@sd-jwt/sd-jwt-vc 0.6.2-next.8 → 0.7.0

package/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.7.0](https://github.com/openwallet-foundation-labs/sd-jwt-js/compare/v0.6.1...v0.7.0) (2024-05-13)
+
+**Note:** Version bump only for package @sd-jwt/sd-jwt-vc
+
+
+
+
+
 ## [0.6.1](https://github.com/openwallet-foundation-labs/sd-jwt-js/compare/v0.6.0...v0.6.1) (2024-03-18)
 
 

package/README.md

@@ -83,8 +83,13 @@ const verified = await sdjwt.verify(presentation);
 
 Check out more details in our [documentation](https://github.com/openwallet-foundation-labs/sd-jwt-js/tree/main/docs) or [examples](https://github.com/openwallet-foundation-labs/sd-jwt-js/tree/main/examples)
 
+### Revocation
+To add revocation capabilities, you can use the `@sd-jwt/jwt-status-list` library to create a JWT Status List and include it in the SD-JWT-VC.
+
+
 ### Dependencies
 
 - @sd-jwt/core
 - @sd-jwt/types
 - @sd-jwt/utils
+- @sd-jwt/jwt-status-list

package/dist/index.d.mts

@@ -1,5 +1,12 @@
 import { SdJwtPayload, SDJwtInstance } from '@sd-jwt/core';
-import { DisclosureFrame } from '@sd-jwt/types';
+import { SDJWTConfig, DisclosureFrame } from '@sd-jwt/types';
+
+interface SDJWTVCStatusReference {
+    status_list: {
+        idx: number;
+        uri: string;
+    };
+}
 
 interface SdJwtVcPayload extends SdJwtPayload {
     iss: string;
@@ -7,21 +14,50 @@ interface SdJwtVcPayload extends SdJwtPayload {
     exp?: number;
     cnf?: unknown;
     vct: string;
-    status?: unknown;
+    status?: SDJWTVCStatusReference;
     sub?: string;
     iat?: number;
 }
 
+/**
+ * Configuration for SD-JWT-VC
+ */
+type SDJWTVCConfig = SDJWTConfig & {
+    statusListFetcher?: (uri: string) => Promise<string>;
+    statusValidator?: (status: number) => Promise<void>;
+};
+
 declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
     /**
      * The type of the SD-JWT-VC set in the header.typ field.
      */
     protected type: string;
+    protected userConfig: SDJWTVCConfig;
+    constructor(userConfig?: SDJWTVCConfig);
     /**
      * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
      * @param disclosureFrame
      */
     protected validateReservedFields(disclosureFrame: DisclosureFrame<SdJwtVcPayload>): void;
+    /**
+     * Fetches the status list from the uri with a timeout of 10 seconds.
+     * @param uri The URI to fetch from.
+     * @returns A promise that resolves to a compact JWT.
+     */
+    private statusListFetcher;
+    /**
+     * Validates the status, throws an error if the status is not 0.
+     * @param status
+     * @returns
+     */
+    private statusValidator;
+    /**
+     * Verifies the SD-JWT-VC.
+     */
+    verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{
+        payload: SdJwtVcPayload;
+        header: Record<string, unknown> | undefined;
+    }>;
 }
 
-export { SDJwtVcInstance, type SdJwtVcPayload };
+export { SDJwtVcInstance };

package/dist/index.d.ts

@@ -1,5 +1,12 @@
 import { SdJwtPayload, SDJwtInstance } from '@sd-jwt/core';
-import { DisclosureFrame } from '@sd-jwt/types';
+import { SDJWTConfig, DisclosureFrame } from '@sd-jwt/types';
+
+interface SDJWTVCStatusReference {
+    status_list: {
+        idx: number;
+        uri: string;
+    };
+}
 
 interface SdJwtVcPayload extends SdJwtPayload {
     iss: string;
@@ -7,21 +14,50 @@ interface SdJwtVcPayload extends SdJwtPayload {
     exp?: number;
     cnf?: unknown;
     vct: string;
-    status?: unknown;
+    status?: SDJWTVCStatusReference;
     sub?: string;
     iat?: number;
 }
 
+/**
+ * Configuration for SD-JWT-VC
+ */
+type SDJWTVCConfig = SDJWTConfig & {
+    statusListFetcher?: (uri: string) => Promise<string>;
+    statusValidator?: (status: number) => Promise<void>;
+};
+
 declare class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
     /**
      * The type of the SD-JWT-VC set in the header.typ field.
      */
     protected type: string;
+    protected userConfig: SDJWTVCConfig;
+    constructor(userConfig?: SDJWTVCConfig);
     /**
      * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
      * @param disclosureFrame
      */
     protected validateReservedFields(disclosureFrame: DisclosureFrame<SdJwtVcPayload>): void;
+    /**
+     * Fetches the status list from the uri with a timeout of 10 seconds.
+     * @param uri The URI to fetch from.
+     * @returns A promise that resolves to a compact JWT.
+     */
+    private statusListFetcher;
+    /**
+     * Validates the status, throws an error if the status is not 0.
+     * @param status
+     * @returns
+     */
+    private statusValidator;
+    /**
+     * Verifies the SD-JWT-VC.
+     */
+    verify(encodedSDJwt: string, requiredClaimKeys?: string[], requireKeyBindings?: boolean): Promise<{
+        payload: SdJwtVcPayload;
+        header: Record<string, unknown> | undefined;
+    }>;
 }
 
-export { SDJwtVcInstance, type SdJwtVcPayload };
+export { SDJwtVcInstance };

package/dist/index.js

@@ -5,6 +5,7 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __reflectGet = Reflect.get;
 var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
@@ -29,6 +30,27 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __superGet = (cls, obj, key) => __reflectGet(__getProtoOf(cls), key, obj);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
 
