Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not being able to fetch type metadata should not fail verification? #258

Open
TimoGlastra opened this issue Nov 19, 2024 · 3 comments
Open

Not being able to fetch type metadata should not fail verification? #258

TimoGlastra opened this issue Nov 19, 2024 · 3 comments

Comments

@TimoGlastra
Copy link
Contributor

As I understand the SD-JWT VC specification, the vct CAN be used to represent the type metadata URL, but i don't think it's invalid to use https:// uri for vct and not host type metadata?

Also the error message is the response of the VCT, which can be confusing. Instead of using response.text() as the error message, maybe it should be Error fetching type metadata. ${await response.text()}?
@TimoGlastra TimoGlastra changed the title Not being able to fetch type metadata should not fail verification Not being able to fetch type metadata should not fail verification? Nov 19, 2024
@TimoGlastra TimoGlastra mentioned this issue Nov 19, 2024
Merged
@cre8
Copy link
Contributor

cre8 commented Nov 26, 2024

Hi @TimoGlastra ,

you can pass a parameter if the metadata should be loaded from the vct by setting a config value: https://github.com/openwallet-foundation/sd-jwt-js/blob/main/packages/sd-jwt-vc/src/sd-jwt-vc-config.ts#L18
the default value is false, so when there is a url it will not be fetched. But when there is another url and you set it to fetching, it will end in an error.

For the error for schema fetching we have this error message: https://github.com/openwallet-foundation/sd-jwt-js/blob/main/packages/sd-jwt-vc/src/sd-jwt-vc-instance.ts#L252

But in the fetch function it's generic in the fetch function because this function is used to fetch the status list and the schema that are throwing case specific error messages.

@TimoGlastra
Copy link
Contributor Author

The config option assumes you know upfront whether the SD-JWT has type metadata. I'd like to fetch the type metadata if it exists, but if the endpoint returns 404 that seems fine to me.

@cre8
Copy link
Contributor

cre8 commented Nov 26, 2024
edited
Loading

The config option assumes you know upfront whether the SD-JWT has type metadata. I'd like to fetch the type metadata if it exists, but if the endpoint returns 404 that seems fine to me.

When you are activating the loadMetadataFormat, from where should you get the schema to validate it when not from a successful response? If you set it to true and the function is not able to load it, there is no other way to run the validation.

You are able to overwrite the vctFether via the config and so implement your own logic. For me the normal way sounds logic that when somebody adds a URL, starting with http:// it's meant to be fetchable. This allows you for example to look up in a database for the schema, rather then fetching it from a URL.

So when you want to perform schema validation and you know you will get other values than URL in the vct that, you need to overwrite this function by passing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cre8 @TimoGlastra