openbadgeslib 1.2.0
Minor release adding four OpenBadges 3.0 / cryptography features on top of the v1.1.6 security & correctness baseline. No breaking changes; a drop-in upgrade. cryptography is now an explicit dependency (it was already pulled in transitively by PyJWT[crypto]).
New features
-
Ed25519 (EdDSA) keys, end to end. Key generation (
key_type = ED25519in the badge profile), OB2 JWS and OB3 JWT-VC signing and verification.detect_key_typeclassifies an Ed25519 PEM explicitly — theecdsalibrary would otherwise misread it as a NIST/ECC key — and the algorithm-pinning allowlists bindEdDSAto Ed25519 keys, so cross-type tokens are still rejected. (#103) -
OB3 credential revocation via
credentialStatus. The OB3 counterpart of OB2's revocation control.OB3Verifier.verify(check_status=True)(andopenbadges-verifier --check-status) resolves each status entry — W3C Bitstring Status List v1.0 and the legacy StatusList2021 — fetches the status list over HTTPS, decodes the multibase base64url + GZIP bitstring under a bounded inflate, and rejects a set revocation/suspension bit. Fail-closed when enabled; verifies the published status bit only, not the status-list credential's own signature (documented). (#104) -
DID resolution for OB3 issuer identity. New
ob3.resolve_did()andOB3Verifier.for_issuer_did()supportdid:key(Ed25519 and P-256, self-certifying, offline) anddid:web(fetches the DID document over HTTPS and reads its first verification method'spublicKeyJwkorpublicKeyMultibase).openbadges-verifier --resolve-didreads the issuer DID from the token and resolves it when no key is supplied.did:keyneeds no external trust;did:webtrusts the host's DNS + TLS (documented in the Security Model). (#105) -
--jsonverifier output.openbadges-verifier --jsonemits a single machine-readable JSON result (valid,ob_version,recipient,reason, plus OB2trusted/statusor OB3issuer/achievement/…) instead of the human lines, and exits 0 when valid / non-zero otherwise — usable in CI and services without scraping stdout. The default human output and its exit codes are unchanged. (#106)
See Changelog.txt for the full list.