feat: support for vc+sd-jwt #273
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peppelinux
reviewed
Sep 19, 2024
peppelinux
reviewed
Sep 19, 2024
peppelinux
requested changes
Sep 19, 2024
There was a problem hiding this comment.
Good achievements, anyway we have decided to continue in this PR these two core components:
- trust layer abstraction, according to: [Satosa Backend] Trust layer abstraction and extensions #267
- credential format abstraction, following the comments within this PR
pyeudiw/openid4vp/vp_sd_jwt_kb.py
Outdated
| # _verify_kb_jwt_payload_sd_hash(sdjwt) | ||
| _verify_kb_jwt_signature(kbjwt.jwt, cnf_jwk) | ||
|
|
||
|
|
There was a problem hiding this comment.
Suggested change
| # TODO: sd-jwt-python already does this check, however it would be space for us to have it more explicit in our code |
pyeudiw/sd_jwt/__init__.py
Outdated
| @@ -71,7 +71,7 @@ def __init__( | |||
| holder_key, | |||
| sign_alg, | |||
| add_decoy_claims, | |||
| serialization_format | |||
| serialization_format, | |||
There was a problem hiding this comment.
Suggested change
| serialization_format, | |
| serialization_format |
pyeudiw/sd_jwt/schema.py
Outdated
| class VcSdJwtHeaderSchema(BaseModel): | ||
| typ: str | ||
| alg: str | ||
| kid: str |
pyeudiw/sd_jwt/schema.py
Outdated
Comment on lines
93
to
99
| class PidVcSdJwtPayloadSchema(VcSdJwtPayloadSchema): | ||
| given_name: Optional[str] = None | ||
| family_name: Optional[str] = None | ||
| birth_date: Optional[Any] = None # TODO: date is dd-mm-yyyy but I'm not sure if libraries parses them as str or a native format | ||
| unique_id: Optional[str] = None | ||
| tax_id_code: Optional[str] = None | ||
|
|
There was a problem hiding this comment.
Suggested change
| class PidVcSdJwtPayloadSchema(VcSdJwtPayloadSchema): | |
| given_name: Optional[str] = None | |
| family_name: Optional[str] = None | |
| birth_date: Optional[Any] = None # TODO: date is dd-mm-yyyy but I'm not sure if libraries parses them as str or a native format | |
| unique_id: Optional[str] = None | |
| tax_id_code: Optional[str] = None |
Zicchio
force-pushed
the
dev_sdjwt-kb
branch
from
5ccd91f
to
5fa54ed
Compare
wip: dev vp trust
wip: patch get connection
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
| "url_scheme": "haip", # haip:// | ||
| "scopes": ["pid-sd-jwt:unique_id+given_name+family_name"], | ||
| "default_acr_value": "https://www.spid.gov.it/SpidL2", | ||
| "expiration_time": 5, # minutes |
There was a problem hiding this comment.
Suggested change
| "expiration_time": 5, # minutes | |
| "expiration_time": 5 # minutes |
peppelinux
reviewed
Oct 3, 2024
peppelinux
reviewed
Oct 3, 2024
Comment on lines
+51
to
+58
| "httpc_params": { | ||
| "connection": { | ||
| "ssl": True | ||
| }, | ||
| "session": { | ||
| "timeout": 6 | ||
| } | ||
| } |
There was a problem hiding this comment.
please use __init__.DEFAULT_DIRECT_TRUST_PARAMS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request closes #269 and #255.
Proposals and modifications are very welcomed.
The followings steps where done:
response_handler.py, with some care regarding extensibility and possible modifications at the trust layersThe final iteration resulted in more modifcations that intended - special care should be taken before pulling in @peppelinux .
Note that in the process we "lost" VP-envolpe; which was expclicity against the intent of this pull request. This is because the envolpe hypotesys was spread around in multiple methods and I found it hard to salvage (I don't deny that it might be a skill issue). Hopelly, the new interface should promote a new implementation in short time.