Holder does not detect mismatch in offered and issued credential
Opened this issue · 0 comments
Patrik-Stas commented
Hi, I think I found an issue. It's not a biggie but I am posting it here for tracking purpose.
Here's the scenario
- issuer creates offer, offering
FooCredential
(the following is fragment of resolved credential offer)
"offeredCredentialConfigurations": {
"FooCredential": {
"proof_types_supported": {
"jwt": {
"proof_signing_alg_values_supported": [
"EdDSA",
"ES256",
"ES256K"
]
}
},
"format": "jwt_vc_json",
"credential_definition": {
"type": [
"VerifiableCredential",
"FooCredential"
]
}
}
},
using code such as
export const fooCredential = {
id: 'FooCredential',
format: OpenId4VciCredentialFormatProfile.JwtVcJson,
types: ['VerifiableCredential', ServiceCredentialTypes.Foo],
} satisfies OpenId4VciCredentialSupportedWithId;
async function createOffer(...) {
....
return await this.#issuanceAgent.createCredentialOffer([
fooCredential.id,
]);
}
When holder requests credential, actually issue him different credential BarCredential
{
'@context': [ 'https://www.w3.org/2018/credentials/v1' ],
type: [ 'VerifiableCredential', 'BarCredential' ],
credentialSubject: {
number: '123456789',
id: 'did:key:z6MkuAXvSM64j7nAFo6mqzFAeg4HLz7rPXsqeGtHTWuaEW9M'
},
issuanceDate: '2024-10-01T08:31:19Z',
expirationDate: undefined,
issuer: 'did:key:z6MktiQQEqm2yapXBDt1WEVB3dqgvyzi96FuFANYmrgTrKV9',
id: undefined
}
using code such as
export const barCredential = {
id: 'BarCredential',
format: OpenId4VciCredentialFormatProfile.JwtVcJson,
types: ['VerifiableCredential', ServiceCredentialTypes.Bar],
} satisfies OpenId4VciCredentialSupportedWithId;
requestToCred: OpenId4VciCredentialRequestToCredentialMapper = async ({
issuanceSession,
holderBinding,
}): Promise<OpenId4VciSignCredential> => {
....
{
credentialSupportedId: barCredential.id,
format: ClaimFormat.JwtVc,
credential: new W3cCredential({
type: barCredential.types,
issuer: new W3cIssuer({
id: issuerDidKey.did,
}),
credentialSubject: new W3cCredentialSubject({
id: parseDid(holderBinding.didUrl).did,
claims,
}),
issuanceDate: w3cDate(Date.now()),
}),
verificationMethod: `${issuerDidKey.did}#${issuerDidKey.key.fingerprint}`,
};
}
eg. simply issuing BarCredential
instead of "promised" FooCredential
I guess I would expect Holder to error out upon receiving the credential, but right now the credential is succesfuly stored.