Comments (9)
Let me check the spec later, would be good to double check this. I might've missed this when reading through it.
from sd-jwt-ts.
I see, yes that is not possible currently. I think for now I will just apply the fix you provided with the __FIELD_NAME_TBD
within the object. Not the cleanest but it should suffice for now. Thanks for pointing it out.
from sd-jwt-ts.
Just to be clear, it means that you can selectively disclose each attribute within a nested object AND the nested fully by itself? If it is an OR it is already supported, but not both together within a single credential.
from sd-jwt-ts.
I think it's an AND. You can e.g. have the whole credential
object selectively discloseable, and within that object you could then either have:
- always disclosed values
- selectively discoseable values
and this could be nested as many layers deep as you want.
So to parse an SD-JWT to the decoded payload you would have to parse a disclosure, see if it has an _sd
field of itself, and then do the same trick, until you find an object that does not have the _sd
property anymore
from sd-jwt-ts.
But by making the credential
object itself selectively disloseable, you don't give away that there is an credential
object to begin with. In the complex example currently it is the case that you can see the credential
key, while you could hide that, as well as make all items of the credential
object itself selectively discloseable
from sd-jwt-ts.
It seems the Meeco implementation does support recursive disclosures: https://github.com/Meeco/sd-jwt
from sd-jwt-ts.
I can't seem to find an example of what this library does not support, do you have a direct link?
from sd-jwt-ts.
See the link to the spec I posted in my initial message: https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#name-example-sd-jwt-with-recursi
from sd-jwt-ts.
I think the following output is not possible:
{
"_sd": ["credential-property-digest"]
}
With the following disclosures:
["salt", "credential", {
"_sd": ["first-name-digest", "last-name-digest"]
}] // digest = "credential-property-digest"
["salt", "firstName", "Timo"] // digest = "first-name-digest"
["salt", "lastName", "Glastra"] // digest = "last-name-digest"
from sd-jwt-ts.
Related Issues (15)
- Support disclosure frame for the `SdJwt.present` method HOT 1
- Library should assume default hashing algorithm of sha-256 HOT 1
- dependencies to workspace packages should be updated to actual version before publishing HOT 3
- BaseFrame causes issues when the type is `Record<string, unknown>` HOT 2
- Allow `nonce` to be passed in SD-JWT `verify` method HOT 4
- Confusing usage of pubilcKeyJwk in the verifier interface HOT 1
- Library should have better interfaces for properties that are required and always present in SD-JWT vcs
- Disclosure frame does not support nested disclosures for array items.
- Duplication between core and subpackages
- Disclosure encoding is lost which may result in incorrect matching HOT 2
- `payload` property serves two purposes
- Incorrect types for Payload HOT 3
- Test directory contains built .js and .d.ts files
- Key binding JWT does not include add required `_sd_hash` field
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sd-jwt-ts.