 // ../../node_modules/.pnpm/js-base64@3.7.6/node_modules/js-base64/base64.js
 var require_base64 = __commonJS({
@@ -303,7 +325,7 @@ var require_dist = __commonJS({
       return to;
     };
     var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
-    var __async = (__this, __arguments, generator) => {
+    var __async2 = (__this, __arguments, generator) => {
       return new Promise((resolve, reject) => {
         var fulfilled = (value) => {
           try {
@@ -368,7 +390,7 @@ var require_dist = __commonJS({
       // After decode process, we use JSON.stringify to encode the data.
       // This can be different from the original encoded data.
       static fromEncode(s, hash) {
-        return __async(this, null, function* () {
+        return __async2(this, null, function* () {
           const { hasher, alg } = hash;
           const digest = yield hasher(s, alg);
           const digestStr = uint8ArrayToBase64Url(digest);
@@ -396,7 +418,7 @@ var require_dist = __commonJS({
         return this.key ? [this.salt, this.key, this.value] : [this.salt, this.value];
       }
       digest(hash) {
-        return __async(this, null, function* () {
+        return __async2(this, null, function* () {
           const { hasher, alg } = hash;
           if (!this._digest) {
             const hash2 = yield hasher(this.encode(), alg);
@@ -425,13 +447,18 @@ __export(src_exports, {
 module.exports = __toCommonJS(src_exports);
 var import_core = require("@sd-jwt/core");
 var import_dist = __toESM(require_dist());
-var SDJwtVcInstance = class extends import_core.SDJwtInstance {
-  constructor() {
-    super(...arguments);
+var import_jwt_status_list = require("@sd-jwt/jwt-status-list");
+var SDJwtVcInstance = class _SDJwtVcInstance extends import_core.SDJwtInstance {
+  constructor(userConfig) {
+    super(userConfig);
     /**
      * The type of the SD-JWT-VC set in the header.typ field.
      */
     this.type = "vc+sd-jwt";
+    this.userConfig = {};
+    if (userConfig) {
+      this.userConfig = userConfig;
+    }
   }
   /**
    * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
@@ -446,6 +473,71 @@ var SDJwtVcInstance = class extends import_core.SDJwtInstance {
       }
     }
   }
+  /**
+   * Fetches the status list from the uri with a timeout of 10 seconds.
+   * @param uri The URI to fetch from.
+   * @returns A promise that resolves to a compact JWT.
+   */
+  statusListFetcher(uri) {
+    return __async(this, null, function* () {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), 1e4);
+      try {
+        const response = yield fetch(uri, { signal: controller.signal });
+        if (!response.ok) {
+          throw new Error(
+            `Error fetching status list: ${response.status} ${yield response.text()}`
+          );
+        }
+        return response.text();
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    });
+  }
+  /**
+   * Validates the status, throws an error if the status is not 0.
+   * @param status
+   * @returns
+   */
+  statusValidator(status) {
+    return __async(this, null, function* () {
+      if (status !== 0)
+        throw new import_dist.SDJWTException("Status is not valid");
+      return Promise.resolve();
+    });
+  }
+  /**
+   * Verifies the SD-JWT-VC.
+   */
+  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings) {
+    return __async(this, null, function* () {
+      var _a, _b, _c;
+      const result = yield __superGet(_SDJwtVcInstance.prototype, this, "verify").call(this, encodedSDJwt, requiredClaimKeys, requireKeyBindings).then((res) => {
+        return { payload: res.payload, header: res.header };
+      });
+      if (result.payload.status) {
+        if (result.payload.status.status_list) {
+          const fetcher = (_a = this.userConfig.statusListFetcher) != null ? _a : this.statusListFetcher;
+          const statusListJWT = yield fetcher(
+            result.payload.status.status_list.uri
+          );
+          const slJWT = import_core.Jwt.fromEncode(statusListJWT);
+          yield slJWT.verify(this.userConfig.verifier);
+          if (((_b = slJWT.payload) == null ? void 0 : _b.exp) && slJWT.payload.exp < Date.now() / 1e3) {
+            throw new import_dist.SDJWTException("Status list is expired");
+          }
+          const statusList = (0, import_jwt_status_list.getListFromStatusListJWT)(statusListJWT);
+          const status = statusList.getStatus(
+            result.payload.status.status_list.idx
+          );
+          const statusValidator = (_c = this.userConfig.statusValidator) != null ? _c : this.statusValidator;
+          yield statusValidator(status);
+        }
+      }
+      return result;
+    });
+  }
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/index.mjs

@@ -4,6 +4,7 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __reflectGet = Reflect.get;
 var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
@@ -23,6 +24,27 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
   mod
 ));
+var __superGet = (cls, obj, key) => __reflectGet(__getProtoOf(cls), key, obj);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
 
 // ../../node_modules/.pnpm/js-base64@3.7.6/node_modules/js-base64/base64.js
 var require_base64 = __commonJS({
@@ -297,7 +319,7 @@ var require_dist = __commonJS({
       return to;
     };
     var __toCommonJS = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod);
-    var __async = (__this, __arguments, generator) => {
+    var __async2 = (__this, __arguments, generator) => {
       return new Promise((resolve, reject) => {
         var fulfilled = (value) => {
           try {
@@ -362,7 +384,7 @@ var require_dist = __commonJS({
       // After decode process, we use JSON.stringify to encode the data.
       // This can be different from the original encoded data.
       static fromEncode(s, hash) {
-        return __async(this, null, function* () {
+        return __async2(this, null, function* () {
           const { hasher, alg } = hash;
           const digest = yield hasher(s, alg);
           const digestStr = uint8ArrayToBase64Url(digest);
@@ -390,7 +412,7 @@ var require_dist = __commonJS({
         return this.key ? [this.salt, this.key, this.value] : [this.salt, this.value];
       }
       digest(hash) {
-        return __async(this, null, function* () {
+        return __async2(this, null, function* () {
           const { hasher, alg } = hash;
           if (!this._digest) {
             const hash2 = yield hasher(this.encode(), alg);
@@ -413,14 +435,21 @@ var require_dist = __commonJS({
 
 // src/index.ts
 var import_dist = __toESM(require_dist());
-import { SDJwtInstance } from "@sd-jwt/core";
-var SDJwtVcInstance = class extends SDJwtInstance {
-  constructor() {
-    super(...arguments);
+import { Jwt, SDJwtInstance } from "@sd-jwt/core";
+import {
+  getListFromStatusListJWT
+} from "@sd-jwt/jwt-status-list";
+var SDJwtVcInstance = class _SDJwtVcInstance extends SDJwtInstance {
+  constructor(userConfig) {
+    super(userConfig);
     /**
      * The type of the SD-JWT-VC set in the header.typ field.
      */
     this.type = "vc+sd-jwt";
+    this.userConfig = {};
+    if (userConfig) {
+      this.userConfig = userConfig;
+    }
   }
   /**
    * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
@@ -435,6 +464,71 @@ var SDJwtVcInstance = class extends SDJwtInstance {
       }
     }
   }
+  /**
+   * Fetches the status list from the uri with a timeout of 10 seconds.
+   * @param uri The URI to fetch from.
+   * @returns A promise that resolves to a compact JWT.
+   */
+  statusListFetcher(uri) {
+    return __async(this, null, function* () {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), 1e4);
+      try {
+        const response = yield fetch(uri, { signal: controller.signal });
+        if (!response.ok) {
+          throw new Error(
+            `Error fetching status list: ${response.status} ${yield response.text()}`
+          );
+        }
+        return response.text();
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    });
+  }
+  /**
+   * Validates the status, throws an error if the status is not 0.
+   * @param status
+   * @returns
+   */
+  statusValidator(status) {
+    return __async(this, null, function* () {
+      if (status !== 0)
+        throw new import_dist.SDJWTException("Status is not valid");
+      return Promise.resolve();
+    });
+  }
+  /**
+   * Verifies the SD-JWT-VC.
+   */
+  verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings) {
+    return __async(this, null, function* () {
+      var _a, _b, _c;
+      const result = yield __superGet(_SDJwtVcInstance.prototype, this, "verify").call(this, encodedSDJwt, requiredClaimKeys, requireKeyBindings).then((res) => {
+        return { payload: res.payload, header: res.header };
+      });
+      if (result.payload.status) {
+        if (result.payload.status.status_list) {
+          const fetcher = (_a = this.userConfig.statusListFetcher) != null ? _a : this.statusListFetcher;
+          const statusListJWT = yield fetcher(
+            result.payload.status.status_list.uri
+          );
+          const slJWT = Jwt.fromEncode(statusListJWT);
+          yield slJWT.verify(this.userConfig.verifier);
+          if (((_b = slJWT.payload) == null ? void 0 : _b.exp) && slJWT.payload.exp < Date.now() / 1e3) {
+            throw new import_dist.SDJWTException("Status list is expired");
+          }
+          const statusList = getListFromStatusListJWT(statusListJWT);
+          const status = statusList.getStatus(
+            result.payload.status.status_list.idx
+          );
+          const statusValidator = (_c = this.userConfig.statusValidator) != null ? _c : this.statusValidator;
+          yield statusValidator(status);
+        }
+      }
+      return result;
+    });
+  }
 };
 export {
   SDJwtVcInstance

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sd-jwt/sd-jwt-vc",
-  "version": "0.6.2-next.8+d8ef145",
+  "version": "0.7.0",
   "description": "sd-jwt draft 7 implementation in typescript",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -26,7 +26,7 @@
     "sd-jwt-vc"
   ],
   "engines": {
-    "node": ">=16"
+    "node": ">=18"
   },
   "repository": {
     "type": "git",
@@ -39,11 +39,13 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@sd-jwt/core": "0.6.2-next.8+d8ef145"
+    "@sd-jwt/core": "0.7.0",
+    "@sd-jwt/jwt-status-list": "0.7.0"
   },
   "devDependencies": {
-    "@sd-jwt/crypto-nodejs": "0.6.2-next.8+d8ef145",
-    "@sd-jwt/types": "0.6.2-next.8+d8ef145"
+    "@sd-jwt/crypto-nodejs": "0.7.0",
+    "@sd-jwt/types": "0.7.0",
+    "jose": "^5.2.2"
   },
   "publishConfig": {
     "access": "public"
@@ -61,5 +63,5 @@
       "esm"
     ]
   },
-  "gitHead": "d8ef145e6713d82008e6137f613af5f2521e954d"
+  "gitHead": "bb867ba65960062413375591aee49ad78722ad93"
 }

