feat: credentials sign & verify#384
Merged
Merged
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThis PR adds two new endpoints to the Agent API: ChangesVerify and Sign Credential Endpoints
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
ajile-in
changed the title
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 12
🧹 Nitpick comments (1)
src/controllers/agent/AgentController.ts (1)
87-91: ⚡ Quick winExtract the duplicated
algorithmMapinto a module-level constant.The same key‑type → algorithm mapping appears verbatim in
verify(lines 87‑91) andsignCredential(lines 207‑211). Lift it to a file/module constant (or shared util) so the two endpoints can’t drift, and so adding a new key type is a one-line change.const KEY_TYPE_TO_KMS_ALGORITHM: Record<string, string> = { ed25519: 'EdDSA', p256: 'ES256', secp256k1: 'ES256K', }Also applies to: 207-211
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/controllers/agent/AgentController.ts` around lines 87 - 91, Extract the duplicated algorithmMap into a shared module-level constant (e.g., KEY_TYPE_TO_KMS_ALGORITHM) and replace the inline algorithmMap usages in both the verify and signCredential functions with that constant; specifically create a top-level exportable constant named KEY_TYPE_TO_KMS_ALGORITHM with the ed25519/p256/secp256k1 mappings and update the references in AgentController.verify and AgentController.signCredential to use KEY_TYPE_TO_KMS_ALGORITHM so the mapping is defined in one place.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/cliAgent.ts`:
- Line 10: Restore the external imports for PolygonDidRegistrar,
PolygonDidResolver, and PolygonModule to the top-level import block (remove the
commented-out import) and delete the duplicate active import currently placed
later in the file; ensure all external package imports (including
PolygonDidRegistrar/PolygonDidResolver/PolygonModule) are grouped together
before local utility imports to satisfy the import/order rule and remove
dead/commented code.
In `@src/controllers/agent/AgentController.ts`:
- Around line 117-225: The signCredential method is too complex and uses `@Body`()
data: any plus a string union that collapses; refactor by extracting the JSON-LD
path into a private signJsonLd(request: Req, body:
CustomW3cJsonLdSignCredentialOptions, store: boolean) method, the raw-data path
into a private signRawData(request: Req, body: SignDataOptions) method, and the
kms resolution logic into a private resolveKmsKeyId(request: Req, body:
SignDataOptions): Promise<string> (move the dids.getCreatedDids/resolve and
fallback kmsKeyId logic there, keeping the getKmsKeyIdForVerifiacationMethod
call), then change the controller signature to use `@Query`('dataTypeToSign')
dataTypeToSign: 'rawData' | 'jsonLd' and `@Body`() body:
CustomW3cJsonLdSignCredentialOptions | SignDataOptions (a discriminated union)
and have the top-level signCredential simply dispatch to signJsonLd or
signRawData based on dataTypeToSign; preserve logging and error handling
unchanged.
- Around line 145-149: The handler currently returns a stored record when
storeCredential is true but a credential JSON otherwise, breaking the response
contract; change the code so it always returns the signed credential JSON (use
signedCredential.toJson()) and, if storeCredential is true, additionally include
the stored record id. Concretely: build the W3cCredentialRecord via
W3cCredentialRecord.fromCredential(signedCredential), call
request.agent.w3cCredentials.store({ record }), extract the resulting record id
(from the returned stored record or from the record object), and return a single
object such as { credential: signedCredential.toJson(), recordId: <id> } so both
paths share the same shape.
- Around line 1-27: There are two imports from '@credo-ts/core' and an unused
symbol; consolidate the two import statements into a single import from
'@credo-ts/core' in AgentController.ts, include all actually used symbols
(JsonTransformer, W3cJsonLdVerifiableCredential, TypedArrayEncoder, ClaimFormat,
W3cCredentialRecord, DidDocument, verkeyToPublicJwk,
getKmsKeyIdForVerifiacationMethod) and remove the unused
CustomW3cJsonLdSignCredentialOptions from the imported types list so the file
has one clean import for all required symbols.
- Around line 187-205: The fallback chain is assigning invalid identifiers (raw
public keys or DID fragments) to kmsKeyId which will fail when calling kms.sign;
change the logic in AgentController so that if
getKmsKeyIdForVerifiacationMethod(verificationMethod) returns undefined you
throw a BadRequestError (do not fall back to publicKeyBase58, idPart, or vmId),
and for the branch that currently sets kmsKeyId = rawData.publicKeyBase58
require a valid stored KMS keyId instead (either look up
didRecord.keys[0].kmsKeyId or call getKmsKeyIdForDid to map the verification
method to a stored kms key id) so kms.sign always receives a real KMS keyId.
