@sd-jwt/sd-jwt-vc 0.19.1-next.8 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md ADDED
@@ -0,0 +1,28 @@
1
+ # Change Log
2
+
3
+ All notable changes to this project will be documented in this file.
4
+ See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
+
6
+ # [0.20.0](https://github.com/openwallet-foundation/sd-jwt-js/compare/v0.1.0...v0.20.0) (2026-06-29)
7
+
8
+
9
+ ### Features
10
+
11
+ * version fixing to current 0.19.0 ([#382](https://github.com/openwallet-foundation/sd-jwt-js/issues/382)) ([d88c631](https://github.com/openwallet-foundation/sd-jwt-js/commit/d88c631fe4c3cefcbc96f268cb9d340296facbba))
12
+
13
+
14
+
15
+
16
+
17
+ # [0.1.0](https://github.com/openwallet-foundation/sd-jwt-js/compare/v0.19.0...v0.1.0) (2026-06-29)
18
+
19
+
20
+ ### Bug Fixes
21
+
22
+ * **core:** reject tampered/unreferenced disclosures and reserved claims ([#380](https://github.com/openwallet-foundation/sd-jwt-js/issues/380)) ([3d8a72a](https://github.com/openwallet-foundation/sd-jwt-js/commit/3d8a72a0a279d67439db038c9c2b52621568b866))
23
+ * **sd-jwt-vc:** config param type override in SDJwtVcInstance ([#379](https://github.com/openwallet-foundation/sd-jwt-js/issues/379)) ([fe18c35](https://github.com/openwallet-foundation/sd-jwt-js/commit/fe18c3572055c3307d05f43f738c1d3c3f15de38))
24
+
25
+
26
+ ### Features
27
+
28
+ * allow disabling status verification ([#381](https://github.com/openwallet-foundation/sd-jwt-js/issues/381)) ([c9d73e4](https://github.com/openwallet-foundation/sd-jwt-js/commit/c9d73e4db2a925e5096988fffe7eded62db1b6a7))
package/dist/index.d.mts CHANGED
@@ -986,10 +986,10 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
986
986
  protected userConfig: SDJWTVCConfig;
987
987
  constructor(userConfig?: SDJWTVCConfig);
988
988
  /**
989
- * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
989
+ * Validates if the disclosure frame attempts to selectively disclose protected SD-JWT-VC claims.
990
990
  * @param disclosureFrame
991
991
  */
992
- protected validateReservedFields(disclosureFrame: DisclosureFrame<SdJwtVcPayload>): void;
992
+ protected validateDisclosureFrame(disclosureFrame?: DisclosureFrame<SdJwtVcPayload>): void;
993
993
  /**
994
994
  * Fetches the status list from the uri with a timeout of 10 seconds.
995
995
  * @param uri The URI to fetch from.
@@ -1100,6 +1100,7 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
1100
1100
  * @param options
1101
1101
  */
1102
1102
  private verifyStatus;
1103
+ config(newConfig: SDJWTVCConfig): void;
1103
1104
  }
1104
1105
 
1105
1106
  export { type BackgroundImage, BackgroundImageSchema, type Claim, type ClaimDisplay, ClaimDisplaySchema, type ClaimPath, ClaimPathSchema, ClaimSchema, type ClaimSelectiveDisclosure, ClaimSelectiveDisclosureSchema, ColorSchemeSchema, ContrastSchema, type Display, DisplaySchema, type Logo, LogoSchema, OrientationSchema, type Rendering, RenderingSchema, type ResolvedTypeMetadata, type SDJWTVCConfig, type SDJWTVCStatusReference, SDJwtVcInstance, type SdJwtVcPayload, type SimpleRendering, SimpleRenderingSchema, type StatusListFetcher, type StatusValidator, type SvgTemplateProperties, SvgTemplatePropertiesSchema, type SvgTemplateRendering, SvgTemplateRenderingSchema, type TypeMetadataFormat, TypeMetadataFormatSchema, type VCTFetcher, type VerificationResult };
package/dist/index.d.ts CHANGED
@@ -986,10 +986,10 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
986
986
  protected userConfig: SDJWTVCConfig;
987
987
  constructor(userConfig?: SDJWTVCConfig);
988
988
  /**
989
- * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
989
+ * Validates if the disclosure frame attempts to selectively disclose protected SD-JWT-VC claims.
990
990
  * @param disclosureFrame
991
991
  */
992
- protected validateReservedFields(disclosureFrame: DisclosureFrame<SdJwtVcPayload>): void;
992
+ protected validateDisclosureFrame(disclosureFrame?: DisclosureFrame<SdJwtVcPayload>): void;
993
993
  /**
994
994
  * Fetches the status list from the uri with a timeout of 10 seconds.
995
995
  * @param uri The URI to fetch from.
@@ -1100,6 +1100,7 @@ declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
1100
1100
  * @param options
1101
1101
  */
1102
1102
  private verifyStatus;
1103
+ config(newConfig: SDJWTVCConfig): void;
1103
1104
  }
1104
1105
 
