vc-authn-oidc icon indicating copy to clipboard operation
vc-authn-oidc copied to clipboard

Published 20 hours ago verified publisher icon bcgov

Revocation interval to and from should match as a best practices

Open jleach opened this issue 3 years ago • 2 comments

The Problem

In our testing we noticed that your non-revocation interval in a proof request is sending the following dates:

"to": 1651792006,
"from": 0

While this is technically correct there are some subtlety to these dates as described here. It is recommended as a best practice to use matching to and from. The framework we are using, AFJ, is somewhat strict on this usage and is causing issues.

Requested Change

What are your thoughts on updating the logic to have a matching to and from fields?

Existing:

"to": 1651792006,
"from": 0

Proposed:

"to": 1651792006,
"from": 1651792006

jleach avatar May 13 '22 14:05 jleach

The only issue with the above change would be the compatibility with existing wallets: the last time I tested things they (eSatus, Lissi, Trinsic) were not correctly handling the non-revocation interval with matching timestamps and I had to set them as they are now for the proof-requests to be successfully validated.

esune avatar May 13 '22 18:05 esune

I think, but am not certain, that testing has been done. But for sure, when we put this on Dev and Test we need to verify, and if it doesn't work, we'll figure out how to let folks know what works and what doesn't. We need to make the change regardless, so it is just a matter of figuring out the impact and letting people know.

swcurran avatar May 13 '22 19:05 swcurran

@swcurran was the behaviour verified and confirmed with all (most?) available wallets? Do we want to update the code in the current implementation or wait for the first 2.0 release to get this change?

esune avatar Jan 18 '23 20:01 esune

We have to be certain that BC Wallet works, and it would be nice to test esatus and LISSI at least, perhaps Trinsic as well.

Updating this as soon as possible after that would be good. Testing it with a local vc-authn-oidc instance is probably the easiest way to handle this.

If you let me know the results — perhaps add comment here — I’ll find a way to get a public place where we can track features of wallets vs. AIPs and features like this.

swcurran avatar Jan 19 '23 00:01 swcurran

This is resolved by https://github.com/bcgov/vc-authn-oidc/pull/233

It is ONLY implemented in the 2.0 version of vc-authn, we will not be updating the current version as it has reached end-of-life.

esune avatar Mar 09 '23 21:03 esune