Added DID Configuration Verification Endpoint #592
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## main #592 +/- ##
==========================================
- Coverage 24.05% 23.98% -0.07%
==========================================
Files 45 45
Lines 5330 5349 +19
==========================================
+ Hits 1282 1283 +1
- Misses 3807 3825 +18
Partials 241 241
|
| // | ||
| // 1. The credentialSubject.id MUST be a DID, and the value MUST be equal to both the Subject and Issuer of the Domain Linkage Credential. | ||
| credentialSubjectID := domainLinkageCredential.Credential.CredentialSubject["id"].(string) | ||
| if !strings.HasPrefix(credentialSubjectID, "did:") { |
There was a problem hiding this comment.
believe there's a method IsValidDID or similar in the utils somewhere
There was a problem hiding this comment.
I searched for something similar, but couldn't find anything.
| func NewDIDConfigurationService(keyStoreService *keystore.Service) *DIDConfigurationService { | ||
| return &DIDConfigurationService{keyStoreService: keyStoreService} | ||
| func NewDIDConfigurationService(keyStoreService *keystore.Service, didResolver resolution.Resolver, schema *schema.Service) (*DIDConfigurationService, error) { | ||
| client := &http.Client{Transport: otelhttp.NewTransport(http.DefaultTransport)} |
There was a problem hiding this comment.
should this be the default client (with timeouts, etc) and then add in the otel?
There was a problem hiding this comment.
DefaultClient is the same as the zero value of http.Client. Timeouts are carried by the ctx when the call is made.
We could have an httpClientProvider, but then that get's into the dependency injection and I wanted to keep this simple.
decentralgabe
approved these changes
Jul 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds the
v1/did-configurations/verificationendpoint, with documentation. It follows the spec in https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resource-verificationDescription
Now that we have an endpoint that can create a DIDConfiguration, this PR adds another endpoint so that clients can verify they've done the correct steps when hosting it (or that any other DID Configuration is correct).
How Has This Been Tested?
Unit tests were added. Integration tests were not added, since verifying
https://www.tbd.websitefails with the following reason :verifying JWT credential: error getting key to verify credential<>: did<did:key:z6Mkh4A6QTNCAFi4NZfnWt8qNSGXDGnNXhxXWewcpBrzS19v> has no verification methods with kid: did:key:z6Mkh4A6QTNCAFi4NZfnWt8qNSGXDGnNXhxXWewcpBrzS19v. I.e. we need to update the JWT to use the verification method ID, instead of the DID. This is tracked in a separate issue.Checklist
References
https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resource-verification