feat(sdk): added signature verification for issued with openid4ci cre…

…dential Signed-off-by: Anton Biriukov <[email protected]>
trustbloc · Jan 17, 2023 · 83c0184 · 83c0184
1 parent 975e94e
commit 83c0184
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/cmd/wallet-js-sdk/src/oidc/issuance/openid4ci.js b/cmd/wallet-js-sdk/src/oidc/issuance/openid4ci.js
@@ -321,7 +321,7 @@ async function getCredential(
     },
   };
 
-  const credentialResponse = await axios
+  const { credential, format } = await axios
     .post(
       transactionData.issuerMetadata.credential_endpoint,
       credentialRequest,
@@ -337,9 +337,20 @@ async function getCredential(
     });
   // TODO deferred flow implementation deferred
 
+  const jwtVerificationStatus = await jwtManager.verifyJWT(authToken, {
+    jwt: credential,
+  });
+
+  if (!jwtVerificationStatus.verified) {
+    throw new Error(
+      "Error issuing a credential through OpenID4CI: failed to verify signature on the issued credential:",
+      jwtVerificationStatus.error
+    );
+  }
+
   return {
-    format: credentialResponse.format,
-    credential: credentialResponse.credential,
+    format,
+    credential,
   };
 }