- Ensure data integrity contexts are loaded from local static copies.
- Filter VPR query matches by JSON-LD context, if one was provided
in the query by example
example
.
- Ensure VC 2.0 context is used when returning 2.0 VCs from OID4VCI.
- Use
@digitalbazaar/[email protected]
to get latest updates.
- Ensure VCDM mandatory fields of
issuer
andissuanceDate
(for VC 1.x) are always included in selective-disclosure derived VCs.
- Use
@digitalbazaar/oid4-client@4
to get latest updates including support for processingallOf
JSON schema usage in OID4VP authorization requests.
- Add support for NFC render method transmission.
- Update dependencies.
- Use non-obsolete bbs-2023 cryptosuite.
- Fix return value from
presentations.match()
, ensuring its shape is consistent whether there are matches or not.
- Use
@digitalbazaar/[email protected]
. - Use
getCredentialOffer()
to obtain OID4VCI credential offer.
- BREAKING: Update peer dependencies.
@bedrock/[email protected]
.@bedrock/[email protected]
.@bedrock/[email protected]
.@bedrock/web-profile-manager@21
(major version update).
- BREAKING: Update dependencies.
@digitalbazaar/security-document-loader@3
.- Adds VC 2.0 support.
@digitalbazaar/vc@7
.- Adds VC 2.0 support.
@digitalbazaar/[email protected]
- Updates
cborld
compression codecs.
- Updates
- Update minor, test, dev, and other dependencies.
- Allow use of VC 2.0 verifiable presentations in exchanges.
- Add ability to perform OID4VP when a presentation is required during OID4VCI.
- Fix context imports.
- Fix initial cryptosuite preference to be based on query's
acceptedCryptosuite
order.
- Prefer using
bbs
overecdsa-sd
for unlinkability advantages.
- Add feature to generate
bbs-sd-2023
derived proofs.
- Add
presentations.match()
API for matching a VPR against a credential store. - Enable derivation of SD credentials using
ecdsa-sd-2023
when a VPRQueryByExample
credentialQuery
indicates it is an accepted cryptosuite and a match VC has anecdsa-sd-2023
proof.
- Add support for signing presentation using
eddsa-rdfc-2022
.
- BREAKING: A configurable proof allow list will now be used to prune presentations during VC exchange to ensure that only proofs on the allow list will be permitted in VCs in the presentation. This feature helps prevent users from sharing proof meta data that they haven't consented to sharing, such as meta data that helps them perform selective disclosure.
- Add basic OID4VP support. There are many differences in OID4VP
implementations in the ecosystem today and OID4VP is still in
draft form. This implementation supports a profile of draft 20
that uses LDP / Data Integrity secured VCs through the use of
features from
@digitalbazaar/[email protected]
for converting a subset of VPRs to authorization requests and vice versa. This OID4VP implementation should be considered experimental as the ecosystem matures and changes are made.
- Revert peer deps:
@bedrock/[email protected]
to v3.0.@bedrock/[email protected]
to v8.0.1.
- BREAKING: Drop support for Node.js < 18.
- Update deps:
- Use
@digitalbazaar/[email protected]
. Drops support for Node.js < 18 and uses@digitalbazaar/http-client@4
andcanonicalize@2
. - Use
@digitalbazaar/http-client@4
. Requires Node.js 18+. - Use
@digitalbazaar/[email protected]
. Removes ODRL and VC examples contexts and fixes bug with option overrides for verifying presentations. - Use
did-veres-one@16
. Updated dependencies use the newer default safe mode of jsonld.
- Use
- Update peer deps:
- Use
@bedrock/[email protected]
. Drops support for Node.js < 18. - Use
@bedrock/[email protected]
. Drops support for Node.js < 18 and uses@digitalbazaar/http-client@4
. - Use
@bedrock/[email protected]
. Drops support for Node.js < 18 and uses@digitalbazaar/[email protected]
- Use
@bedrock/[email protected]
. Drops support for Node.js < 18 and uses deps that requires Node.js 18+. - Use
@bedrock/[email protected]
. Drops support for Node.js < 18 and uses@digitalbazaar/[email protected]
. - Use
@bedrock/[email protected]
. Useexports
instead ofmodule
and Requires Web Crypto API exists for testing. Drops support for Node.js < 18.
- Use
- Do not cache VPR from CHAPI event if it is empty.
- Allow empty verifiable presentation in exchange; treat as
null
.
- Use
@digitalbazaar/oid4-client@3
.
- Fix parsing of
protocols
in CHAPI store events.
- Use
console.warn
instead ofconsole.error
on VP that cannot be parsed for CHAPI direct exchange processing.
- Block list fake VC API demo exchange URLs.
- Add
exchanges
export withstart()
function for starting an exchange based off of a CHAPI event. The returnedexchange
instance has an API that allows the next step of the exchange to be executed by callingnext()
, which returns a WHATWG streams-like result of{value, done: true|false}
. The returned value is expected to be eithernull
(only whendone
istrue
) or an object including one or both ofverifiablePresentation
orverifiablePresentationRequest
indicating data to store and / or data that is requested (respectfully). Once the exchange is complete, the booleandone
is set totrue
. The exchange can be closed viaclose()
without error or with an error (by passing{error}
) and must be closed afterdone
istrue
. It can be canceled prematurely by callingcancel()
. - Add support for OID4VCI and VCAPI exchanges.