package/src/index.ts

@@ -1,16 +1,28 @@
-import { SDJwtInstance } from '@sd-jwt/core';
-import type { DisclosureFrame } from '@sd-jwt/types';
+import { Jwt, SDJwtInstance } from '@sd-jwt/core';
+import type { DisclosureFrame, Verifier } from '@sd-jwt/types';
 import { SDJWTException } from '../../utils/dist';
 import type { SdJwtVcPayload } from './sd-jwt-vc-payload';
-
-export { SdJwtVcPayload } from './sd-jwt-vc-payload';
-
+import type { SDJWTVCConfig } from './sd-jwt-vc-config';
+import {
+  type StatusListJWTHeaderParameters,
+  type StatusListJWTPayload,
+  getListFromStatusListJWT,
+} from '@sd-jwt/jwt-status-list';
 export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
   /**
    * The type of the SD-JWT-VC set in the header.typ field.
    */
   protected type = 'vc+sd-jwt';
 
+  protected userConfig: SDJWTVCConfig = {};
+
+  constructor(userConfig?: SDJWTVCConfig) {
+    super(userConfig);
+    if (userConfig) {
+      this.userConfig = userConfig;
+    }
+  }
+
   /**
    * Validates if the disclosureFrame contains any reserved fields. If so it will throw an error.
    * @param disclosureFrame
@@ -34,4 +46,93 @@ export class SDJwtVcInstance extends SDJwtInstance<SdJwtVcPayload> {
       }
     }
   }
+
+  /**
+   * Fetches the status list from the uri with a timeout of 10 seconds.
+   * @param uri The URI to fetch from.
+   * @returns A promise that resolves to a compact JWT.
+   */
+  private async statusListFetcher(uri: string): Promise<string> {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), 10000);
+
+    try {
+      const response = await fetch(uri, { signal: controller.signal });
+      if (!response.ok) {
+        throw new Error(
+          `Error fetching status list: ${
+            response.status
+          } ${await response.text()}`,
+        );
+      }
+
+      return response.text();
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+
+  /**
+   * Validates the status, throws an error if the status is not 0.
+   * @param status
+   * @returns
+   */
+  private async statusValidator(status: number): Promise<void> {
+    if (status !== 0) throw new SDJWTException('Status is not valid');
+    return Promise.resolve();
+  }
+
+  /**
+   * Verifies the SD-JWT-VC.
+   */
+  async verify(
+    encodedSDJwt: string,
+    requiredClaimKeys?: string[],
+    requireKeyBindings?: boolean,
+  ) {
+    // Call the parent class's verify method
+    const result = await super
+      .verify(encodedSDJwt, requiredClaimKeys, requireKeyBindings)
+      .then((res) => {
+        return { payload: res.payload as SdJwtVcPayload, header: res.header };
+      });
+
+    if (result.payload.status) {
+      //checks if a status field is present in the payload based on https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-02.html
+      if (result.payload.status.status_list) {
+        // fetch the status list from the uri
+        const fetcher =
+          this.userConfig.statusListFetcher ?? this.statusListFetcher;
+        // fetch the status list from the uri
+        const statusListJWT = await fetcher(
+          result.payload.status.status_list.uri,
+        );
+
+        const slJWT = Jwt.fromEncode<
+          StatusListJWTHeaderParameters,
+          StatusListJWTPayload
+        >(statusListJWT);
+        // check if the status list has a valid signature. The presence of the verifier is checked in the parent class.
+        await slJWT.verify(this.userConfig.verifier as Verifier);
+
+        //check if the status list is expired
+        if (slJWT.payload?.exp && slJWT.payload.exp < Date.now() / 1000) {
+          throw new SDJWTException('Status list is expired');
+        }
+
+        // get the status list from the status list JWT
+        const statusList = getListFromStatusListJWT(statusListJWT);
+        const status = statusList.getStatus(
+          result.payload.status.status_list.idx,
+        );
+
+        // validate the status
+        const statusValidator =
+          this.userConfig.statusValidator ?? this.statusValidator;
+        await statusValidator(status);
+      }
+    }
+
+    return result;
+  }
 }

