openid / connect / issues / #1691 - [OIDC4VCI] Proof checking insufficient — Bitbucket

Issue #1691 resolved

Daniel Fett created an issue 2022-10-25

As far as I can see, there are no instructions on checking the proof except for “the Credential Issuer MUST validate that the proof is actually signed by a key identified in kid parameter.”

This needs to be expanded to include, e.g.:

checking the relationship between the key and the key that is to be used for the credential
checking nonce, audience, issuer,
checking the times (iat),
checking any other properties of the key that are required (attestation?)

‌

Comments (2)

Kristina Yasuda
PR #542 raised. please review.
- 2023-06-15T05:56:17+00:00
Kristina Yasuda
- changed status to resolved
PR merged.
- 2023-07-28T04:30:51+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Credential Issuance

Milestone: –

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!