- Add a
cryptoSuites.supported
alias forcryptosuites.supportedSuites
. The exported value was renamed in the minor 11.2.0 release without backwards API compatibility support.
- Enable key type
Ed25519VerificationKey2020
to be used with ed25519 cryptosuites (Ed25519Signature2018
,Ed25519Signature2020
, oreddsa-2022
).
- Throw an error if the profile used in
presentations.sign()
(by passingprofileId
) cannot sign using one of the passedacceptedProofTypes
. Practically speaking, only theEd25519Signature2020
proof type is supported at this time. - Add tests for
presentations.sign()
.
- Fix conditionals to check if
acceptedProofTypes
is a non-empty array inpresentations.sign()
.
- Add
eddsa-2022
to supported signature suites.
- Merge the contents of
profileContent
to theprofile
returned fromcreateProfile()
inlib/helpers.js
.
- BREAKING: Update peer deps:
@bedrock/web-account@5
.- This requires an indirect dependency of
@bedrock/account@9
that changes include database layout and record format changes that are incompatible with previous releases.
- Do not throw for expired age verification credentials during reissuance request; allow the reissue endpoint to decide how to handle them.
- BREAKING: Update signature / vc libraries to get better safe mode protections by default.
- Remove unnecessary proof type checks on received VCs.
- Use
startsWith
for DID method checks.
- BREAKING: Use
exports
instead ofmodule
. - Update dependencies.
- Lint module.
- Add support for credentials without an
id
property.
- Use
@bedrock/[email protected]
to get storage features for VCs withoutid
property.
- Changed default store option to add bundle contents first as a bug fix.
- Add
options
section tocredentialStore[<store name>]
. These options will be passed to the store when it is constructed and should be set before initializing the wallet.
- Update
@bedrock/web-vc-store
to v7.3 to get additional features.
- BREAKING: Update peer deps:
- Use
@bedrock/web-pouch-edv@6
.
- Use
- BREAKING: This version uses the new
indexeddb
adapter for better performance and concurrency with the pouch EDV implementation. Old pouch EDV storage will be made obsolete and not migrated or deleted; new storage will be created.
- Allow
profileId
to be optionally specified when starting an inbox VC exchange; otherwise fallback to the default behavior of using the first profile on the authenticated account. - Perform more steps in parallel when performing an inbox VC exchange to improve performance.
- Ensure profile cache is updated after changing profile content on initial profile creation.
- Use profile cache, if available, when processing inbox. Update
@bedrock/[email protected]
peer dep to get profile cache feature.
- Optimistically fetch VCs during reissuance to reduce waiting on network in common cases.
- BREAKING: Use
@digitalbazaar/edv-client@14
with new blind attribute version. This version must be paired against@bedrock/web-profile-manager@17
and@bedrock/web-pouch-edv@5
which are incompatible with previous versions without performing a migration of all EDV documents from blind attribute version 1 to version 2.
- Fix parsing of local EDV ID.
- Do not wait for non-critical deletion of VCs post reissue.
- Add wallet inbox utilities.
- Ensure remote container VC is deleted when no photo credential is present.
- BREAKING: Updated peer dependencies:
@bedrock/web-profile-manager@16
.
- BREAKING: This version of the library only works with a server that
supports backend profile provisioning and access management initialization.
A server that previously did not support this can be updated to support it
by installing
@bedrock/profile@17
and@bedrock/profile-http@16
. This upgrade should not change the database structure but will result in removing any old profiles that are determined to be broken / unusable, enabling users to move beyond any bugs generated by the old corrupted state. - BREAKING: Profile options must be passed separately from profile content
in
createProfile
.
- Remove unused
config.wallet.defaults.edvs.users
config variable.
- BREAKING: Rename package to
@bedrock/web-wallet
. - BREAKING: Convert to module (ESM).
- Delete remote age VC if personal photo is missing during reissue.
- Handle corrupted or invalidated age VCs during reissue process.
- Update peer deps:
bedrock-web-profile-manager@14
.
- Remove unused config vars.
- Improve age VC refresh code. If a local bundled age VC does not match the remote copy, remove it and refresh the remote copy.
- BREAKING: Use
@digitalbazaar/age-verification-context@2
.
- Ensure VC AV bundle is deleted if container VC ID was not given as reissue param.
- Ensure
id
is set when passed to credential storagedelete
.
- BREAKING: Use
@digitalbazaar/webkms-client@10
and@digitalbazaar/edv-client@13
. - BREAKING: Require
bedrock-web-profile-manager@13
andbedrock-web-pouch-edv@3
as a peer dependencies.
- Add
inbox
EDV on profile creation.
- BREAKING: Use
bedrock-web-profile-manager@12
,@digitalbazaar/edv-client@12
, andbedrock-web-pouch-edv@2
. These new versions compute encrypted indexes for EDVs differently (more privacy preserving) and are therefore incompatible with previous versions.
- Fix cache key for profile EDVs (add
referenceIdPrefix
to namespace).
- Use
@digitalbazaar/age-verification-context
v1.0. This new package offers the same feature and API as the old dependency.
- Remove
_getReferenceId()
fromlib/config.js
. - Move
onboardLink
to config.
- Add missing dependencies.
- Ensure photo VC is rebundled during age VC reissuance.
- Fix typo in
reissue
query.
- Fix local credential query bugs.
- Fix bundle filtering bugs.
- See git history for changes.