JWT Sign and Verify updates #190
Assignees
Labels
bug
Something isn't working
Comments
|
The only open question now is this: // TODO: figure out how to make more reliable since algorithm is technically not a required property of a JWK @jiyoontbd is this going to be irrelevant soon? Is jwt signing / verifying changing? |
|
@nitro-neal yea, i think so. #262 introduces our own jws + jwt types, and also removes closing as duplicate of #234 - let me know if you disagree and we can reopen! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A few thoughts and updates need to be made to our JWT signing logic:
Sign// TODO: ensure that publicKeyJwk is not null
// TODO: figure out how to make more reliable since algorithm is technically not a required property of a JWK
verificationMethodId and jwt.header.keyID could be different: for example we may have a key id as a JWK thumbprint but a verification method ID as did:example:abcd#key-1
VerifyCould make a presentation definition where I'm specifically requesting expired credentials. this check would fail, since JWT validation fails if the exp property is in the past
More reference here - #184
The text was updated successfully, but these errors were encountered: