Skip to content

Releases: a-sit-plus/vck

5.11.0

05 Feb 09:38
@nodh nodh
5.11.0
83c72ba

Choose a tag to compare

View all tags
5.11.0 Latest
Latest

Release 5.11.0 of VC-K supports DC API presentations acc. to ISO/IEC 18013-5 and 18013-7, fixes some bugs in the implementations of OpenID4VP 1.0 and OpenID4VCI 1.0, and extends support for DCQL features in presentations.

  • Digital Credentials API:
    • Add request/response models for OpenID4VP and ISO 18013-7 Annex C flows, including protocol identifiers, wallet/verifier request options, and typed responses
    • Add serializers for DeviceRequest, EncryptionInfo, and encrypted responses for Annex C/DC API interop
  • ISO/IEC 18013-5 and 18013-7:
    • Introduce Annex C verifier and request options to create mdoc requests, derive session transcripts, and validate encrypted device responses
    • Adapt wallet data classes to prepare support for iOS
    • Add data classes and serializers for zero-knowledge proofs
    • Add ZkSystemParamRegistry to enable zero-knowledge backends to register serializers for their custom parameters
  • Token status list:
    • Add IdentifierList and IdentifierListInfo and related classes
    • Add RevocationList and RevocationListInfo sealed classes
    • Replace Status claim with RevocationListInfo in VC / SD-JWT / MSO payloads
    • CBOR encoded token status list shall not be tagged with 24 like other COSE payloads (d818 in hex)
    • Move some methods from IssuerCredentialStore to new interface ReferencedTokenStore to decouple StatusListAgent from IssuerAgent
  • OpenID for Verifiable Credential Issuance:
    • In SimpleAuthorizationService add parameter configurationIds to method credentialOfferWithAuthorizationCode
    • Support different supported credential formats having the same scope value (as this is covered by the spec)
    • Be sure to use correct JWE encryption algorithm on issuer and wallet side and advertise keys correctly
    • In WalletEncryptionService add constructor parameter fallbackJweEncryptionAlgorithm and deprecated supportedJweEncryptionAlgorithm
  • OpenID for Verifiable Presentations:
    • In OpenId4VpVerifier add constructor parameter supportedJweEncryptionAlgorithms to advertise in metadata, deprecating supportedJweEncryptionAlgorithm and supportedJweAlgorithm
    • In RequestOptions deprecate property encryption, as this depends on the response mode
    • In AuthnResponseResult returned from OpenId4VpVerifier.validateAuthnResponse() remove parameter state
    • In OpenId4VpVerifier remove validateAuthnResponse(input: Map)
    • In OpenId4VpVerifier add option to provide externalId when validating authn responses, useful for DCAPI flows
    • Rename RequestOptions to OpenId4VpRequestOptions and add DC API/DCQL options like expected_origins, optional client_id, and stricter transaction_data checks
    • Build session transcripts for DC API responses, verify expected_origins, and parse DC API OpenId4VpResponse inputs without requiring state
  • DCQL in OpenID for Verifiable Presentations:
    • Support attribute multiple in in DCQLCredentialQuery
    • Support attribute require_cryptographic_holder_binding in DCQLCredentialQuery
    • Support attribute trusted_authorities in DCQLCredentialQuery, for Authority Key Identifier aki only
    • Result in VerifiableDCQLPresentationValidationResults now carries a map of query id to a list of AuthnResponseResult instead of a single one
    • Support queries for W3C Verifiable Credentials (format jwt_vc_json), with thanks to etnafed
  • OpenID4VC High Assurance Interoperability Profile (HAIP):
    • Add VerifyStatusListTokenHAIP and related resolver/tests to enforce requirements from draft 04
  • OAuth 2.0:
    • In SimpleAuthorizationService offer client_attestation_pop_signing_alg_values_supported and client_attestation_signing_alg_values_supported in line with OAuth 2.0 Attestation-Based Client Authentication
    • OAuth2KtorClient: Read and cache DPoP-Nonce from success responses and include it in subsequent DPoP proofs
    • In SimpleAuthorizationService provide methods parWithDpopNonce, tokenWithDpopNonce and userInfoWithDpopNonce to provide nonces to clients for their next request
  • Refactoring:
    • Move shared nonce/map store utilities and add helpers to choose encryption keys and compute session transcript thumbprints to main module
  • Deprecations:
    • at.asitplus.wallet.lib.oidvci.NonceService is now at.asitplus.wallet.lib.NonceService
    • at.asitplus.wallet.lib.oidvci.DefaultNonceService is now at.asitplus.wallet.lib.DefaultNonceService
    • at.asitplus.wallet.lib.oidvci.MapStore is now at.asitplus.wallet.lib.utils.MapStore
    • at.asitplus.wallet.lib.oidvci.DefaultMapStore is now at.asitplus.wallet.lib.utils.DefaultMapStore
    • at.asitplus.wallet.lib.openid.RequestOptions is now at.asitplus.wallet.lib.openid.OpenId4VpRequestOptions
    • at.asitplus.dcapi.request.DCAPIRequest is now at.asitplus.dcapi.request.DCAPIWalletRequest
    • at.asitplus.dcapi.request.Oid4vpDCAPIRequest is now at.asitplus.dcapi.request.DCAPIWalletRequest.OpenId4VpUnsigned or at.asitplus.dcapi.request.DCAPIWalletRequest.OpenId4VpSigned
  • Dependency Updates:
    • Gradle 9.2.0
    • Kotlin 2.3.0
    • Dokka 2.10.0
    • Return value checker defaults to check
    • AGP 8.12.3
    • Ktor 3.3.3
    • Bouncy Castle 1.83 (no more forcing exact version)
    • TestBalloon 0.8.2-K2.3.0
    • Signum 3.19.3
Assets 2
Loading

5.10.1

05 Dec 12:21
@nodh nodh
5.10.1
f0def99

Choose a tag to compare

View all tags
5.10.1
  • Proximity presentations:
    • Return multiple ISO mDoc credentials in one device response when generating a presentation in proximity flows
  • OpenID for Verifiable Presentations:
    • In RequestOptions deprecate property encryption, as this depends on the response mode
    • In OpenId4VpVerifier remove validateAuthnResponse(input: Map)
    • In OpenId4VpVerifier add option to provide externalId to methods validateAuthnRequest() and submitAuthnRequest(), useful for DCAPI flows
Loading

5.10.0

03 Dec 10:52
@nodh nodh
5.10.0
c1e1bee

Choose a tag to compare

View all tags
5.10.0

VC-K 5.10.0 updates the implementation of OpenID for Verifiable Presentations to 1.0 from 9 July 2025 and the implementation of OpenID for Verifiable Credential Issuance to 1.0 from 16 September 2025 in preparation for EUDI Wallets Launchpad.

Details:

  • StatusListToken:
    • Remove StatusTokenValidator
    • Remove StatusTokenIntegrityValidator class
    • Refactor StatusListToken.StatusListJwt to StatusListJwt
    • Refactor StatusListToken.StatusListCwt to StatusListCwt
  • OAuth 2.0:
    • Use correct path for metadata retrieval (inserting strings between host component and path component)
    • Support reading resource-server provided nonce for OAuth 2.0 Demonstrating Proof of Possession (DPoP)
    • Use pushed authorization requests when AS supports it
    • Use signed authorization requests when AS supports it (but not necessarily when using PAR)
  • OpenID for Verifiable Credential Issuance:
    • Update implementation to 1.0 from 2025-09-16
    • Remove code elements deprecated in 5.9.0
    • Drop single proof in credential request
    • Support credential response encryption correctly, see changed API in CredentialIssuer.credential()
    • Correctly verify credential request regarding credential_configuration_id and credential_identifiers
    • Support credential request encryption correctly, if metadata is set at Issuer
  • OpenID for Verifiable Presentations:
    • Update implementation to 1.0 from 2025-07-09
    • Remove code elements deprecated in 5.9.0
    • Use correct syntax for vp_token in responses to DCQL queries, i.e., with an array
    • Drop session transcript implementation from ISO/IEC 18013-7:2024 Annex B, which was pre-OpenID4VP 1.0
    • Remove deprecated format identifier vc+sd-jwt (now dc+sd-jwt)
    • Remove deprecated client identifier prefix scheme x509_san_uri
    • Use correct response encryption acc. to values stated in encrypted_response_enc_values_supported inside client_metadata
    • Correct evaluation of vp_formats_supported inside client_metadata
    • Advertise correct wallet metadata for retrieving authn requests, e.g. client_id_prefixes_supported
    • Drop support for signed-then-encrypted responses, as in OpenID4VP 1.0
    • Drop support for mdoc generated nonces, as in OpenID4VP 1.0
    • Deprecate method validateAuthnResponse(input: Map<String, String>) in OpenId4VpVerifier because it eluded correct input parsing
    • When returning multiple ISO mDoc credentials, make sure to create one device response object per document, wrapping in separate VP tokens
  • SD-JWT:
    • Fix creation of SD JWTs containing structures that are selectively disclosable
    • Fix creation of arrays in SD JWTs ... issuers are advised to use ClaimToBeIssuedArrayElement for such elements
  • Issuance:
    • Introduce duration to subtract for the issuance date of credentials, see IssuerAgent.issuanceOffset
    • Do not issue SD-JWT credentials with a unique identifier in jti
    • Truncate issuing timestamps to seconds
  • Remote Qualified Electronic Signatures:
    • Remove modules deprecated in 5.9.0: vck-rqes, rqes-data-classes
Loading

5.9.0

03 Nov 14:46
@JesusMcCloud JesusMcCloud
5.9.0
dde3be2

Choose a tag to compare

View all tags
5.9.0
  • Refactor RqesWalletService to be stateless
  • Remove code elements deprecated in 5.8.0
  • Gradle modules:
    • Change dependency structure of modules
    • Remove vck-rqes module, relevant classes have been moved to vck-openid
    • Rename rqes-data-classes to csc-data-classes
    • Move DIF-related classes to dif-data-classes
    • Move OpenId-related classes to openid-data-classes
    • Remove class Initializer from vck-openid
  • Remote Qualified Electronic Signatures:
    • Remove "UC5-flow" option in RQES flows
    • Remove transactionData from KeyBindingJws
    • Remove QesAuthorizationDetails
    • Refactor AuthorizationDetails to sealed class
    • Remove QesInputDescriptor
    • Refactor InputDescriptor to sealed class
    • Remove RqesRequestOptions
    • Remove RequestOptions interface
    • Rename OpenIdRequestOptions to RequestOptions
    • Refactor TransactionData to sealed class
    • In TransactionData make credentialIds mandatory
    • Refactor RequestParameters to sealed class
  • Validation:
    • Improve validation of JWT VC
    • Remove subclass InvalidStructure from Verifier.VerifyCredentialResult, is now mapped to ValidationError
  • Refactor handling of key material:
    • Introduce interface PublishedKeyMaterial to indicate clients can lookup that key with the identifier used as a keyId in a key set
    • Other key material gets randomly assigned identifiers to not rely on DIDs
    • For JVM add PublishedKeyStoreMaterial to load keys from Java key stores with a fixed identifier
    • In class HolderAgent require the identifier to be a URI, set in the constructor, as required for SD-JWT and JWT VC
    • Key material will be referenced by its keyId and key set URL or by its certificate or plain public key in JWS proofs
  • Remove workarounds and deprecated features:
    • OpenID4VP: Verify mDoc generated nonce correctly (not supporting broken EUDIW RI)
    • OpenID4VP: Only send the response parameter when using direct_post.jwt (not supporting broken EUDIW RI)
    • OpenID4VP: Use credential format identifier dc+sd-jwt everywhere
    • OpenID4VP: Discard option to use deprecated client_id_scheme parameter in ClientIdScheme subclasses
    • OpenID4VP: Do not read the explicit parameter client_id_scheme (it's prefixed in the client_id)
    • OpenID4VP: Do not send signed JWT as authentication responses, but always encrypt them when using direct_post.jwt
    • OpenID4VP: Remove signDeviceAuthFallback in OpenId4VpHolder which has been used for mDoc presentations, but was not part of any spec
    • OpenID4VP: Remove BackwardsCompatibleDCQLQuerySerializer which has been able to parse DCQL queries as strings in addition to the usual JSON object
    • OpenID4VP: Never sign responses, either send it in plain or encrypted (OpenID4VP 1.0 has dropped JARM)
    • DCAPI: Remove (already deprecated) preview data class PreviewDCAPIRequest, either use OpenID4VP or ISO 18013-7 Annex C
  • JWE:
    • Add EncryptJweSymmetricFun and EncryptJweSymmetric and DecryptJweSymmetric
  • OAuth 2.0:
    • Refactor the split between credential issuer (OpenID4VCI) and authorization server (OAuth2.0)
    • SimpleAuthorizationService supports token exchange acc. to RFC 8693
    • SimpleAuthorizationService supports token introspection acc. to RFC 7662
    • Implement RemoteOAuth2AuthorizationServerAdapter so that credential issuers may be connected to external OAuth2.0 authorization servers
    • Implement OAuth2KtorClient to implement a ktor-based client for OAuth 2.0, including OAuth 2.0 Demonstrating Proof of Possession (DPoP)
    • Remove generics from methods in OpenId4VpHolder and work directly with AuthorizationRequestParameters
    • In PresentationFactory replace RequestParameters in function signatures to work directly with AuthorizationRequestParameters
    • Remove all parameters from RequestParameters, moved into their respective implementing class
    • Add data class JarRequestParameters implementing RequestParameters to handle JWT-secured authorization requests explicitly
    • In AuthorizationService and SimpleAuthorizationService deprecate method authorize with AuthenticationRequestParameters, use RequestParameters instead
    • In AuthorizationService and SimpleAuthorizationService deprecate method par with AuthenticationRequestParameters, use RequestParameters instead
    • In OAuth2Client add method createAuthRequestJar to make intent more explicit
    • Allow SimpleAuthorizationService to toggle usage of PAR and JAR with new requirePushedAuthorizationRequests and requestObjectSigningAlgorithms parameters
  • Cryptography:
    • Use secure random for source of nonces by default, but also expose constructor parameters to override it
  • Update implementation of OpenID for Verifiable Credential Issuance to draft 17:
    • Offer signedMetadata in CredentialIssuer
    • In OpenIdAuthorizationDetails deprecate properties that have been dropped from the spec: format, docType, sdJwtVcType and credentialDefinition
    • In SupportedCredentialFormat add new property about CredentialMetadata, moving display and claims
    • In TokenResponseParameters remove clientNonce that has been dropped in OID4VCI draft 14
    • In CredentialRequestParameters deprecate proof, use proofs instead
    • Use correct error values for unknown_credential_configuration and unknown_credential_identifier
    • In CredentialIssuer deprecate constructor parameters encryptCredentialRequest, requireEncryption, supportedJweAlgorithms, supportedJweEncryptionAlgorithms
    • In CredentialIssuer introduce constructor parameter encryptionService which handles credential request decryption and credential response encryption
    • In CredentialIssuer deprecate method nonce()
    • In CredentialIssuer add method nonceWithDpopNonce() to provide a DPoP nonce to clients (only when the AS is internal)
    • In CredentialIssuer use the COSE algorithm identifiers (e.g. -7) for signing algorithm values in the metadata
    • In WalletService deprecate constructor parameters requestEncryption, decryptionKeyMaterial, supportedJweAlgorithm, supportedJweEncryptionAlgorithm
    • In WalletService introduce constructor parameter encryptionService which handles credential request encryption and credential response decryption
    • In WalletService add method parseCredentialResponse to transform the received credential response from the issuer into StoreCredentialInput
    • In WalletService deprecate method createCredentialRequest and replace it with createCredential to handle encryption
  • Presentation classes:
  • In CreatePresentationResult.Signed add property containing JwsSigned<VerifiablePresentationJws>
  • In CreatePresentationResult.SdJwt add property containing SdJwtSigned
  • Deprecate SdJwtSigned.parse(), please migrate to SdJwtSigned.parseCatching()
  • OpenID for Verifiable Presentations: Update implementation to draft 29:
    • In AuthenticationRequestParameters deprecate member client_metadata_uri
    • In RequestOptions deprecate member clientMetadataUrl
    • In OpenIdConstants deprecate member X509SanUri
    • In AuthenticationRequestParameters and AuthorizationResponsePreparationState add VerifierInfo to display to user
    • In RelyingPartyMetadata deprecate vp_formats, replace with vp_formats_supported, using correct algorithm values
    • Change DCQLCredentialQuery.meta to be mandatory
    • Add DCQLEmptyCredentialMetadataAndValidityConstraints
    • In OpenId4VpVerifier add constructor parameter decryptionKeyMaterial to supply a key for decrypting encrypted responses from holders
    • In OAuth2AuthorizationServerMetadata deprecate client_id_schemes_supported, replace with client_id_prefixes_supported
    • Add ClientIdScheme.CertificateHash mapping to client identifier prefix x509_hash from OpenID4VP
    • Use session transcript for mDoc presentations as defined in OpenID4VP
    • Deprecate and refactor methods in OpenId4VpHolder and OpenId4VpWallet to fetch external resources only once, clients need to call startAuthorizationResponsePreparation() and then finalizeAuthorizationResponse()
    • OpenId4VpHolder does not return a KmmResult.failure when building the response fails, but returns AuthenticationResponseResult containing error parameters
    • OpenId4VpWallet does not send an error response to the verifier automatically
    • Extend RequestParametersFrom with sub-classes for DcApiSigned and DcApiUnsigned, removing the parameter dcApiRequest from several methods in OpenId4VpVerifier and OpenId4VpWallet
    • Extend RequestParametersFrom.JwsSigned with a parent member
    • Extend RequestParametersFrom.Json with a parent member
  • SD-JWT:
    • Honour digest defined in _sd_alg parameter to allow for more digests in issuance and verification of selective disclosures items
  • Make it possible to disable all apple targets by setting Gradle property disableAppleTargets=true (either through gradle.properties/local.properties or as env variable)
  • Dependency Updates:
    • Kotlin 2.2.21
    • Signum 3.18.2 / Supreme 0.10.2
  • Build Updates:
    • AGP 8.12.3 with new Android KMP Library Plugin
    • Migrate from Kotest to TestBalloon
    • Remove dodgy Swift-Klib workarounds
Loading

5.8.0

31 Jul 09:04
@nodh nodh
5.8.0
406c1fc

Choose a tag to compare

View all tags
5.8.0
  • Refactor AuthorizationServiceStrategy
    • Allow for general AuthorizationDetails
    • Remove filterAuthorizationDetails function
    • Add validateAuthorizationDetails function
    • Add matchAuthorizationDetails function
    • Add RqesAuthorizationServiceStrategy class
  • Refactor SimpleAuthorizationService and
    • Add SimpleQtspAuthorizationService class
    • Remove AuthorizationDetail matching and validation from class to interface function
  • Code organization:
    • Remove code elements deprecated in 5.7.0
    • Remove all remaining serialize() and deserialize() methods in data classes
    • Move data classes for token status into artifact openid-data-classes, keeping the namespace
    • Move data classes for VC and SD-JWT into artifact openid-data-classes, keeping the namespace
  • Refactoring of ISO data classes:
    • Move data classes from vck to openid-data-classes
    • List of classes moved: MobileSecurityObject, Document, IssuerSigned, DeviceResponse
  • Issuer:
    • Extract interface StatusListIssuer out of Issuer to separate credential issuing and status list management
    • Rework interface IssuerCredentialStore, deprecating methods storeGetNewIndex and class IssuerCredentialStore.Credential
    • In Issuer.IssuedCredential add the typed credentials as properties, add property userInfo
    • In StatusListIssuer deprecate methods revokeCredentials() and revokeCredentialsWithId(), callers should use revokeCredential()
    • In CredentialIssuer deprecate constructor parameter credentialProvider, replace with credentialDataProvider
    • Extend CredentialToBeIssued to contain properties expiration, scheme, subjectPublicKey, userInfo
    • In CredentialIssuer move constructor parameter for loading data to method credential()
    • Extract ProofValidator out of CredentialIssuer
    • Extract CredentialSchemeMapping out of various top-level methods
    • In SimpleAuthorizationService deprecate constructor parameter dataProvider, use authorize() with OAuth2LoadUserFun instead
    • In AuthorizationService deprecate authorize() methods, adding authorize() with OAuth2LoadUserFun
  • Credential schemes:
    • Provide fallback credential schemes, to be used when no matching scheme is registered with this library:
      • SdJwtFallbackCredentialScheme
      • VcFallbackCredentialScheme
      • IsoMdocFallbackCredentialScheme
    • Note that these schemes are not resolved automatically, and need to be used explicitly in client applications
  • SD-JWT:
    • Add data class for SD-JWT VC Type metadata in SdJwtTypeMetadata
    • Update signum to provide SD-JWT VC Type metadata in vctm in the header of a SD-JWT
  • Validation:
    • Remove internal class Parser and data classes ParseVpResult and ParseVcResult
    • Extract ValidatorMdoc, ValidatorSdJwt, ValidatorVcJws from Validator
    • In HolderAgent add constructor parameters for validatorVcJws, validatorSdJwt, validatorMdoc
    • In Validator deprecate constructor parameter resolveStatusListToken, clients shall use tokenStatusResolver instead
    • In Verifier remove parameter challenge from verifyPresentationIsoMdoc()
    • Rename SdJwtValidator to SdJwtDecoded
    • In VerifiablePresentationParsed add the input data too, that is the VerifiablePresentationJws
    • In IsoDocumentParsed add the input data too, that is the Document
  • Respond to failed authentication request with error:
    • In class OpenId4VpWallet add method sendAuthnErrorResponse
    • In data class OAuth2Error add member state
    • In data class AuthenticationResponse add member error, make params optional
    • In class AuthenticationResponseFactory add member signError
    • In class OpenId4VpHolder add member signError, add method createAuthnErrorResponse
  • Dependency Updates:
    • Kotlin 2.2.0
    • Signum 3.17.0 / Supreme 0.9.0
    • kotlinx.datetime 0.7.1.
      • This moves Instant and Clock to stdlib
      • (but introduces typealiases for easier migration)
      • Also forces serialization 1.9.0
    • Update to latest conventions plugin:
      • Bouncy Castle 1.81!!
      • Serialization 1.9.0
      • Coroutines 1.10.2
      • Ktor 3.2.2
      • Kotest 6.0.0.M6
    • Update JsonPath4K to 3.0.0
  • Disable bogus ios X64 test tasks
  • Help XCode to get its act together
  • Add a manual test workflow to try different kotlin/ksp/kotest versions
Loading

