR, like the JWT sign and verify endpoints added previously, adds basic support for creation and verification of SD-JWTs. The methods/endpoints do not place any expectations on the payload beyond those required by the SD-JWT specification; in other words, the payload is not required to be a VC. As it stands, this enables other services to take advantage of ACA-Py's secure storage and DID Resolution capabilities to create and verify SD-JWT VCs but does not enable ACA-Py to do the same on its own. This is the foundational work required to later add support for SD-JWT VCs to the rest of ACA-Py's Issuance and Verification stacks.