Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate the SD-JWT #1358

Draft
wants to merge 20 commits into
base: next
Choose a base branch
from

Conversation

lukasjhan
Copy link

@lukasjhan lukasjhan commented Mar 3, 2024

Hi I'm currently developing sd-jwt typescript library in Open Wallet Foundation with @cre8. I want to continuously contribute to Veramo by working on sd-jwt-related integration.

Related Issue: #1276

This is my first time contributing to Veramo. If there is anything you would like to change, please let me know. I'm open to any changes :)

What issue is this PR fixing

Example:
closes #123
fixes #456

Linking to an issue provides some context and a reason for the PR to be reviewed, as well as simplifying the release
notes and changelogs that get generated automatically. If an issue is linked like this it will be automatically closed
when the PR is merged.

What is being changed

Add SD-JWT features in Veramo

Quality

Check all that apply:

  • I want these changes to be integrated
  • I successfully ran pnpm i, pnpm build, pnpm test, pnpm test:browser locally.
  • I allow my PR to be updated by the reviewers (to speed up the review process).
  • I added unit tests.
  • I added integration tests.
  • I did not add automated tests because I had difficulty setting up the test agent, and I am aware that a PR without tests will likely get rejected.

Details

sd-jwt package has 4 main features

  • create sd-jwt-vc
  • create sd-jwt-vc presentation
  • verify sd-jwt-vc
  • verify sd-jwt-vc presentation

About Testing

This is the sample of tests, but

I failed setup the agent in test file in this way

const context = {
  agent: {
    execute: jest.fn(),
    availableMethods: jest.fn(),
    getSchema: jest.fn(),
    emit: jest.fn(),
  },
} as IAgentContext<any>

If there is a guide on how to set up this context, please let me know and I will add it.

Or, this is the original test file in cre8's repo. https://github.com/cre8/sd-jwt-veramo/blob/main/src/agent-plugin/sd-jwt-plugin.spec.ts
If it's okay to add it like this, then I'll add it like this.

Please take a look and let me know about the test.
Thank you.

@cre8
Copy link
Contributor

cre8 commented Mar 3, 2024

At this point I don't feel well opening the PR to the veramo repo yet. Linting is based on biome and not prettier, testing on vitest and not jest.

@lukasjhan lukasjhan marked this pull request as draft March 4, 2024 00:43
@lukasjhan
Copy link
Author

At this point I don't feel well opening the PR to the veramo repo yet. Linting is based on biome and not prettier, testing on vitest and not jest.

Okay, I'll make it draft and keep working on here. :)

lukasjhan and others added 12 commits March 6, 2024 14:35
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
This reverts commit 4d0dc75.

Signed-off-by: Lukas <Lukas@hopae.io>
This reverts commit 63d76ff7c15cbfc6abe13e64eaf0ee3802813481.

Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
This reverts commit 4d0dc75.

Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
This reverts commit 376924f.

Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
Signed-off-by: Lukas <Lukas@hopae.io>
@lukasjhan
Copy link
Author

@cre8 I added test and fixed the schema generation :)

Copy link
Contributor

@nickreynolds nickreynolds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mostly very good! thanks again for this!

in addition to the other comments, could you add a test inside the test-react-app package that exercises this functionality?

if (!issuer) {
throw new Error('credential.issuer must not be empty')
}
if (issuer.split('#').length === 1) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this function should work even if just an issuer DID is provided and then it can check for managed keys for the DID and see if any appropriate ones can be used. of course, a specific key can also be specified

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the constraint

"url": "https://github.com/decentralized-identity/veramo.git",
"directory": "packages/selective-disclosure"
},
"author": "Consensys Mesh R&D <hello@veramo.io>",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

feel free to change author/contributors to yourself

@@ -0,0 +1,346 @@
import { subtle } from 'node:crypto'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these first 2 dependencies imported in this file could present problems. I know this is only a test, but we try to only use dependencies that work across all supported platforms. Is it not possible to use one of the other crypto libraries already used elsewhere for this?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can, It's just the verify function

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you ever written a verify function that is platform-independent? I tried to use the @noble package, but it doesn’t work.

},
"dependencies": {
"@sphereon/ssi-sdk-ext.did-utils": "^0.16.0",
"@sd-jwt/core": "0.3.2-next.107",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do all of these sd-jwt packages support browser and react native (except for crypto-nodejs)?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll check on them and let you know :)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, It works regardless of platform except crypto-nodejs

@lukasjhan
Copy link
Author

Good I'll definitely add this module test-react-app :)
I'll do it after I resolved all comments.

