-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nonce missing for verifiable presentations submission #124
Comments
You are correct. The low-level SIOPv2/OID4VP library being used by the SSI-SDK is still version 11. In that version the nonce was bound to the ID-token if memory serves me correctly. It isn't used in creating the VP. The SIOP library has options to pass in domain (client_id) and challenge (nonce) values. These are however not mapped onto client_id and nonce for JWT VPs currently. The change to make that work should be trivial, but I am a bit reluctant to do that given we will be refactoring the lib next few sprints anyway. As mentioned the next few weeks we will be refactoring the SIOPv2/OID4VP lib to support the latest spec. This will also include some changes to the SDK and wallet. Question I guess is, do you need it "now" or could you wait 4-5 weeks until the latest updates land in the wallet? |
Thank you for the reply @nklomp. Yes, seems like Sounds good, I can wait for the update. |
Hello,
Seems like Sphereon SSI Wallet is ignoring
nonce
attribute when it is present inside the presentation request.I would expect
nonce
to be added to thevp_token
as per OIDC4VP spec example or here.Is it a bug or is there any other reasons for such behaviour?
I have also looked a bit into the SSI SDK if there is a way to provide one to #createVerifiablePresentation function but I just couldn't find it.
The text was updated successfully, but these errors were encountered: