Mirko Mollik

> Just wanted to also link to section 13. Of this new revocation spec, that outlines why checking revocation is a decision made on the business layer: https://peppelinux.github.io/draft-demarco-oauth-status-attestations/draft-demarco-oauth-status-attestations.html#name-considerations-on-revocatio > Yes,...

> This is the statement from OWF discord: > > > Explicit typing is a recommended best practice for use of JWTs. So i think it would be good to...

@lukasjhan in case of signature validation, we need to update the internal storage of signature in the `JWT` object: https://github.com/openwallet-foundation-labs/sd-jwt-js/blob/main/packages/core/src/jwt.ts#L117 Because for the json approach there could be multiple signatures....

Closing this in favor of #253

@auer-martin what about the notification_id in the CredentialResponse: ``` export interface CredentialResponse extends ExperimentalSubjectIssuance { credential?: W3CVerifiableCredential; // OPTIONAL. Contains issued Credential. MUST be present when acceptance_token is not returned....

My fault, I was talking from the client side, not from the RP side. I like your proposed suggestion. But according to the docs we need to return a sucess:...

That does not make so much sense: A generalised Json serialisation can have multiple issuer signatures (required for jades signature). So we can not transfer from this to compact when...

I have implemented it for the issuance, but decoding and tests are missing. Maybe I am able to create a pr until Friday

I don't think that is possible, see my current PR. The jwt object needs to hold multiple signatures, so we need to touch some of the core classes

@lukasjhan I think we can close this issue since it was added with your pr, correct?