fix: Signature is already included inside a signed JWT, so including …

…the challenge as it is is the right thing to do.
input-output-hk · Apr 25, 2024 · 3f1b4c3 · 3f1b4c3
1 parent e9b9fda
commit 3f1b4c3
Showing 1 changed file with 1 addition and 7 deletions.
diff --git a/src/pollux/Pollux.ts b/src/pollux/Pollux.ts
@@ -276,13 +276,7 @@ export default class Pollux implements IPollux {
         if (!nonce || typeof nonce !== "string") {
           throw new InvalidVerifyCredentialError(jws, `Invalid Submission, ${descriptorItem.path} does not contain a nonce in its payload with a valid signature for '${challenge}'`);
         }
-        const signatureHex = nonce as string;
-        const signatureValid = await this.castor.verifySignature(
-          DID.fromString(issuer),
-          Buffer.from(challenge),
-          Buffer.from(signatureHex, 'hex')
-        );
-        if (!signatureValid) {
+        if (nonce !== challenge) {
           throw new InvalidVerifyCredentialError(jws, `Invalid Submission, ${descriptorItem.path} does not contain valid signature for '${challenge}'`);
         }
       }