package/src/sd-jwt-vc-config.ts

@@ -0,0 +1,11 @@
+import type { SDJWTConfig } from '@sd-jwt/types';
+
+/**
+ * Configuration for SD-JWT-VC
+ */
+export type SDJWTVCConfig = SDJWTConfig & {
+  // A function that fetches the status list from the uri. If not provided, the library will assume that the response is a compact JWT.
+  statusListFetcher?: (uri: string) => Promise<string>;
+  // validte the status and decide if the status is valid or not. If not provided, the code will continue if it is 0, otherwise it will throw an error.
+  statusValidator?: (status: number) => Promise<void>;
+};

package/src/sd-jwt-vc-payload.ts

@@ -1,4 +1,5 @@
 import type { SdJwtPayload } from '@sd-jwt/core';
+import type { SDJWTVCStatusReference } from './sd-jwt-vc-status-reference';
 
 export interface SdJwtVcPayload extends SdJwtPayload {
   // REQUIRED. The Issuer of the Verifiable Credential. The value of iss MUST be a URI. See [RFC7519] for more information.
@@ -11,9 +12,8 @@ export interface SdJwtVcPayload extends SdJwtPayload {
   cnf?: unknown;
   // REQUIRED. The type of the Verifiable Credential, e.g., https://credentials.example.com/identity_credential, as defined in Section 3.2.2.1.1.
   vct: string;
-  // OPTIONAL. The information on how to read the status of the Verifiable Credential. See [I-D.looker-oauth-jwt-cwt-status-list] for more information.
-  status?: unknown;
-
+  // OPTIONAL. The information on how to read the status of the Verifiable Credential. See [https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-02.html] for more information.
+  status?: SDJWTVCStatusReference;
   // OPTIONAL. The identifier of the Subject of the Verifiable Credential. The Issuer MAY use it to provide the Subject identifier known by the Issuer. There is no requirement for a binding to exist between sub and cnf claims.
   sub?: string;
   // OPTIONAL. The time of issuance of the Verifiable Credential. See [RFC7519] for more information.

package/src/sd-jwt-vc-status-reference.ts

@@ -0,0 +1,9 @@
+export interface SDJWTVCStatusReference {
+  // REQUIRED. implenentation according to https://www.ietf.org/archive/id/draft-ietf-oauth-status-list-02.html
+  status_list: {
+    // REQUIRED. index in the list of statuses
+    idx: number;
+    // REQUIRED. the reference to fetch the status list
+    uri: string;
+  };
+}

package/src/test/index.spec.ts

@@ -1,14 +1,61 @@
 import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
-import type { DisclosureFrame } from '@sd-jwt/types';
+import type {
+  DisclosureFrame,
+  Signer,
+  Verifier,
+  JwtPayload,
+} from '@sd-jwt/types';
 import { describe, test, expect } from 'vitest';
 import { SDJwtVcInstance } from '..';
-import { createSignerVerifier } from '../../test/app-e2e.spec';
 import type { SdJwtVcPayload } from '../sd-jwt-vc-payload';
+import Crypto from 'node:crypto';
+import {
+  StatusList,
+  type StatusListJWTHeaderParameters,
+  createHeaderAndPayload,
+} from '@sd-jwt/jwt-status-list';
+import { SignJWT } from 'jose';
 
 const iss = 'ExampleIssuer';
 const vct = 'https://example.com/schema/1';
 const iat = new Date().getTime() / 1000;
 
