multipaz/org.multipaz.sdjwt/SdJwt

SdJwt

class SdJwt

A SD-JWT according to draft-ietf-oauth-selective-disclosure-jwt.

When a SdJwt instance is initialized, cursory checks on the provided string with the compact serialization are performed. Full verification of the SD-JWT can be performed using the verify method which also returns the processed payload.

For presentment, first use one of the filter methods to generate an SD-JWT with a reduced set of disclosures. If the SD-JWT is not using key-binding (can be checked by see if kbKey is null), the resulting SD-JWT can be sent to the verifier. Otherwise use one of the present methods to generate a SdJwtKb instance. This implementation supports SD-JWTs with disclosures nested at any level.

To create a SD-JWT, use Companion.fromCompactSerialization or Companion.create. This currently only supports creating SD-JWT with fully recursive disclosures.

This class is immutable.

Throws

if the given compact serialization is malformed.

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val compactSerialization: String

the compact serialization of the SD-JWT.

Link copied to clipboard
val credentialType: String?

The value of the vct claim in the issuer-signed JWT, if present.

Link copied to clipboard
val digestAlg: Algorithm

the digest algorithm used.

Link copied to clipboard
val disclosures: List<String>

The disclosures in the SD-JWT.

Link copied to clipboard
val issuedAt: Instant?

The value of the iat claim in the issuer-signed JWT, if present.

Link copied to clipboard
val issuer: String

The value of the iss claim in the issuer-signed JWT.

Link copied to clipboard
val jwtBody: JsonObject

The body of the issuer-signed JWT.

Link copied to clipboard
val jwtHeader: JsonObject

The header of the issuer-signed JWT.

Link copied to clipboard
val kbKey: EcPublicKey?

The value of the cnf claim in the issuer-signed JWT, if present.

Link copied to clipboard
Link copied to clipboard
val subject: String?

The value of the sub claim in the issuer-signed JWT, if present.

Link copied to clipboard
val validFrom: Instant?

The value of the nbf claim in the issuer-signed JWT, if present.

Link copied to clipboard
val validUntil: Instant?

The value of the exp claim in the issuer-signed JWT, if present.

Link copied to clipboard
val x5c: X509CertChain?

The certificate chain in the x5c header element of the issuer-signed JWT, if present.

Functions

Link copied to clipboard
suspend fun filter(includeDisclosure: (path: JsonArray, value: JsonElement) -> Boolean): SdJwt

Generates a new SD-JWT by removing disclosures.

suspend fun filter(pathsToInclude: List<JsonArray>): SdJwt

Generates a new SD-JWT by filtering which claims should be included,

Link copied to clipboard
suspend fun present(signingKey: AsymmetricKey, nonce: String, audience: String, creationTime: Instant = Clock.System.now()): SdJwtKb

Presents an SD-JWT to a verifier, using SD-JWT's associated signing key.

Link copied to clipboard
suspend fun verify(issuerKey: EcPublicKey): JsonObject

Verifies a SD-JWT according to Section 7.1 of the SD-JWT specification.