5.7.2

16 Jul 08:43
@nodh nodh
5.7.2
298b3ec

Choose a tag to compare

View all tags
5.7.2
  • Presentation Exchange: Fix validation of optional constraint fields
Loading

5.7.1

25 Jun 09:56
@nodh nodh
5.7.1
dea8447

Choose a tag to compare

View all tags
5.7.1
  • Signum 3.16.3/Supreme 0.8.3 to fix certificate encoding in JWS header
  • Remove okio dependency and use Supreme digest calculation instead
  • Set correct header when retrieving authn requests
Loading

5.7.0

17 Jun 08:03
@nodh nodh
5.7.0
280a1de

Choose a tag to compare

View all tags
5.7.0
  • Remote Qualified Electronic Signatures:
    • Remove code elements deprecated in 5.6.0
  • JWS and COSE handling:
    • Remove code elements deprecated in 5.6.0
  • OpenID for Verifiable Credential Issuance:
    • Expose oauth2Client in WalletService
    • Remove code elements deprecated in 5.6.3 in OpenId4VciClient
    • Update transaction_data_hashes according to result from openid/OpenID4VP#621
  • Holder:
    • Replace keyPair with keyMaterial
  • Functions:
    • Replace type aliases with functional interfaces (providing named parameters in implementations)
    • Make cryptographic verification functions suspending
  • Fully integrated crypto functionality based on Signum 3.16.2. This carries over breaking changes:
    • All debug-only kotlinx.serialization for cryptographic datatypes like certificates, public keys, etc. was removed
    • This finally cleans up the RSAorHMAC
      • SignatureAlgorithm.RSAorHMAC is now properly split into SignatureAlgorithm and MessageAuthenticationCode. Both implement DataIntegrityAlgorithm.
      • This split also affects JwsAlgorithm, which now has subtypes: Signature and MAC. Hence, JwsAlgorithm.ES256 -> JwsAlgorithm.Signature.ES256
  • Separate credential timeliness validation from content semantics validation
    • Change Validator constructor to include configuration of the credential timeliness validator
    • Change Validator.verifyVcJws to not perform timeliness validation
    • Change Validator.verifySdJwt to not perform timeliness validation
    • Replace propertyisRevoked with property freshnessSummary in:
      • Verifier.VerifyPresentationResult.SuccessSdJwt
      • IsoDocumentParsed
      • AuthnResponseResult.SuccessSdJwt
    • Change type of VerifiablePresentationParsed.verifiableCredentials and revokedVerifiableCredentials to Collection<VcJwsVerificationResultWrapper>
    • Rename VerifiablePresentationParsed.verifiableCredentials to VerifiablePresentationParsed.freshVerifiableCredentials
    • Rename VerifiablePresentationParsed.revokedVerifiableCredentials to VerifiablePresentationParsed.notVerifiablyFreshVerifiableCredentials
    • Remove Validator.checkRevocationStatus in favor of Validator.checkCredentialFreshness
    • Remove Holder.StoredCredential.status
    • Remove Verifier.VerifyCredentialResult.Revoked
    • Add constructor parameter Validator.acceptedTokenStatuses to allow library client to define token statuses deemed valid
  • Add support for Digital Credentials API as defined in OID4VP draft 28 and ISO 18013-7 Annex C:
    • Implement DCAPIRequest for requests received via the Digital Credentials API, with implementations for OID4VP (Oid4vpDCAPIRequest), ISO 18013-7 Annex C (IsoMdocRequest) and a non-standardised preview protocol (PreviewDCAPIRequest)