@vadimchilinciuc
Copy link

vadimchilinciuc commented Jun 6, 2024

Hi @lukasjhan and @cre8 :) maybe this is not the thread but i want to try to ask you a question maybe you can help me .
To bee compliant in the European (EUDI) the format is SD-JWT with OpenID4VC ;
do you think at this moment its possible realize something with OpenID4VC?
Cause i see something like https://github.com/IDunion/OpenIDIDComm
but they dont support SD-JWT ? :( (under the hood they use sphereon sdk but they dont support SD_JWT) )did you guys use with OpenID4VC or without it .
Thanks a lot for your reply .

@cre8
Copy link
Contributor

cre8 commented Jun 6, 2024

Hi @lukasjhan and @cre8 :) maybe this is not the thread but i want to try to ask you a question maybe you can help me .
To bee compliant in the European (EUDI) the format is SD-JWT with OpenID4VC ;
do you think at this moment its possible realize something with OpenID4VC?
Cause i see something like https://github.com/IDunion/OpenIDIDComm
but they dont support SD-JWT ? :( did you guys use with OpenID4VC or without it , thanks a lot for your reply in case i'll cancel my comment .

Yes, it's possible, I implemented it here:
https://github.com/openwallet-foundation-labs/credhub
This project comes without using verano, but it should be possible with the verano plugin for oid4vci by sphereon

@nklomp
Copy link
Member

nklomp commented Jun 7, 2024

Also be aware that sd-jwt is supported by our lower level libraries, including our credential mappers. If you include the sd-jwt veramo plugin into the idunion didcomm project using our SDK it should work including presentation exchange etc

@vadimchilinciuc
Copy link

vadimchilinciuc commented Jun 7, 2024

Also be aware that sd-jwt is supported by our lower level libraries, including our credential mappers. If you include the sd-jwt veramo plugin into the idunion didcomm project using our SDK it should work including presentation exchange etc

Thanks a lot @nklomp : I think the problem will bee that the IDunion Project use the @sphereon/ssi-sdk.oid4vci-issuer package,tha is a Veramo Plugin

// Creating a creadential we have this snippet :

        const response = await agent.oid4vciIssueCredential({
            credential: credential,
            credentialIssuer: this.store_id,
            credentialRequest: {
                format: 'jwt_vc_json', **_// allowing formats are those types = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc';_**
                proof: request.proof,
                types: request.types
            }
        })

i think i will get some kind of error passing a sd-jwt type;
cause the allowing formats are only those types = 'jwt_vc_json' | 'jwt_vc_json-ld' | 'ldp_vc'; ?
Thanks a lot for reply

@nklomp
Copy link
Member

nklomp commented Jun 7, 2024

Since that is using our low-level libs, which have sd-jwt support it should work at that point. Having said that, we are actually integrating sd-jwt into our SDKs, wallets and agents as we speak. So we should have this working probably next week.

Copy link

stale bot commented Aug 9, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Aug 9, 2024
@stale stale bot closed this Aug 19, 2024
@mirceanis mirceanis added the pinned don't close this just for being stale label Aug 19, 2024
@mirceanis mirceanis reopened this Aug 19, 2024
@stale stale bot removed the wontfix This will not be worked on label Aug 19, 2024
@nickreynolds
Copy link
Contributor

@lukasjhan I'm just wondering if there's been any progress on this recently? Is there anything in particular keeping us from moving forward? I know it will need to be refactored to support the new credential-w3c architecture, but that shouldn't be difficult.

@cre8
Copy link
Contributor

cre8 commented Sep 7, 2024

@lukasjhan I'm just wondering if there's been any progress on this recently? Is there anything in particular keeping us from moving forward? I know it will need to be refactored to support the new credential-w3c architecture, but that shouldn't be difficult.

Sphereon has published an SD jwt package in the meantime: https://github.com/Sphereon-Opensource/SSI-SDK/tree/develop/packages%2Fsd-jwt

I haven't tested it yet, but when it works it makes no sense to continue the work on a second package from my point of view.

@nklomp
Copy link
Member

nklomp commented Sep 8, 2024

Please be aware that our one, especially in a feature branch depends on very specific modules from our SDK. We have modules for uniform identifier/key resolution, x.509 support, jwt/jws signatures that the sd-jwt module depends on.

@nklomp
Copy link
Member

nklomp commented Sep 8, 2024

All of that to say, that our module is more versatile as it does not have some of the errors and assumptions in this plugin (encountering a jwk, doesn't mean a did:jwk perse of course). At the same time since our sdk can work with regular jwks, x5cs etc next to DIDs and since we have our own jose signature service, our plugin depends on multiple of our other modules. So you cannot simply include our module as a single dep into a vanilla Veramo environment

@lukasjhan
Copy link
Author

Hi @nickreynolds, sry I've been busy for this summer.

I think I can do test-react-app job this weekends.
Could you please explain in more detail about the new credential-w3c architecture

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pinned don't close this just for being stale
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants