Mirko Mollik

> > And since PEX has no semantic versioning > > I think PEX does have semantic versioning? It has for the npm packages, but not on the releases here...

I think the signal option is good, because it allows the issuer to use the current "native" auth flow and in parallel the first party apps spec with the new...

This would be great. But will public decorators still work then? I am not familiar with decorators if they are executed in a sequence or not

It would help to validate variables. So instead of ``` if(jwk.exp && typeof jwk.exp === number) { } ``` you could go with ``` const schema = z.number(); schema.parse(jwk.exp) ```...

maybe it's enough to mention it in a readme, since the demanded implementation can be different: some are fine with the universal resolver, others want to resolve it locally. So...

Hi @fabrii , this library will not auto resolve the the public key, it has to be implemented by the getVerifier like: ```typescript import { ES256, digest, generateSalt } from...

@TimoGlastra you are correct, at the `sd-jwt` is not validating any fields, just checking the integrity of the jwt and if public fields should be disclosed (defined by the spec)....

I understand to validate credentials that are not in the present. But we need to be careful since statuslist does not allow to fetch older versions of a statuslist. So...

> > But as mentioned before I would love that I pass my rules to the verify function and the verify function returns the decoded payload or throws an error...

> Re the validations in sequence vs parallel, maybe we should split this up: > - one high level method which fails early > - multiple lower level functions. The...