Rephrase conditions to provide nonce in proof types based on presence of Nonce endpoint
#678
+3
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…esence of nonce endpoint
paulbastian
approved these changes
Nov 11, 2025
Contributor
paulbastian
left a comment
paulbastian
left a comment
There was a problem hiding this comment.
I can't judge for DI, but the fix on jwt proof_type looks right
Sakurann
reviewed
Nov 11, 2025
Co-authored-by: Kristina <[email protected]>
jogu
requested changes
Nov 11, 2025
Contributor
jogu
left a comment
jogu
left a comment
There was a problem hiding this comment.
We still have the part here to solve: #676 (comment) (or we should raise a new issue for that, I don't have a strong opinion which).
I think we should apply the change to 1.0 as well.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Potentially fixes #677 , potentially fixes #676
Note that I created the PR based on #676 (comment).
IMO, one implication is that for
nonceclaims in akey_attestationin ajwtproof, it means, the wallet decides whether to include it which is how I interpret the current version of the spec but wanted to point this out in case it is not obvious for readers of this PR. If the issuer insists on the presence which is unlikely, it could still provide a nonce error. To improve this behaviour, we could define a dedicated issuer metadata parameter, e.g.,require_nonce_in_key_attesatation_in_jwt_proofin a backward compatible way to improve this behaviour.