Skip to content

add example of response encryption #536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
May 13, 2025
Merged

add example of response encryption #536

merged 10 commits into from
May 13, 2025

Conversation

@bc-pi
Copy link
Member

@bc-pi bc-pi commented Apr 11, 2025
edited
Loading

Add some examples showing an encrypted response and a corresponding request with jwks. For #520

@bc-pi
Add some examples showing an encrypted response and a corresponding r…
98c3c9d 
…equest with jwks. Also update the default for no authorization_encrypted_response_enc to be more flexible.
@bc-pi bc-pi linked an issue Apr 11, 2025 that may be closed by this pull request
Example that requests encrypted response should be added #520
Closed
@bc-pi bc-pi mentioned this pull request Apr 11, 2025
Closed
@jogu jogu changed the title encryption example add encryption example + change default behaviour of authorization_encrypted_response_enc Apr 11, 2025
jogu
jogu reviewed Apr 11, 2025
View reviewed changes
@bc-pi bc-pi changed the title add encryption example + change default behaviour of authorization_encrypted_response_enc add encryption example + (maybe) change default behaviour of authorization_encrypted_response_enc Apr 13, 2025
Sakurann
Sakurann approved these changes Apr 14, 2025
View reviewed changes
Copy link
Collaborator

@Sakurann Sakurann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CBC -> GCM

Sakurann
Sakurann requested changes Apr 14, 2025
View reviewed changes
Copy link
Collaborator

@Sakurann Sakurann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CBC -> GCM

@jogu jogu removed the editorial label Apr 16, 2025
selfissued
selfissued requested changes Apr 16, 2025
View reviewed changes
Copy link
Member

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please incorporate one of the two solutions to the inconsistency described #552 into the example (either restoring authorization_encrypted_response_alg or using authorization_encrypted_response_alg_values_supported and authorization_encrypted_response_enc_values_supported), depending upon which the working group prefers.

@Sakurann Sakurann added this to the Final 1.0 milestone Apr 16, 2025
bc-pi
bc-pi commented Apr 23, 2025
View reviewed changes
@bc-pi bc-pi changed the title add encryption example + (maybe) change default behaviour of authorization_encrypted_response_enc add example of response encryption Apr 25, 2025
@bc-pi
Copy link
Member Author

bc-pi commented Apr 25, 2025

This has been updated to reconcile with changes in #555

selfissued
selfissued approved these changes Apr 25, 2025
View reviewed changes
Copy link
Member

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewing this from my phone on a plane, so I'm going to trust that the encrypted content is correct.

@bc-pi
Copy link
Member Author

bc-pi commented Apr 29, 2025

Reviewing this from my phone on a plane, so I'm going to trust that the encrypted content is correct.

I did create and check the encrypted content but certainly having an independent check would be good too.

@c2bo
Copy link
Member

c2bo commented Apr 29, 2025
edited
Loading

Reviewing this from my phone on a plane, so I'm going to trust that the encrypted content is correct.

I did create and check the encrypted content but certainly having an independent check would be good too.

Looks good to me - this is what I get when decoding and decrypting:

Header:

{
  "alg": "ECDH-ES",
  "enc": "A128GCM",
  "kid": "ac",
  "epk": {
    "kty": "EC",
    "x": "nnmVpm3V3jbhcafQaRBkSVNHlwZHwt-9rOpJufyYIuk",
    "y": "r4fjDqwJys9qUOP-_b3mR5SZG--CwO2mic5VSNTYN9g",
    "crv": "P-256"
  }
}

Payload:

{
  "vp_token": {
    "example_credential_id": [
      "eyJhb...YMetA"
    ]
  }
}

@Sakurann Sakurann merged commit 162c006 into main May 13, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jogu jogu jogu approved these changes

@selfissued selfissued selfissued approved these changes

@c2bo c2bo c2bo approved these changes

@awoie awoie awoie approved these changes

@Sakurann Sakurann Sakurann approved these changes

@GarethCOliver GarethCOliver Awaiting requested review from GarethCOliver

@paulbastian paulbastian Awaiting requested review from paulbastian

@charsleysa charsleysa Awaiting requested review from charsleysa

Assignees

No one assigned

Labels

post-wglc-is-ok

Projects

None yet

Milestone

Final 1.0

Development

Successfully merging this pull request may close these issues.

Example that requests encrypted response should be added

8 participants

@bc-pi @c2bo @jogu @charsleysa @selfissued @awoie @Sakurann