- Line 19: The import getKmsKeyIdForVerifiacationMethod is invalid and must be
removed; replace the call to
getKmsKeyIdForVerifiacationMethod(verificationMethod) with one of the supported
patterns: 1) if you expect a KMS key ID from the agent, call the agent KMS API
(e.g., use agent.kms.* to look up or derive the key id from the verification
method) referencing the agent instance and verificationMethod variable, or 2) if
the key id is embedded in the JWK, extract verificationMethod.publicKeyJwk.kid
(or compute the kid per your JWK handling) and use that as derivedKeyId, or 3)
perform a DidRecord lookup to resolve the key and obtain its kid via the
agent/did resolver; remove the bad import line and update the code that assigns
derivedKeyId to use one of these supported approaches (use agent.kms methods,
the verificationMethod.publicKeyJwk.kid, or a did-record lookup depending on
intended behavior).
In `@src/routes/routes.ts`:
- Around line 4783-4788: The argsAgentController_signCredential schema currently
allows any string for dataTypeToSign which bypasses validation; update the
controller/type that defines dataTypeToSign to a strict union of the two
literals ("rawData" | "jsonLd") (remove the generic string alternative), then
regenerate the routes so argsAgentController_signCredential's dataTypeToSign
subSchemas only include the two enum values; locate the symbol
argsAgentController_signCredential and the controller method signCredential to
adjust the parameter type and re-run the codegen that emits
src/routes/routes.ts.
In `@src/routes/swagger.json`:
- Around line 9258-9262: The Swagger spec for the /agent/credential/sign
endpoint currently leaves the query parameter dataTypeToSign and the request
body schema untyped (empty {}); update the query param (dataTypeToSign) to an
enum of allowed values (e.g., "rawData", "jsonLd", and allow open string if
needed) and replace the empty request body schema with a proper component (e.g.,
SignCredentialRequest) that uses oneOf to discriminate between the JSON-LD
credential shape (reference existing JsonLdCredential) and the raw-data object
shape ({ data: string, publicKeyBase58?: string } with data required); ensure
the operation for /agent/credential/sign references this SignCredentialRequest
and marks the query param as required so the generated API matches the
controller behavior.
- Line 3253: Replace the empty object schema for VerifyDataOptions.keyType with
a reference to the existing KeyAlgorithm schema so the OpenAPI spec validates
allowed algorithms; locate the VerifyDataOptions definition (where "keyType": {}
appears) and change it to use a $ref to the KeyAlgorithm schema used elsewhere,
ensuring it matches the set of strings expected by AgentController.verifyData
(see usage around AgentController.ts line 103).
In `@src/utils/openbadges-context.json`:
- Line 4: The `@base` entry in openbadges-context.json is set to
"http://localhost/base/" and must be removed or replaced to avoid resolving
relative IRIs to localhost in production; edit the openbadges-context.json file
to either delete the "@base" key entirely (if you do not rely on relative IRIs)
or replace its value with your canonical production base URL (e.g.,
"https://example.org/base/"), then scan for uses of "@base" or any relative IRIs
in credential-generation code to ensure they resolve correctly and update any
tests or fixtures that expect the localhost base.
- Around line 8-72: The openbadges-context.json file contains invalid localhost
"@base" and incomplete/mismatched mappings (see keys "OpenBadgeCredential",
"Achievement", "awardedDate" etc.), and must be removed or replaced: either
delete this unused file or replace its contents with a direct reference to the
official OpenBadges 3.0.3 context URL
(https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json) and update any code
that imports this file to use the official URL; if you need extensions, create a
small context that composes the official context (no "@base":
"http://localhost/base/") and document the additions, ensuring date/numeric
types and container mappings follow the official schema.
