Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expiration date is ignored by verify method #470

Open
jceb opened this issue Oct 10, 2022 · 0 comments
Open

Expiration date is ignored by verify method #470

jceb opened this issue Oct 10, 2022 · 0 comments

Comments

@jceb
Copy link

jceb commented Oct 10, 2022

I noticed that the expiration_date property in a Verifiable Credential is ignored by the verify method. Example:

didkit key generate ed25519 > key.jwk
DID=$(didkit key-to-did -k key.jwk)
cat <<EOF > expired-credential.json
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "uuid:49387f58-c0d9-4b14-a4f4-bc31a021d925",
  "type": ["VerifiableCredential"],
  "issuer": "$DID",
  "issuanceDate": "2021-12-31T00:00:00Z",
  "expirationDate": "2022-01-01T00:00:00Z",
  "credentialSubject": {
    "id": "$DID"
  }
}
EOF
didkit vc-issue-credential -k key.jwk -p assertionMethod  < expired-credential.json > expired-credential-signed.json
didkit vc-verify-credential < expired-credential-signed.json
{"checks":["proof"],"warnings":[],"errors":[]}

This behavior makes sense to me as it seems like the verify method seems to be operating only on the proof and I might want to have additional business logic that deals with expired credentials differently than with credentials that have invalid proofs. However, I'd find it helpful if this behavior is highlighted in the documentation. In addition, it would be great to have an additional method that validates/verifies expiration and not before dates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant