add support for SIOP request JWT #262
Conversation
According to JWT Presentation Profile, the SIOP Request's JWT does not contain an `iss` claim, it must have a `client_id` claim instead. See https://identity.foundation/jwt-vc-presentation-profile/#self-issued-op-request-object
siacomuzzi
changed the title
src/JWT.ts
Outdated
| @@ -423,7 +423,7 @@ export async function verifyJWT( | |||
| } | |||
| did = payload.did | |||
| } else { | |||
| did = payload.iss | |||
| did = payload.iss || payload.client_id | |||
There was a problem hiding this comment.
What if iss and client_id are both present and not equivalent.
There was a problem hiding this comment.
added an IF statement just for this kind of JWT
There was a problem hiding this comment.
In order to avoid breaking changes, this logic is now executed only when iss isn't present.
Also, JWT Presentation Profile isn't expecting an iss claim in this specific JWT, see https://identity.foundation/jwt-vc-presentation-profile/#non-normative-request-object
There was a problem hiding this comment.
What if
issandclient_idare both present and not equivalent.
According to the spec, iss shouldn't be present. So, if both iss and client_id are present, this proposed logic isn't reached.
The tricky part here is that there is no a direct way to detect if payload belongs to a JWT Presentation Profile request.
Thank you for your review! Do you have plans to publish a new release that includes this change soon? |
Of course |
# [6.11.0](6.10.1...6.11.0) (2022-12-13) ### Features * add support for SIOP request JWT ([#262](#262)) ([3259ffd](3259ffd))
|
🎉 This PR is included in version 6.11.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
According to JWT Presentation Profile, the SIOP Request JWT does not contain an
issclaim, it must have aclient_idclaim instead. See https://identity.foundation/jwt-vc-presentation-profile/#self-issued-op-request-object