Feature/sphereon 1183 sd jwt confomance #174
Conversation
… have individual frame elements
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #174 +/- ##
===========================================
- Coverage 92.69% 92.59% -0.10%
===========================================
Files 66 66
Lines 2750 2769 +19
Branches 722 727 +5
===========================================
+ Hits 2549 2564 +15
- Misses 196 200 +4
Partials 5 5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Merging blocked, unit tests need more work |
| if (fieldValue !== null && typeof fieldValue === 'object') { | ||
| // For objects, recursively process all nested fields | ||
| processNestedObject(fieldValue, selectedField.path, selectedField.path); | ||
| } else { | ||
| // For literal values, just set the path to true | ||
| JsonPathUtils.setValue(presentationFrame, selectedField.path, true); | ||
| } |
There was a problem hiding this comment.
Curious, why do we need to handle nested objects? If a PD includes $.address and address is an object, then having address: true in the disclosure frame should be enough right?
There was a problem hiding this comment.
@TimoGlastra
This is for the situation where a sd-jwt (not created by us) does not have a disclosure frame element on a group, but on the individual fields within a group. ie.
"electronicPassport": {
"dataGroup1": {
"birthdate": "{{birthdate}}",
"expiryDate": "{{{ dateTimeAfterDays 1080 }}}",
"passportNumberIdentifier": "{{passportNumberIdentifier}}"
},
"disclosureFrame": {
"electronicPassport": {
"dataGroup1": {
"_sd": [
"birthdate",
"expiryDate",
"passportNumberIdentifier"
]
},
}
When the pd asks to disclose \$.electronicPassport.dataGroup1 instead of \$.electronicPassport.dataGroup1.* it should still disclose all disclosable fields & groups within the group.
(When you control PD or credential you can make it work by modifying either on or both, but we ran into an interoperability tests where you we do not.)
Also with the address example in the Funke PID, the @sd-jwt library (0.7.2) does not disclose anything when specifying address: true
There was a problem hiding this comment.
Hmm okay, i think it's probably something that should be solved in @sd-jwt library then? As saying address: true is enough to know the whole address object and sub-disclosures should be resolved.
It feels like a hack to me to solve it in this was
There was a problem hiding this comment.
Forking the @sd-jwt library which is not ours is also something we would like to avoid. When I have more time I can play around with the tests in the @sd-jwt library, but have plenty of other stuff on my plate atm.
There was a problem hiding this comment.
For clarity, for this setup address: true does work:
"disclosureFrame": {
"electronicPassport": {
"_sd": [
"dataGroup1"
]
}
But then you always disclose the whole address and just field passportNumberIdentifier won't work anymore.
|
@zoemaas |
…183_sd-jwt-confomance # Conflicts: # test/evaluation/selectFrom.spec.ts
SPHEREON-1183 support disclosure of entire sd-jwt groups which have individual frame elements