---
Nitpick comments:
In `@src/controllers/agent/AgentController.ts`:
- Around line 87-91: Extract the duplicated algorithmMap into a shared
module-level constant (e.g., KEY_TYPE_TO_KMS_ALGORITHM) and replace the inline
algorithmMap usages in both the verify and signCredential functions with that
constant; specifically create a top-level exportable constant named
KEY_TYPE_TO_KMS_ALGORITHM with the ed25519/p256/secp256k1 mappings and update
the references in AgentController.verify and AgentController.signCredential to
use KEY_TYPE_TO_KMS_ALGORITHM so the mapping is defined in one place.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 8bb6c27f-bd41-4a21-8ef4-e2ba27cf0adc
📒 Files selected for processing (5)
src/cliAgent.tssrc/controllers/agent/AgentController.tssrc/routes/routes.tssrc/routes/swagger.jsonsrc/utils/openbadges-context.json
| import type { IndyVdrPoolConfig } from '@credo-ts/indy-vdr' | ||
|
|
||
| import { PolygonDidRegistrar, PolygonDidResolver, PolygonModule } from '@ayanworks/credo-polygon-w3c-module' | ||
| // import { PolygonDidRegistrar, PolygonDidResolver, PolygonModule } from '@ayanworks/credo-polygon-w3c-module' |
There was a problem hiding this comment.
Restore import to its original location and remove commented code.
The Polygon module import was moved from the top-level external imports (line 10, now commented) to line 87, which violates the ESLint import/order rule. External package imports should be grouped together at the top of the file, before local utility imports. The commented-out import at line 10 should also be removed to avoid leaving dead code.
📦 Proposed fix
Remove the commented import and move the active import back to the top:
-// import { PolygonDidRegistrar, PolygonDidResolver, PolygonModule } from '@ayanworks/credo-polygon-w3c-module'
+import { PolygonDidRegistrar, PolygonDidResolver, PolygonModule } from '@ayanworks/credo-polygon-w3c-module'
import {
AnonCredsDidCommCredentialFormatService,And remove the duplicate import at line 87:
getX509CertsByUrl,
} from './utils/oid4vc-agent'
-import { PolygonDidRegistrar, PolygonDidResolver, PolygonModule } from '@ayanworks/credo-polygon-w3c-module'
export type Transports = 'ws' | 'http'Also applies to: 87-87
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/cliAgent.ts` at line 10, Restore the external imports for
PolygonDidRegistrar, PolygonDidResolver, and PolygonModule to the top-level
import block (remove the commented-out import) and delete the duplicate active
import currently placed later in the file; ensure all external package imports
(including PolygonDidRegistrar/PolygonDidResolver/PolygonModule) are grouped
together before local utility imports to satisfy the import/order rule and
remove dead/commented code.
| "publicKeyBase58": { | ||
| "type": "string" | ||
| }, | ||
| "keyType": {}, |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify expected type for verify input in controller/routes
rg -n -C3 'VerifyDataOptions|/agent/verify|keyType|Verify\(' src/controllers src/routesRepository: credebl/agent-controller
Length of output: 23581
🏁 Script executed:
rg -n "KeyAlgorithm|Curve" src/routes/swagger.json | head -30Repository: credebl/agent-controller
Length of output: 213
🏁 Script executed:
sed -n '10,50p' src/routes/swagger.jsonRepository: credebl/agent-controller
Length of output: 929
🏁 Script executed:
sed -n '3115,3135p' src/routes/swagger.jsonRepository: credebl/agent-controller
Length of output: 393
Use a proper schema for keyType in VerifyDataOptions.
Line 3253 defines keyType as {}, which provides no validation for a security-critical field that determines the cryptographic algorithm. The controller expects a string matching one of the supported key algorithms (line 103 in AgentController.ts). Use a reference to the existing KeyAlgorithm schema instead.
Suggested patch
- "keyType": {},
+ "keyType": {
+ "$ref": "#/components/schemas/KeyAlgorithm"
+ },📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| "keyType": {}, | |
| "keyType": { | |
| "$ref": "#/components/schemas/KeyAlgorithm" | |
| }, |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/routes/swagger.json` at line 3253, Replace the empty object schema for
VerifyDataOptions.keyType with a reference to the existing KeyAlgorithm schema
so the OpenAPI spec validates allowed algorithms; locate the VerifyDataOptions
definition (where "keyType": {} appears) and change it to use a $ref to the
KeyAlgorithm schema used elsewhere, ensuring it matches the set of strings
expected by AgentController.verifyData (see usage around AgentController.ts line
103).
Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>
sagarkhole4
force-pushed
the
feat/credentials-sign-verify
branch
from
287340f to
7847dbd
Compare
Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>
…oller Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>
Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>
Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (1)
src/controllers/agent/AgentController.ts (1)
178-231:⚠️ Potential issue | 🔴 Critical | ⚡ Quick winDo not treat a public key or DID fragment as a KMS
keyId.Line 186 returns
publicKeyBase58as thekmsKeyId, and Lines 221-226 fall back topublicKeyBase58/#fragment/verificationMethod.idwhen lookup fails.kms.sign()can only use a stored private-key reference; a public key or DID fragment is not enough to sign. This makes thepublicKeyBase58 + keyTypepath non-functional and turns lookup failures into late runtime errors instead of a clean 4xx.♻️ Safer failure mode
private async resolveKmsKeyId(request: Req, body: SignDataOptions): Promise<string> { const hasDidOrMethod = body.did || body.method const hasPublicKey = body.publicKeyBase58 && body.keyType if (!hasDidOrMethod && !hasPublicKey) { throw new BadRequestError('Either (did or method) OR (publicKeyBase58 and keyType) must be provided.') } if (!hasDidOrMethod) { - return body.publicKeyBase58 + throw new BadRequestError('Raw-data signing requires a DID/method that resolves to a stored KMS key.') } @@ - const publicKeyBase58 = (verificationMethod as any).publicKeyBase58 - const vmId = verificationMethod.id || '' - const idPart = vmId.includes('#') ? vmId.split('#')[1] : undefined - - kmsKeyId = (derivedKeyId || publicKeyBase58 || idPart || vmId) as string + if (!derivedKeyId) { + throw new BadRequestError('Unable to resolve a stored kmsKeyId for the verification method.') + } + kmsKeyId = derivedKeyIdVerify that
keyIdis sourced from stored KMS identifiers elsewhere in the repo and that this method is the only path feedingpublicKeyBase58through unchanged. Expected result: other call sites resolvekmsKeyIdfrom records/DID state, while this method is the outlier.#!/bin/bash set -euo pipefail echo "=== Raw-data signing path ===" sed -n '164,231p' src/controllers/agent/AgentController.ts echo echo "=== KMS sign call sites and key-id sources ===" rg -nP --type=ts -C2 '\bkms\.sign\s*\(|\bkmsKeyId\b' src echo echo "=== DID-record based key-id lookups ===" rg -nP --type=ts -C2 'didRecord\.keys\[[0-9]+\]\.kmsKeyId|getKmsKeyIdFor' src🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/controllers/agent/AgentController.ts` around lines 178 - 231, resolveKmsKeyId currently treats a raw publicKeyBase58 or DID fragment as a KMS keyId (e.g., returning body.publicKeyBase58 on no DID, and falling back to publicKeyBase58/#fragment/verificationMethod.id), which is invalid for kms.sign; change resolveKmsKeyId so it only returns actual stored KMS identifiers: if body.publicKeyBase58+keyType is provided without a DID, reject with BadRequestError; when a DID is provided, first try to read didRecord.keys[].kmsKeyId and return it; if caller supplied publicKeyBase58, match it against didRecord.keys[*].publicKeyBase58 (or equivalent) and return the associated kmsKeyId; if no matching stored kmsKeyId can be found (including after getKmsKeyIdForVerifiacationMethod), throw BadRequestError describing no usable KMS keyId rather than returning a public key or fragment. Ensure references in this function (resolveKmsKeyId, didRecord.keys, getKmsKeyIdForVerifiacationMethod) are used to locate and implement these checks.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/controllers/agent/AgentController.ts`:
- Around line 1-8: The import list in AgentController.ts is missing trailing
commas causing Prettier/Validate failures; update the import statements that
reference AgentInfo, AgentToken, SafeW3cJsonLdVerifyCredentialOptions,
CustomW3cJsonLdSignCredentialOptions, SignDataOptions, and VerifyDataOptions to
include the required trailing commas (and likewise fix the second import block
around lines 10-19) so the formatter passes—locate the import blocks and add
trailing commas after the last identifier on the affected lines.
In `@src/controllers/types.ts`:
- Around line 467-474: The new type alias CustomW3cJsonLdSignCredentialOptions
is misformatted and failing CI Prettier checks; run the project's Prettier
formatter (or your editor's format command) and reflow the declaration for
consistency with surrounding types (ensure proper spacing/commas, brace
placement, and consistent indentation for the nested credential:
Omit<W3cCredential, 'context' | 'credentialSubject'> block and the '@context'
and credentialSubject lines), and apply the same formatting fix to the related
type aliases referencing SingleOrArray and JsonObject so the file passes
lint/format checks.
In `@src/utils/constant.ts`:
- Around line 33-37: The ALGORITHM_MAP keys must match the lowercased keyType
produced by verify() and signRawData() (which yield values like "p-256" etc.),
so update ALGORITHM_MAP to include the hyphenated lowercase EC curve spellings
(e.g., "p-256": "ES256", "p-384": "ES384", "p-521": "ES512") and also add any
common alternates ("p256", "p384", "p521") if you want backward compatibility;
modify the ALGORITHM_MAP constant accordingly so lookups from
verify()/signRawData() return the correct JOSE algorithms.
---
Duplicate comments:
In `@src/controllers/agent/AgentController.ts`:
- Around line 178-231: resolveKmsKeyId currently treats a raw publicKeyBase58 or
DID fragment as a KMS keyId (e.g., returning body.publicKeyBase58 on no DID, and
falling back to publicKeyBase58/#fragment/verificationMethod.id), which is
invalid for kms.sign; change resolveKmsKeyId so it only returns actual stored
KMS identifiers: if body.publicKeyBase58+keyType is provided without a DID,
reject with BadRequestError; when a DID is provided, first try to read
didRecord.keys[].kmsKeyId and return it; if caller supplied publicKeyBase58,
match it against didRecord.keys[*].publicKeyBase58 (or equivalent) and return
the associated kmsKeyId; if no matching stored kmsKeyId can be found (including
after getKmsKeyIdForVerifiacationMethod), throw BadRequestError describing no
usable KMS keyId rather than returning a public key or fragment. Ensure
references in this function (resolveKmsKeyId, didRecord.keys,
getKmsKeyIdForVerifiacationMethod) are used to locate and implement these
checks.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: dda0ba05-7db9-4fdb-839f-4aa97b43a8b5
📒 Files selected for processing (5)
src/controllers/agent/AgentController.tssrc/controllers/types.tssrc/routes/routes.tssrc/routes/swagger.jsonsrc/utils/constant.ts
✅ Files skipped from review due to trivial changes (1)
- src/routes/routes.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- src/routes/swagger.json
Comment on lines
+33
to
+37
| export const ALGORITHM_MAP: Record<string, string> = { | ||
| ed25519: 'EdDSA', | ||
| p256: 'ES256', | ||
| secp256k1: 'ES256K', | ||
| } |
There was a problem hiding this comment.
Normalize the EC curve spellings in ALGORITHM_MAP.
verify() and signRawData() lowercase keyType before lookup, but the rest of this module uses P-256 / P-384 / P-521. Those inputs become p-256 / p-384 / p-521, which miss this map and get forwarded as raw curve names instead of JOSE algs. Valid EC requests will fail unless callers know to send the special p256 spelling.
♻️ Minimal fix
export const ALGORITHM_MAP: Record<string, string> = {
ed25519: 'EdDSA',
p256: 'ES256',
+ 'p-256': 'ES256',
+ 'p-384': 'ES384',
+ 'p-521': 'ES512',
secp256k1: 'ES256K',
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| export const ALGORITHM_MAP: Record<string, string> = { | |
| ed25519: 'EdDSA', | |
| p256: 'ES256', | |
| secp256k1: 'ES256K', | |
| } | |
| export const ALGORITHM_MAP: Record<string, string> = { | |
| ed25519: 'EdDSA', | |
| p256: 'ES256', | |
| 'p-256': 'ES256', | |
| 'p-384': 'ES384', | |
| 'p-521': 'ES512', | |
| secp256k1: 'ES256K', | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@src/utils/constant.ts` around lines 33 - 37, The ALGORITHM_MAP keys must
match the lowercased keyType produced by verify() and signRawData() (which yield
values like "p-256" etc.), so update ALGORITHM_MAP to include the hyphenated
lowercase EC curve spellings (e.g., "p-256": "ES256", "p-384": "ES384", "p-521":
"ES512") and also add any common alternates ("p256", "p384", "p521") if you want
backward compatibility; modify the ALGORITHM_MAP constant accordingly so lookups
from verify()/signRawData() return the correct JOSE algorithms.
Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>
|
sairanjit
approved these changes
May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit