-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support for vc+sd-jwt #273
base: dev_sdjwt-bk
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good achievements, anyway we have decided to continue in this PR these two core components:
- trust layer abstraction, according to: [Satosa Backend] Trust layer abstraction and extensions #267
- credential format abstraction, following the comments within this PR
pyeudiw/openid4vp/vp_sd_jwt_kb.py
Outdated
# _verify_kb_jwt_payload_sd_hash(sdjwt) | ||
_verify_kb_jwt_signature(kbjwt.jwt, cnf_jwk) | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# TODO: sd-jwt-python already does this check, however it would be space for us to have it more explicit in our code |
pyeudiw/sd_jwt/__init__.py
Outdated
@@ -71,7 +71,7 @@ def __init__( | |||
holder_key, | |||
sign_alg, | |||
add_decoy_claims, | |||
serialization_format | |||
serialization_format, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
serialization_format, | |
serialization_format |
pyeudiw/sd_jwt/schema.py
Outdated
class VcSdJwtHeaderSchema(BaseModel): | ||
typ: str | ||
alg: str | ||
kid: str |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is optional
pyeudiw/sd_jwt/schema.py
Outdated
class PidVcSdJwtPayloadSchema(VcSdJwtPayloadSchema): | ||
given_name: Optional[str] = None | ||
family_name: Optional[str] = None | ||
birth_date: Optional[Any] = None # TODO: date is dd-mm-yyyy but I'm not sure if libraries parses them as str or a native format | ||
unique_id: Optional[str] = None | ||
tax_id_code: Optional[str] = None | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
class PidVcSdJwtPayloadSchema(VcSdJwtPayloadSchema): | |
given_name: Optional[str] = None | |
family_name: Optional[str] = None | |
birth_date: Optional[Any] = None # TODO: date is dd-mm-yyyy but I'm not sure if libraries parses them as str or a native format | |
unique_id: Optional[str] = None | |
tax_id_code: Optional[str] = None |
5ccd91f
to
5fa54ed
Compare
wip: dev vp trust
wip: patch get connection
"url_scheme": "haip", # haip:// | ||
"scopes": ["pid-sd-jwt:unique_id+given_name+family_name"], | ||
"default_acr_value": "https://www.spid.gov.it/SpidL2", | ||
"expiration_time": 5, # minutes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"expiration_time": 5, # minutes | |
"expiration_time": 5 # minutes |
"httpc_params": { | ||
"connection": { | ||
"ssl": True | ||
}, | ||
"session": { | ||
"timeout": 6 | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please use __init__.DEFAULT_DIRECT_TRUST_PARAMS
This pull request closes #269 and #255.
Proposals and modifications are very welcomed.
The followings steps where done:
response_handler.py
, with some care regarding extensibility and possible modifications at the trust layersThe final iteration resulted in more modifcations that intended - special care should be taken before pulling in @peppelinux .
Note that in the process we "lost" VP-envolpe; which was expclicity against the intent of this pull request. This is because the envolpe hypotesys was spread around in multiple methods and I found it hard to salvage (I don't deny that it might be a skill issue). Hopelly, the new interface should promote a new implementation in short time.