Convert Proof class into JwtProof, CwtProof, and LdpVpProof as they are mutually exclusive

[francis-pouatcha]

Prozy of

• Convert Proof class into JwtProof, CwtProof, and LdpVpProof as they are mutually exclusive keycloak/keycloak#31363

[nitch2019]

use a planning slot for more discussion and explanation on this topic

[Awambeng]

I would like to raise a point regarding the proof type used when sending requests to obtain credentials. According to the latest draft of the OpenID for Verifiable Credential Issuance (draft 14), the field name for passing JWT proof for credential request should be 'jwt':

{
  "credential_identifier": "CivilEngineeringDegree-2023",
  "proofs": {
    "jwt": [
      "eyJ0eXAiOiJvcGVuaWQ0dmNpL...Lb9zioZoipdP-jvh1WlA",
      "eyJraWQiOiJkaWQ6ZXhhbXBsZ...KPxgihac0aW9EkL1nOzM"
    ]
  }
}

However, in Keycloak version 25.0.5, the implementation has changed the field name for passing the JWT proof from jwt to proofObject, which is not normative. This discrepancy could lead to confusion and compatibility issues when integrating with systems that adhere to the specification.

I suggest we consider aligning the Keycloak implementation with the specification by retaining the JWT field name for proof types in credential requests. This adjustment could enhance compatibility with other services and reduce inconsistencies between the implementation and the specification.