Skip to content

openbadgeslib 2.0.0

Choose a tag to compare

@luisgf luisgf released this 01 Jul 18:04

Major release: the OpenBadges 3.0 path is now natively conformant to the spec (§8.2 VC-JWT and document formats), from the conformance audit. Breaking for OB3 consumers. OpenBadges 2.0 is unchanged.

⚠️ Breaking changes (OB3 only)

  • Native VC-JWT serialization (§8.2). The JWT payload is the credential (its members at the top level — no vc claim wrapper), validFrom maps to nbf (there is no iat), and the JOSE header carries the issuer's public key as a jwk. Tokens issued by 1.x (the VCDM-1.1-style vc-wrapper) are not compatible.
  • OB 3.0 baking identifiers. PNG iTXt keyword openbadgecredential and SVG <openbadges:credential> (namespace https://purl.imsglobal.org/ob/v3p0), replacing the OB 2.0 openbadges / <openbadges:assertion>. OB3 images baked by 1.x are not read by this verifier.

Conformance improvements

  • Verifier accepts spec-valid credentials it used to reject: the AchievementCredential type alias, an issuer given as a string IRI, and a credentialSubject without an id (identity via identifier).
  • Verifier enforces required structure it used to ignore: the @context (VC 2.0 + OB v3p0 pair) is validated, and the iss/nbf registered claims are required (sub required when the subject has an id).
  • credentialStatus honors statusPurpose. suspension is reported distinctly from revocation, a non-revocation/suspension purpose (e.g. message) no longer fails verification, and the entry's purpose is cross-checked against the fetched status list.

Migration

Re-issue OB3 badges with 2.0.0 to get native tokens/images. OB2 signing and verification are unaffected — no changes needed.

Tracked in #116 (issues #111#115). See Changelog.txt.