1105
1106
  export { type BackgroundImage, BackgroundImageSchema, type Claim, type ClaimDisplay, ClaimDisplaySchema, type ClaimPath, ClaimPathSchema, ClaimSchema, type ClaimSelectiveDisclosure, ClaimSelectiveDisclosureSchema, ColorSchemeSchema, ContrastSchema, type Display, DisplaySchema, type Logo, LogoSchema, OrientationSchema, type Rendering, RenderingSchema, type ResolvedTypeMetadata, type SDJWTVCConfig, type SDJWTVCStatusReference, SDJwtVcInstance, type SdJwtVcPayload, type SimpleRendering, SimpleRenderingSchema, type StatusListFetcher, type StatusValidator, type SvgTemplateProperties, SvgTemplatePropertiesSchema, type SvgTemplateRendering, SvgTemplateRenderingSchema, type TypeMetadataFormat, TypeMetadataFormatSchema, type VCTFetcher, type VerificationResult };
package/dist/index.js CHANGED
@@ -280,10 +280,10 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends import_core.SDJwtInstance {
280
280
  }
281
281
  }
282
282
  /**
283
- * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
283
+ * Validates if the disclosure frame attempts to selectively disclose protected SD-JWT-VC claims.
284
284
  * @param disclosureFrame
285
285
  */
286
- validateReservedFields(disclosureFrame) {
286
+ validateDisclosureFrame(disclosureFrame) {
287
287
  if ((disclosureFrame == null ? void 0 : disclosureFrame._sd) && Array.isArray(disclosureFrame._sd) && disclosureFrame._sd.length > 0) {
288
288
  const reservedNames = ["iss", "nbf", "exp", "cnf", "vct", "status"];
289
289
  const reservedNamesInDisclosureFrame = disclosureFrame._sd.filter(
@@ -716,6 +716,9 @@ ${import_zod2.default.prettifyError(validated.error)}`
716
716
  verifyStatus(result, options) {
717
717
  return __async(this, null, function* () {
718
718
  var _a, _b, _c;
719
+ if (options == null ? void 0 : options.disableStatusVerification) {
720
+ return;
721
+ }
719
722
  if (result.payload.status) {
720
723
  if (result.payload.status.status_list) {
721
724
  const fetcher = (_a = this.userConfig.statusListFetcher) != null ? _a : this.statusListFetcher.bind(this);
@@ -745,6 +748,9 @@ ${import_zod2.default.prettifyError(validated.error)}`
745
748
  }
746
749
  });
747
750
  }
751
+ config(newConfig) {
752
+ super.config(newConfig);
753
+ }
748
754
  };
749
755
  // Annotate the CommonJS export names for ESM import in node:
750
756
  0 && (module.exports = {
package/dist/index.mjs CHANGED
@@ -242,10 +242,10 @@ var SDJwtVcInstance = class _SDJwtVcInstance extends SDJwtInstance {
242
242
  }
243
243
  }
244
244
  /**
245
- * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
245
+ * Validates if the disclosure frame attempts to selectively disclose protected SD-JWT-VC claims.
246
246
  * @param disclosureFrame
247
247
  */
248
- validateReservedFields(disclosureFrame) {
248
+ validateDisclosureFrame(disclosureFrame) {
249
249
  if ((disclosureFrame == null ? void 0 : disclosureFrame._sd) && Array.isArray(disclosureFrame._sd) && disclosureFrame._sd.length > 0) {
250
250
  const reservedNames = ["iss", "nbf", "exp", "cnf", "vct", "status"];
251
251
  const reservedNamesInDisclosureFrame = disclosureFrame._sd.filter(
@@ -678,6 +678,9 @@ ${z2.prettifyError(validated.error)}`
678
678
  verifyStatus(result, options) {
679
679
  return __async(this, null, function* () {
680
680
  var _a, _b, _c;
681
+ if (options == null ? void 0 : options.disableStatusVerification) {
682
+ return;
683
+ }
681
684
  if (result.payload.status) {
682
685
  if (result.payload.status.status_list) {
683
686
  const fetcher = (_a = this.userConfig.statusListFetcher) != null ? _a : this.statusListFetcher.bind(this);
@@ -707,6 +710,9 @@ ${z2.prettifyError(validated.error)}`
707
710
  }
708
711
  });
709
712
  }
713
+ config(newConfig) {
714
+ super.config(newConfig);
715
+ }
710
716
  };
711
717
  export {
712
718
  BackgroundImageSchema,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sd-jwt/sd-jwt-vc",
3
- "version": "0.19.1-next.8+24addee",
3
+ "version": "0.20.0",
4
4
  "description": "sd-jwt draft 7 implementation in typescript",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.mjs",
@@ -39,7 +39,7 @@
39
39
  "license": "Apache-2.0",
40
40
  "dependencies": {
41
41
  "@owf/token-status-list": "^0.1.0-alpha-20260312123226",
42
- "@sd-jwt/core": "0.19.1-next.8+24addee",
42
+ "@sd-jwt/core": "0.20.0",
43
43
  "zod": "^4.3.5"
44
44
  },
45
45
  "devDependencies": {
@@ -63,5 +63,5 @@
63
63
  "esm"
64
64
  ]
65
65
  },
66
- "gitHead": "24addee9fb8f5b12ac98b24b3ca527639b28c711"
66
+ "gitHead": "af170ace9b42984f8c6447caf23256fde6204b31"
67
67
  }
@@ -48,20 +48,18 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
48
48
  }
49
49
 
