Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False JWT VC keyId using did:web #840

Open
antebrl opened this issue Nov 29, 2024 · 0 comments
Open

False JWT VC keyId using did:web #840

antebrl opened this issue Nov 29, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@antebrl
Copy link

antebrl commented Nov 29, 2024

Describe the bug

A clear and concise description of what the bug is.

The actual keyId of the used key of the DID document is missing in the JWT header attribute 'kid' of a VC.

To Reproduce

You can easily see this behavior in the portal.

  1. Issue a credential of any type with did:web
  2. Use a oid4vc compliant wallet that can show you the full JWT VC issued.

Expected behavior

The JWT header attribute kid should be in this format:
kid := iss # key-id
This is specified by W3C, because a DID document could contain several keys.

Actual behavior

The header of the JWT looks like this:

{
  "kid": "did:web:wallet.walt.id:wallet-api:registry:portal",
  "typ": "JWT",
  "alg": "ES256K"
}

The kid only contains the did without the keyId.

Additional context

I want to use the issued JWT in other W3C compliant environments (EDC). But they check for the condition kid := iss # key-id and therefore can't validate the JWT.
@antebrl antebrl added the bug Something isn't working label Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@antebrl