did-jwt
did-jwt copied to clipboard
Add support for providing verifier
It is currently possible to specify a custom signer, but it's not possible to specify a custom verifier.
createJWT
allows signing with custom algorithm, like "SS256K" (Schnorr), but it's not possible to specify the verifier using the verifyJWT
, so if the JWT/JWS is signed with a custom signer, the verifier will fail.
Very true.
This is related to #170 in the sense that if this library were more modular you would be able to load custom verifiers too.
Otherwise the solution is to add a SS256K verifier to the embedded bunch already supported.
If that doesn't come with extra dependency baggage, it would be a quick fix, but since I haven't worked with SS256K before I'm not aware of the existing implementations out there.
Do you have insight into this, @sondreb ?
We have in our identity wallet, previously migrated to @noble/secp256k1, so to avoid dependency on yet another library for the same purpose, I wanted to create our own Signer and Verifier using that library. It's not super important to use the new library, though it's very clean, zero dependencies and very fast.
did-jwt relies on elliptic
package (doesn't appear to be any development on it for year and a half) which does not implement BIP0340 (Schnorr signatures), so adding support for "SS256K" wouldn't be possible without doing something with dependencies.
Couple of unrelated things I noticed:
- The example in README.md uses
publicKey
instead ofverificationMethod
. - There is no support for
JsonWebKey2020
(andJsonWebSignature2020
), but need to useEcdsaSecp256k1VerificationKey2019
.
My preferred option would be to use JsonWebKey2020 with an Schnorr Public Key, which only defines the x coordinate. Guess that could be marked by setting the "crv" on the jwk field to "SS256K", mapping that to the exact same value as the "alg" on the signed JWT/JWS. I already had a working implementation using "publicKeyMultibase", but was not sure if JWK was a "better" option.
https://github.com/decentralized-identity/did-jwt/commit/60987e0025b1fd45e4a8e583a8c1e28df403fa0b fixes what I mentioned here with no support for JsonWebKey2020
. Thanks!