Skip to content

Commit

Permalink
Check for new "derivationOrigin" field in id_alias (#65)
Browse files Browse the repository at this point in the history
# Motivation

Fix issue raised here: https://dfinity.atlassian.net/browse/FOLLOW-1651
which is already merged in II:
dfinity/internet-identity#2664

# Changes

* Add parameter `expected_derivation_origin` to `AliasTuple` and to
verify functions. Use the new param to check the claims of the id alias
credential.

# Tests

There were some hidden dependencies among tests and constants used. For
example, the expiration was the same in all the credentials.
* I created new variables and scoped the dependencies within the test if
possible.
* I kept some JWS because they are hard to replicate and there was no
need to redo again. Those are the ones that use a local IC root key.
* I added new JWS with the new id_alias used for most of the tests.
* I added two new tests. One to check that a wrong derivation origin
raises an error and another one that the verification fails with the old
JWS.

# Todos

- [x] Add entry to changelog (if necessary).
  • Loading branch information
lmuntaner authored Oct 24, 2024
1 parent 7e01129 commit cc91931
Show file tree
Hide file tree
Showing 2 changed files with 351 additions and 206 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ Changes in the upcoming versions.

## Breaking Changes

- New field `derivationOrigin` is required to match in the ID Alias credential.

## Improvements

# release-2024-09-10
Expand Down
Loading

0 comments on commit cc91931

Please sign in to comment.