Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False JWT VC keyId using did:web #840

Open
antebrl opened this issue Nov 29, 2024 · 1 comment
Open

False JWT VC keyId using did:web #840

antebrl opened this issue Nov 29, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@antebrl
Copy link

antebrl commented Nov 29, 2024

Describe the bug

A clear and concise description of what the bug is.

The actual keyId of the used key of the DID document is missing in the JWT header attribute 'kid' of a VC.

To Reproduce

You can easily see this behavior in the portal.

  1. Issue a credential of any type with did:web
  2. Use a oid4vc compliant wallet that can show you the full JWT VC issued.

Expected behavior

The JWT header attribute kid should be in this format:
kid := iss # key-id
This is specified by W3C, because a DID document could contain several keys.

Actual behavior

The header of the JWT looks like this:

{
  "kid": "did:web:wallet.walt.id:wallet-api:registry:portal",
  "typ": "JWT",
  "alg": "ES256K"
}

The kid only contains the did without the keyId.

Additional context

I want to use the issued JWT in other W3C compliant environments (EDC). But they check for the condition kid := iss # key-id and therefore can't validate the JWT.

@antebrl antebrl added the bug Something isn't working label Nov 29, 2024
@alegomes
Copy link
Contributor

Hi @antebrl

Thanks for your report. It has already been included in our backlog and will eventually be prioritised.

Happy holidays,
Ale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants