didkit icon indicating copy to clipboard operation
didkit copied to clipboard
verified publisher icon spruceid

Add support for runtime fetching of context fiels

Open PascalSprenger opened this issue 1 year ago • 3 comments

Hello, I am absolutely unsure if this is a bug or if I am using it incorrectly.

I would like to create verifiable credentials via didkit-cli. If I use an official context as a source, everything works. Here is my working examples from the tutorial:

			String vcData = String.format(‘’
										            {
					    ‘@context’: 
					    ‘https://www.w3.org/2018/credentials/v1’
					    ‘id’: ‘urn:uuid:12345678-abcd-1234-ef00-123456789abc’,
					    ‘type’: [‘VerifiableCredential’],
					    ‘issuer’: ‘%s’,
					    ‘issuanceDate’: ‘%s’,
					    ‘credentialSubject’: {
					    	‘id’: ‘did:example:abcdef’
					    }
					}‘’", issuerDID, DateTimeFormatter.ISO_INSTANT.format(Instant.now()),claimsJson.toString());

However, if I now try to host the identical context (copy/paste) from https://www.w3.org/2018/credentials/v1 myself via Xampp local, I always get the following error:

Error: thread ‘main’ panicked at C:\Users\xxx\.cargo\registry\src\index.crates.io-6f17d22bba15001f\didkit-cli-0.3.2\src\credential.rs:80:14:
Error: called `Result::unwrap()` on an `Err` value: LDP(ToRdfError(Expand(ContextProcessing(Meta(ContextLoadingFailed(LoadingDocumentFailed(UnknownContext(‘http://localhost/vc2.jsonld’)))), Span { start: 42, end: 71 })))))

Do you have any idea what this could be? I have now tried several different schemas and always get this error.

If I pass a custom context directly via:

					    {
					    ‘dateOfBirth’: ‘http://localhost/definitions/birthDate.html’ 
					    }

so without hosting it, it seems to work.

PascalSprenger avatar May 09 '24 20:05 PascalSprenger

Do you have any idea what this could be? I have now tried several different schemas and always get this error.

We do not yet support fetching context files at runtime (which has significant security implications). All the context files that are currently supported (like https://www.w3.org/2018/credentials/v1) are actually hardcoded. In Rust there is a way to pass additional context files but this functionality is not currently exposed in bindings.

If I pass a custom context directly via:

Yes, but here you are defining a term directly. The URI doesn't actually have to resolve to anything.

sbihel avatar May 10 '24 08:05 sbihel

Thanks for the answer! Would it be possible to add some kind of whitelist where you can explicitly allow external context? (Maybe just localhost) This would at least limit the security concerns somewhat.

Otherwise: Can you perhaps tell me where Context is hardcoded? Then I can play around with it locally,

PascalSprenger avatar May 16 '24 18:05 PascalSprenger

Would it be possible to add some kind of whitelist where you can explicitly allow external context?

Potentially after https://github.com/spruceid/ssi/pull/508 is merged but I cannot commit to anything at this time.

Otherwise: Can you perhaps tell me where Context is hardcoded? Then I can play around with it locally,

Here's an example PR that adds support for a new context: https://github.com/spruceid/ssi/pull/548.

sbihel avatar May 23 '24 17:05 sbihel