-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add text on hash in KB-JWT #353
Conversation
…ly) the horizontal scrollbar in the HTML output doesn't cover up the contentUpdate draft-ietf-oauth-selective-disclosure-jwt.md
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this looks good. Thanks! And REQUIRED
seems right. I even manually checked one example _sd_hash
value and got a matching value, which is good :)
I'm "requesting changes" just for a couple of minor(ish) text suggestions. One of which was already mentioned in slack.
Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com>
Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com>
ugh, sorry about the trailing whitespace! |
Co-authored-by: Orie Steele <orie@or13.io>
@@ -30,7 +30,7 @@ jobs: | |||
- name: "Install SD-JWT tooling" | |||
run: | | |||
python3 -m pip install --upgrade pip | |||
python3 -m pip install git+https://github.com/openwallet-foundation-labs/sd-jwt-python.git | |||
python3 -m pip install git+https://github.com/openwallet-foundation-labs/sd-jwt-python.git@danielfett/kb-jwt-hash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe you want to avoid this repository to rely on personal forks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the branch (not a personal fork) where this feature was developed. The reference to the branch will be removed again as soon as the feature has been merged to main.
@@ -25,7 +25,7 @@ jobs: | |||
- name: "Install SD-JWT tooling" | |||
run: | | |||
python3 -m pip install --upgrade pip | |||
python3 -m pip install git+https://github.com/openwallet-foundation-labs/sd-jwt-python.git | |||
python3 -m pip install git+https://github.com/openwallet-foundation-labs/sd-jwt-python.git@danielfett/kb-jwt-hash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe you want to avoid this repository to rely on personal forks?
(same as above)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as above
Fixes Issue #346
Let's discuss whether we want to make the hash REQUIRED, OPTIONAL or RECOMMENDED. Current text is for REQUIRED. I'm leaning towards that in order to reduce optionality. It also means that there will be less situations where a Verifier accidentally accepts a KB-JWT without the hash (and we don't need to discuss mitigations against that).