Skip to content

v0.21.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 16 Jun 14:53
· 44 commits to main since this release
v0.21.0
d53d92c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Compare: v0.20.4...main

Highlights

  • Shipped OSS Issuer2 - a complete OpenID4VCI issuer service with config-backend credential profiles, authorization code flow support, external authorization server integration, notification events (webhooks/SSE), dev mode, and Docker service deployment (WAL-1048) (#1744).
  • Added OpenID4VP 1.0 holder support with draft compatibility, including request_uri POST metadata/nonce validation, unified VP format capabilities, and hardened request object handling (WAL-741) (#1694).
  • Implemented transaction_data support across wallet, verifier2, and shared libraries per OpenID4VP spec, with config-driven type profiles, mdoc namespace handling, and comprehensive validation (WAL-741) (#1695).
  • Added X.509 Certificate Signing Request (CSR) support in the x509 library for certificate generation workflows (#1753).
  • Added x5c support for W3C Credentials, enabling X.509 certificate chain embedding in credential signatures (#1742).
  • Upgraded to Ktor 3.4.3 and Gradle 9 with conformance test improvements, vulnerability fixes, and enhanced error handling (#1716).

Detailed updates

OSS Issuer2 Service

  • Added complete issuer2 service with OpenID4VCI support (#1744).
  • Implemented config-backend credential profiles with typed profile decoding (#1744).
  • Added authorization code flow with external authorization server support (#1744).
  • Added notification events with webhook and SSE support (#1744).
  • Added dev mode for simplified development workflows (#1744).
  • Added Docker service deployment configuration (#1744).
  • Added support for partial runtime merge data (#1744).
  • Added credential offer examples and OpenAPI documentation (#1744).
  • Added status passthrough support in OSS issuer2 (#1777).

OpenID4VP / Wallet

  • Added OpenID4VP 1.0 holder support with draft compatibility (#1694).
  • Unified VP format capabilities across wallet flows (#1694).
  • Added request_uri POST metadata/nonce validation (#1694).
  • Hardened OID4VP request object handling and cleaned tests (#1694).
  • Refactored OpenID4VP request resolution transport wiring (#1694).
  • Fixed holder-bound key usage for OpenID4VP (#1694).
  • Preserved legacy signed request fallback for backward compatibility (#1694).

Transaction Data Support

  • Added transaction_data support across wallet, verifier2, and shared libraries (#1695).
  • Implemented config-driven transaction data type profiles (#1695).
  • Added per-type mdoc namespace handling for interoperability (#1695).
  • Added mdoc transaction data round-trip integration tests (#1695).
  • Enforced transaction_data VP policies regardless of custom vp_policies list (#1695).
  • Added invalid_transaction_data error code per OID4VP spec (#1695).
  • Added transaction data UI improvements in portal (#1695).

X.509 / Crypto

  • Added Certificate Signing Request (CSR) support in x509 library (#1753).
  • Added x5c support for W3C Credentials (#1742).

Metadata Resolution

  • Simplified metadata URL construction and resolution logic in IssuerMetadataResolver (WAL-1048) (#1759).
  • Added path-aware metadata URL resolution for OpenID4VCI wallet (#1759).
  • Improved error body logging in IssuerMetadataResolver (#1759).

Conformance / Testing

  • Upgraded conformance tests with Ktor 3.4.3 migration (#1716).
  • Added KB IAT check policy for SD-JWT (#1716).
  • Updated certificates and trust anchors for conformance tests (#1716).
  • Improved presentation verification error messages (#1716).
  • Fixed vulnerable transient dependency of Azure library (#1716).

Infrastructure / Deployment

  • Refactored kubeconfig and updated deployment configurations (#1775).
  • Updated ingress class from nginx to Traefik across services (#1782).
  • Updated storageClass references for cloud deployments (#1782).
  • Removed initContainers from wallet-api deployment (#1784).
  • Fixed Docker Compose setup (#1769).

Fixes

  • Fixed typo in codebase (#1780).
  • Fixed stale import (#1785).
  • Fixed WebDataFetcher JVM hang by moving to companion object.
  • Fixed database transaction context for KeysService.list() calls.
  • Fixed SD-JWT verification with issuer key set.
  • Fixed status list debug logging (thousands of 0s).

Merged pull requests

PR Title Author Reviewer Merged
#1694 feat(wallet-api): add OpenID4VP 1.0 holder support with draft compatibility szijpeter JakeFernandes98, waltkb 2026-06-15
#1695 feat(openid4vp): add transaction_data support across wallet, verifier2, and shared libraries szijpeter waltkb 2026-06-15
#1716 conformance test upgrade philpotisk JakeFernandes98 2026-06-12
#1742 Add support for x5c to W3C Credentials JakeFernandes98 SuperBatata 2026-06-11
#1744 Oss issuer2 chsavvaidis JakeFernandes98 2026-06-15
#1753 add support for CSR in x509 lib JakeFernandes98 philpotisk 2026-06-11
#1759 refactor(metadata): simplify metadata URL construction and resolution SuperBatata chsavvaidis 2026-06-12
#1769 fix docker compose setup JakeFernandes98 dinkar-jain 2026-06-08
#1775 Refactor kubeconfig and update deployment, storageClass, and ingress dinkar-jain JakeFernandes98 2026-06-11
#1777 add support for status passthrough in oss issuer2 JakeFernandes98 chsavvaidis 2026-06-16
#1780 fix: typo chsavvaidis JakeFernandes98 2026-06-15
#1782 Update ingress class to Traefik and adjust storageClass references dinkar-jain JakeFernandes98 2026-06-16
#1784 chore: remove initContainers from wallet-api deployment configurations dinkar-jain SuperBatata 2026-06-16
#1785 fix stale import JakeFernandes98 hokorn 2026-06-16
Assets 2
Loading