    • New property of type Oid4vpDCAPIRequest for requests originating from the Digital Credentials API in AuthorizationResponsePreparationState
    • New parameter of type Oid4vpDCAPIRequest for requests originating from the Digital Credentials API in OpenId4VpHolder.parseAuthenticationRequestParameters, RequestParameters.extractAudience PresentationFactory.createPresentation PresentationFactory.calcDeviceSignature RequestParser.parseRequestParameters RequestParser.extractRequestObject RequestParser.parseRequestObjectJws RequestParser.matchRequestParameterCases HolderAgent.getValidCredentialsByPriority
    • New optional parameter filterById of type String in Holder.matchInputDescriptorsAgainstCredentialStore, HolderAgent.getValidCredentialsByPriority HolderAgent.matchInputDescriptorsAgainstCredentialStore HolderAgent.matchDCQLQueryAgainstCredentialStore to filter credentials by id
    • New method SubjectCredentialStore.getDcApiId to generate an id of type String for a credential
    • New optional property of type DCAPIHandover for SessionTranscript
  • Return member of interface AuthenticationResult instead of AuthenticationSuccess as authorization response in OpenId4VpWallet. Can either be
    • AuthenticationSuccess: contains a redirectUri (same behaviour as in 5.6.x)
    • AuthenticationForward: contains the authenticationResponseResult for responses via the Digital Credentials API
  • Refactoring of ISO data classes:
    • Move data classes from vck to openid-data-classes
    • Remove serialize() and deserialize() methods, please use the preferred serializer directly (e.g. vckCborSerializer)
    • List of classes moved: ClientIdToHash, DeviceAuth, DeviceAuthentication, DeviceKeyInfo, DeviceRequest, DeviceSigned, DeviceSignedItemListSerializer, DeviceSignedList, DocRequest, ItemsRequest, IssuerSignedItem, IssuerSignedItemSerializer, IsserSignedList, IssuerSignedListSerializer, ItemsRequestList, ItemsRequestListSerializer, KeyAuthorization, NamespacedDeviceNameSpacesSerializer, NamespacedIssuerSignedListSerializer, ResponseUriToHash, ServerItemsRequest, ServerRequest, ServerResponse, SessionTranscript, SingleItemsRequest, ValidityInfo, ValueDigest, ValueDigestList, ValueDigestListSerializer
  • Additional:
    • Remove Holder.StoredCredential in favor of SubjectCredentialStore.StoreEntry
    • Update AGP to 8.6.1 for composite builds with Valera
    • Make OAuth2Exception serializable
    • Add data class LocalDateOrInstant to be used by credentials
Loading

5.6.6

16 Jun 15:14
@nodh nodh
5.6.6
5b26a12

Choose a tag to compare

View all tags
5.6.6
  • OpenID for Verifiable Presentations:
    • Fix applying presentation exchange filters to credentials (array and object filters)
  • OpenID for Verifiable Credential Issuance:
    • On issued SD-JWT VC do not validate subject but the confirmation claim
    • Do not require proof_type in proofs in a credential request to be set
Loading

5.6.5

02 Jun 09:38
@nodh nodh
5.6.5
b8a158f

Choose a tag to compare

View all tags
5.6.5
  • OpenID for Verifiable Presentations:
    • Change JSON Path serialization for claims to dot notation (for EUDIW reference implementation)
    • Change vct filter to contain const instead of pattern (for EUDIW reference implementation)
    • Treat requested attributes as optional, if not explicitly set as required
    • Treat selected submission from the user as valid, let verifier decide if submission shall be accepted
Loading