openbadgeslib 2.0.0
Major release: the OpenBadges 3.0 path is now natively conformant to the spec (§8.2 VC-JWT and document formats), from the conformance audit. Breaking for OB3 consumers. OpenBadges 2.0 is unchanged.
⚠️ Breaking changes (OB3 only)
- Native VC-JWT serialization (§8.2). The JWT payload is the credential (its members at the top level — no
vcclaim wrapper),validFrommaps tonbf(there is noiat), and the JOSE header carries the issuer's public key as ajwk. Tokens issued by 1.x (the VCDM-1.1-stylevc-wrapper) are not compatible. - OB 3.0 baking identifiers. PNG
iTXtkeywordopenbadgecredentialand SVG<openbadges:credential>(namespacehttps://purl.imsglobal.org/ob/v3p0), replacing the OB 2.0openbadges/<openbadges:assertion>. OB3 images baked by 1.x are not read by this verifier.
Conformance improvements
- Verifier accepts spec-valid credentials it used to reject: the
AchievementCredentialtype alias, anissuergiven as a string IRI, and acredentialSubjectwithout anid(identity viaidentifier). - Verifier enforces required structure it used to ignore: the
@context(VC 2.0 + OB v3p0 pair) is validated, and theiss/nbfregistered claims are required (subrequired when the subject has an id). credentialStatushonorsstatusPurpose.suspensionis reported distinctly fromrevocation, a non-revocation/suspension purpose (e.g.message) no longer fails verification, and the entry's purpose is cross-checked against the fetched status list.
Migration
Re-issue OB3 badges with 2.0.0 to get native tokens/images. OB2 signing and verification are unaffected — no changes needed.
Tracked in #116 (issues #111–#115). See Changelog.txt.