Bugfix release

0.6.4 - 2024-04-24

• Fixed:
  • Success event was emitted even though presentation verification callback failed
  • Always verify nonces, extract them from VP
• Updated:
  • Update to latest @sphereon/ssi-types

SIOPv2 draft 11, OID4VP draft 18, SD-JWT, fixes

• Added:
  • Initial support for SIOPv2 draft 11
  • Initial support for OID4VP draft 18
  • SD-JWT support
  • Partial support for http(s) client_ids instead of DIDs. No validation for keys in this case yet though!
  • Convert presentation submissions that inadvertently come in from external OPs as a string instead of an object
  • Allow id-token only handling
  • Allow vp-token only handling
  • EBSI support
• Fixed:
  • issue with determining whether a Presentation Definition reference has been used
  • vp_token handling and nonce management was incorrect in certain cases (for instance when no id token is used)
  • Make sure a presentation verification callback result throws an error if it does not verify
  • Do not put VP token in the id token as default for spec versions above v10 if no explicit location is provided
  • Several small fixes

Multiple improvements and bugfixes

• Fixed:

  • Claims are not required in the auth request
  • State is not required in payloads
  • We didn't handle merging of verification options present on an object and passed in as argument nicely

• Updated:

  • Updated to another JSONPath implementation for improved security @astronautlabs/jsonpath
  • Better error handling and logging in the session manager
  • Allow for numbers in the scheme thus supporting openid4vp://

• Added:

  • Allow to pass additional claims as verified data in the authorization response. Which can be handy in case you
    want to extract data from a VP and pass that to the app that uses this library

Bugfix release

Bugfix release, fixing RPBuilder export and a client_id bug when not explicitly provided to the RP.

• Fixed:
  • Changed RPBuilder default export to a named export
  • Fix #54. The client_id took the whole registration object, instead of the client_id in case it was not provided explicitly
• Updated:
  • SSI-types have been updated to the latest version.

JWT VC Presentation support + refactors

This release contains many breaking changes. Sorry for these, but this library still is in active development, as
reflected by the major version still being 0.
A lot of code has been refactored. Now certain classes have state, instead of passing around objects between static
methods.

• Added:
  • Allow to restrict selecting VCs against Formats not communicated in a presentation definition. For instance useful
    for filtering against a OID4VP RP, which signals support for certain Formats, but uses a definition which does not
    include this information
  • Allow to restrict selecting VCs against DID methods not communicated in a presentation definition. For instance useful
    for filtering against a OID4VP RP, which signals support for certain DID methods, but uses a definition which does not
    include this information
  • Allow passing in submission data separately from a VP. Again useful in a OID4VP situation, where presentation
    submission objects can be transferred next to the VP instead if in the VP
  • A simple session/state manager for the RP side. This allows to find back definitions for responses coming back in.
    As this is a library the only implementation is an in memory implementation. It is left up to implementers to
    create their persistent implementations
  • Added support for new version of the spec
  • Support for JWT VC Presentation Profile
  • Support for DID domain linkage
• Removed:
  • Several dependencies have been removed or moved to development dependencies. Mainly the cryptographic libraries
    have
    been removed
• Changed:
  • Requests and responses now contain state and can be instantiated from scratch/options or from an actual payload
  • Schema's for AJV are now compiled at build time, instead of at runtime.
• Fixed:
  • JSON-LD contexts where not always fetched correctly (Github for instance)
  • Signature callback function was not always working after creating copies of data
  • React-native not playing nicely with AJV schema's
  • JWT VCs/VPs were not always handled correctly
  • Submission data contained several errors
  • Holder was sometimes missing from the VP
  • Too many other fixes to list

Updated dependencies

• Updated:
  • Updated some dependencies

Bugfix release

• Fixed:
  • We did not check the proper claims in an AuthResponse to determine the key type, resulting in an invalid JWT header
  • Removed some remnants of the DID-jwt fork

Bugfixes and update to PEX 1.1.2

• Updated:
  • Update to PEX 1.1.2
  • Update several other deps
• Fixed:
  • Only throw a PEX error in case PEX itself has flagged the submission to be in error
  • Use nonce from request in response if available
  • Remove DID-JWT fork as the current version supports SIOPv2 iss values

Remove did-jwt dep

• Fixed:
  • Remove did-jwt dependency, since we use an internal fork for the time being anyway

Supplied signature/callback support

Added:

• Supplied signature support. Allowing to integrate signature callbacks, next to supplying private keys or using external custodial signing with authn/authz