Skip to content

fix: return only permitted credentials instead of rejecting out-of-scope requests#992

Merged
paullatzelsperger merged 4 commits into
eclipse-edc:mainfrom
paullatzelsperger:fix/990_scope_match_check
May 21, 2026
Merged

fix: return only permitted credentials instead of rejecting out-of-scope requests#992
paullatzelsperger merged 4 commits into
eclipse-edc:mainfrom
paullatzelsperger:fix/990_scope_match_check

Conversation

@paullatzelsperger
Copy link
Copy Markdown
Member

@paullatzelsperger paullatzelsperger commented May 20, 2026
edited
Loading

What this PR changes/adds

When a client requests credentials outside their permitted scope, filter them
out and return only the allowed ones, logging a warning instead of failing the
entire request.

Why it does that

dcp spec mandates that

Further notes

TCK tests will fail until this is also updated in the TCKs!

Who will sponsor this feature?

Please @-mention the committer that will sponsor your feature.

Linked Issue(s)

Closes #990

Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.

@paullatzelsperger @claude
fix: return only permitted credentials instead of rejecting out-of-sc…
5da328b 
…ope requests

When a client requests credentials outside their permitted scope, filter them
out and return only the allowed ones, logging a warning instead of failing the
entire request.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@paullatzelsperger paullatzelsperger mentioned this pull request May 21, 2026
Merged
ndr-brt
ndr-brt approved these changes May 21, 2026
View reviewed changes
Comment thread ...c/main/java/org/eclipse/edc/identityhub/core/services/query/CredentialQueryResolverImpl.java Outdated
paullatzelsperger and others added 3 commits May 21, 2026 10:10
@paullatzelsperger @claude
fix: map DCP credential profiles to CredentialFormat and bump TCK to RC7
88cb238 
Introduces CredentialProfile utility to translate between DCP profile strings
(e.g. vc11-sl2021/jwt, vc20-bssl/jwt) and CredentialFormat enum values, replacing
the previous raw enum-name parsing in CredentialWriterImpl and DcpCredentialStorageClient.
Also updates TCK runtime image and library coordinates to 1.0.0-RC7.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@paullatzelsperger
pr remarks
e8371cd
@paullatzelsperger
javadoc
21a1619
@paullatzelsperger paullatzelsperger marked this pull request as ready for review May 21, 2026 08:25
@paullatzelsperger paullatzelsperger requested a review from a team as a code owner May 21, 2026 08:25
@paullatzelsperger paullatzelsperger merged commit e4d4c75 into eclipse-edc:main May 21, 2026
16 checks passed
@paullatzelsperger paullatzelsperger deleted the fix/990_scope_match_check branch May 21, 2026 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ndr-brt ndr-brt ndr-brt approved these changes

Assignees

No one assigned

Labels

api dcp

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Scope match check not aligned with DCP

2 participants

@paullatzelsperger @ndr-brt