Skip to content

Rephrase conditions to provide nonce in proof types based on presence of Nonce endpoint #678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
awoie wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Rephrase conditions to provide nonce in proof types based on presence of Nonce endpoint #678

awoie wants to merge 6 commits into from

Conversation

@awoie
Copy link
Contributor

@awoie awoie commented Nov 11, 2025
edited
Loading

Potentially fixes #677 , potentially fixes #676

Note that I created the PR based on #676 (comment).

IMO, one implication is that for nonce claims in a key_attestation in a jwt proof, it means, the wallet decides whether to include it which is how I interpret the current version of the spec but wanted to point this out in case it is not obvious for readers of this PR. If the issuer insists on the presence which is unlikely, it could still provide a nonce error. To improve this behaviour, we could define a dedicated issuer metadata parameter, e.g., require_nonce_in_key_attesatation_in_jwt_proof in a backward compatible way to improve this behaviour.

paulbastian
paulbastian approved these changes Nov 11, 2025
View reviewed changes
Copy link
Contributor

@paulbastian paulbastian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't judge for DI, but the fix on jwt proof_type looks right

Sakurann
Sakurann reviewed Nov 11, 2025
View reviewed changes
@awoie @Sakurann
Applied Kristina's suggestion
7fb46cb 
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
jogu
jogu requested changes Nov 11, 2025
View reviewed changes
Copy link
Contributor

@jogu jogu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still have the part here to solve: #676 (comment) (or we should raise a new issue for that, I don't have a strong opinion which).

I think we should apply the change to 1.0 as well.

@babisRoutis
Copy link
Contributor

babisRoutis commented Nov 19, 2025

Hi @awoie

Please consider updating the definition of nonce claim of key_attestation found in appendix E.

Currently the definition is

nonce: OPTIONAL. String that represents a nonce provided by the Issuer to prove that a key attestation was freshly generated

IMO this could be update to include

MUST be present if the attestation is used with attestation Proof type, if credential issuer provides a nonce endpoint

@awoie awoie requested a review from Sakurann November 20, 2025 16:53
@c2bo
Copy link
Member

c2bo commented Nov 25, 2025

Hi @awoie

Please consider updating the definition of nonce claim of key_attestation found in appendix E.

Currently the definition is

nonce: OPTIONAL. String that represents a nonce provided by the Issuer to prove that a key attestation was freshly generated

IMO this could be update to include

MUST be present if the attestation is used with attestation Proof type, if credential issuer provides a nonce endpoint

I was wondering about the same point - we should be clear where exactly nonce is required and where not. In the case of proof type attestation we still want to mandate its presence, right?

@babisRoutis
Copy link
Contributor

babisRoutis commented Nov 25, 2025

I was wondering about the same point - we should be clear where exactly nonce is required and where not. In the case of proof type attestation we still want to mandate its presence, right?

@c2bo

My truth table ( 😄 ) for nonce in the key_attestation:

key_attestation carrier Nonce endpoint present Nonce endpoint absent
Proof of type jwt Optional (Wallet's decision). If present should be from nonce_endpoint Must not be present
Proof of type attestation Mandatory Must not be present

@awoie
Copy link
Contributor Author

awoie commented Nov 25, 2025

Hi @awoie
Please consider updating the definition of nonce claim of key_attestation found in appendix E.
Currently the definition is

nonce: OPTIONAL. String that represents a nonce provided by the Issuer to prove that a key attestation was freshly generated

IMO this could be update to include

MUST be present if the attestation is used with attestation Proof type, if credential issuer provides a nonce endpoint

I was wondering about the same point - we should be clear where exactly nonce is required and where not. In the case of proof type attestation we still want to mandate its presence, right?

For the attestation proof type we have this:

If the Credential Issuer has a Nonce Endpoint (as defined in Section 8), the c_nonce value provided by the Credential Issuer MUST be provided in the key attestation's nonce parameter.

@awoie
Copy link
Contributor Author

awoie commented Nov 25, 2025
edited
Loading

Hi @awoie
Please consider updating the definition of nonce claim of key_attestation found in appendix E.
Currently the definition is

nonce: OPTIONAL. String that represents a nonce provided by the Issuer to prove that a key attestation was freshly generated

IMO this could be update to include

MUST be present if the attestation is used with attestation Proof type, if credential issuer provides a nonce endpoint

I was wondering about the same point - we should be clear where exactly nonce is required and where not. In the case of proof type attestation we still want to mandate its presence, right?

For the attestation proof type we have this:

If the Credential Issuer has a Nonce Endpoint (as defined in Section 8), the c_nonce value provided by the Credential Issuer MUST be provided in the key attestation's nonce parameter.

But yes, I agree with @babisRoutis.

I will clean up the language again to clarify all of this since I agree it is language that can be misinterpreted.

@awoie awoie requested a review from jogu December 7, 2025 17:42
@awoie
Copy link
Contributor Author

awoie commented Dec 7, 2025

@jogu I applied the change to 1.0. Let me know if there is anything else needed wrt change log. Also added some language on pre-generated attestations and how a wallet could detect whether an issuer requires a nonce in the key attestation based on the current specification, e.g., invalid_nonce error.

@awoie awoie requested a review from babisRoutis December 7, 2025 17:46
GarethCOliver
GarethCOliver reviewed Dec 16, 2025
View reviewed changes
1.1/openid-4-verifiable-credential-issuance-1_1.md
* `proofPurpose`: REQUIRED. MUST be set to `authentication`.
* `domain`: REQUIRED. MUST be set to the Credential Issuer Identifier.
* `challenge`: REQUIRED when the Credential Issuer has provided a `c_nonce`. It MUST NOT be used otherwise. String, where the value is a server-provided `c_nonce`. It MUST be present when the issuer has a Nonce Endpoint as defined in (#nonce-endpoint).
* `challenge`: REQUIRED when the Credential Issuer has a Nonce Endpoint as defined in (#nonce-endpoint). It MUST NOT be used otherwise. String, where the value is a server-provided `c_nonce`.
Copy link
Contributor

@GarethCOliver GarethCOliver Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's somewhat inconsistent we say this is REQUIRED (but only when the Issuer has a Nonce Endpoint) while above for nonce we say it is OPTIONAL (but required when the Issuer has a Nonce Endpoint).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GarethCOliver GarethCOliver GarethCOliver left review comments

@paulbastian paulbastian paulbastian approved these changes

@Sakurann Sakurann Awaiting requested review from Sakurann

@jogu jogu Awaiting requested review from jogu

@babisRoutis babisRoutis Awaiting requested review from babisRoutis

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"If the Credential Issuer provided a c_nonce" doesn't really make sense key attestation in the jwt proof header should be able to be pre-generated...

8 participants

@awoie @babisRoutis @c2bo @jogu @GarethCOliver @paulbastian @Sakurann