50
50
  /**
51
- * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
51
+ * Validates if the disclosure frame attempts to selectively disclose protected SD-JWT-VC claims.
52
52
  * @param disclosureFrame
53
53
  */
54
- protected validateReservedFields(
55
- disclosureFrame: DisclosureFrame<SdJwtVcPayload>,
54
+ protected validateDisclosureFrame(
55
+ disclosureFrame?: DisclosureFrame<SdJwtVcPayload>,
56
56
  ): void {
57
- //validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-08.html#section-3.2.2.2
58
57
  if (
59
58
  disclosureFrame?._sd &&
60
59
  Array.isArray(disclosureFrame._sd) &&
61
60
  disclosureFrame._sd.length > 0
62
61
  ) {
63
62
  const reservedNames = ['iss', 'nbf', 'exp', 'cnf', 'vct', 'status'];
64
- // check if there is any reserved names in the disclosureFrame._sd array
65
63
  const reservedNamesInDisclosureFrame = disclosureFrame._sd.filter((key) =>
66
64
  reservedNames.includes(String(key)),
67
65
  );
@@ -625,6 +623,10 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
625
623
  result: VerificationResult,
626
624
  options?: VerifierOptions,
627
625
  ): Promise<void> {
626
+ if (options?.disableStatusVerification) {
627
+ return;
628
+ }
629
+
628
630
  if (result.payload.status) {
629
631
  //checks if a status field is present in the payload based on https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-02.html
630
632
  if (result.payload.status.status_list) {
@@ -670,4 +672,8 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
670
672
  }
671
673
  }
672
674
  }
675
+
676
+ public config(newConfig: SDJWTVCConfig) {
677
+ super.config(newConfig);
678
+ }
673
679
  }
@@ -120,7 +120,7 @@ describe('Revocation', () => {
120
120
  },
121
121
  });
122
122
 
123
- test('Test with a non revcoked credential', async () => {
123
+ test('Test with a non revoked credential', async () => {
124
124
  const claims = {
125
125
  firstname: 'John',
126
126
  status: {
@@ -152,6 +152,24 @@ describe('Revocation', () => {
152
152
  await expect(result).rejects.toThrowError('Status is not valid');
153
153
  });
154
154
 
155
+ test('Test with a revoked credential but status verification disabled', async () => {
156
+ const claims = {
157
+ firstname: 'John',
158
+ status: {
159
+ status_list: {
160
+ uri: 'https://example.com/status-list',
161
+ idx: 1,
162
+ },
163
+ },
164
+ };
165
+ const expectedPayload: SdJwtVcPayload = { iat, iss, vct, ...claims };
166
+ const encodedSdjwt = await sdjwt.issue(expectedPayload);
167
+ const result = await sdjwt.verify(encodedSdjwt, {
168
+ disableStatusVerification: true,
169
+ });
170
+ expect(result).toBeDefined();
171
+ });
172
+
155
173
  test('test to fetch the statuslist', async () => {
156
174
  //TODO: not implemented yet since we need to either mock the fetcher or use a real fetcher
157
175
  });