+const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+const createSignerVerifier = () => {
+  const signer: Signer = async (data: string) => {
+    const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+    return Buffer.from(sig).toString('base64url');
+  };
+  const verifier: Verifier = async (data: string, sig: string) => {
+    return Crypto.verify(
+      null,
+      Buffer.from(data),
+      publicKey,
+      Buffer.from(sig, 'base64url'),
+    );
+  };
+  return { signer, verifier };
+};
+
+const generateStatusList = async (): Promise<string> => {
+  const statusList = new StatusList([0, 1, 0, 0, 0, 0, 1, 1], 1);
+  const payload: JwtPayload = {
+    iss: 'https://example.com',
+    sub: 'https://example.com/status/1',
+    iat: new Date().getTime() / 1000,
+  };
+  const header: StatusListJWTHeaderParameters = {
+    alg: 'EdDSA',
+    typ: 'statuslist+jwt',
+  };
+  const values = createHeaderAndPayload(statusList, payload, header);
+  return new SignJWT(values.payload)
+    .setProtectedHeader(values.header)
+    .sign(privateKey);
+};
+
+const statusListJWT = await generateStatusList();
+
 describe('App', () => {
   test('Example', async () => {
     const { signer, verifier } = createSignerVerifier();
@@ -36,3 +83,64 @@ describe('App', () => {
     expect(encodedSdjwt).rejects.toThrowError();
   });
 });
+
+describe('Revocation', () => {
+  const { signer, verifier } = createSignerVerifier();
+  const sdjwt = new SDJwtVcInstance({
+    signer,
+    signAlg: 'EdDSA',
+    verifier,
+    hasher: digest,
+    hashAlg: 'SHA-256',
+    saltGenerator: generateSalt,
+    statusListFetcher(uri: string) {
+      // we emulate fetching the status list from the uri. Validation of the JWT is not done here in the test but should be done in the implementation.
+      return Promise.resolve(statusListJWT);
+    },
+    // statusValidator(status: number) {
+    //   // we are only accepting status 0
+    //   if (status === 0) return Promise.resolve();
+    //   throw new Error('Status is not valid');
+    // },
+  });
+
+  test('Test with a non revcoked credential', async () => {
+    const claims = {
+      firstname: 'John',
+      status: {
+        status_list: {
+          uri: 'https://example.com/status-list',
+          idx: 0,
+        },
+      },
+    };
+    const expectedPayload: SdJwtVcPayload = { iat, iss, vct, ...claims };
+    const encodedSdjwt = await sdjwt.issue(expectedPayload);
+    const result = await sdjwt.verify(encodedSdjwt);
+    expect(result).toBeDefined();
+  });
+
+  test('Test with a revoked credential', async () => {
+    const claims = {
+      firstname: 'John',
+      status: {
+        status_list: {
+          uri: 'https://example.com/status-list',
+          idx: 1,
+        },
+      },
+    };
+    const expectedPayload: SdJwtVcPayload = { iat, iss, vct, ...claims };
+    const encodedSdjwt = await sdjwt.issue(expectedPayload);
+    const result = sdjwt.verify(encodedSdjwt);
+    expect(result).rejects.toThrowError('Status is not valid');
+  });
+
+  test('test to fetch the statuslist', async () => {
+    //TODO: not implemented yet since we need to either mock the fetcher or use a real fetcher
+  });
+
+  test('test with an expired status list', async () => {
+    //TODO: needs to be implemented
+  });
+});

package/test/app-e2e.spec.ts

@@ -11,7 +11,7 @@ import path from 'node:path';
 import { describe, expect, test } from 'vitest';
 import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
 
-export const createSignerVerifier = () => {
+const createSignerVerifier = () => {
   const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
   const signer: Signer = async (data: string) => {
     const sig = Crypto.sign(null, Buffer.from(data), privateKey);