5.0.0

Release 5.0.0:

• Update dependencies to have everything aligned with Kotlin 2.0.20:
  • Kotlin 2.0.20
  • EU PID + MDL Credentials in test scope
  • Serialization 1.7.2 proper
  • JsonPath4K 2.3.0 (with proper Kotlin 2.0.20 support)
  • Signum 3.7.0 (only dependency updates to align everything, no alignments in code)

• Refactorings:
  • Remove OidcSiopWallet.newDefaultInstance() and replace it with a constructor
  • Remove OidcSiopVerifier.newInstance() methods and replace them with constructors
  • Remove Validator.newDefaultInstance() methods and replace them with constructors
  • Remove WalletService.newDefaultInstance() methods and replace them with constructors
• API changes
  • Disclosures for SD-JWT (in class SelectiveDisclosureItem) now contain a JsonPrimitive for the value, so that implementers can deserialize the value accordingly
  • Proper registration of serializers for ISO credentials (breaking change), see API in LibraryInitializer
  • Add KeyStoreMaterial to JVM target for convenience
• Add classes for handling qualified electronic signatures in OpenID flows, acc. to the Cloud Signature Consortium
  • Add TransactionDataEntry class
  • Add DocumentDigestEntry class
  • Add DocumentDigestEntryCSC class
  • Add DocumentLocationsEntry class
  • Add Method class
  • Update InputDescriptors: New member transaction_data, removed member schema
  • Update AuthorizationDetails: Now sealed class with subclasses OpenIdCredential and CSCCredential
  • Extend AuthenticationRequestParameters
  • Extend TokenRequestParameters
  • Extend TokenResponseParameters
• Update implementation of OpenID for Verifiable Credential Issuance to draft 14 from 2024-08-21
  • In TokenRequestParameters, change transactionCode to String, as it needs to be entered by the user potentially
  • Add extension method to build DPoP headers acc. to RFC 9449, see WalletService
  • Move some fields from IssuerMetadata to OAuth2AuthorizationServerMetadata to match the semantics
  • Remove proof type cwt for OpenID for Verifiable Credential Issuance, as per draft 14, but keep parsing it for a bit of backwards-compatibility
  • Remove binding method for did:key, as it was never completely implemented, but add binding method jwk for JSON Web Keys.
  • Rework interface of WalletService to make selecting the credential configuration by its ID more explicit
  • Support requesting issuance of credential using scope values
  • Introudce OAuth2Client to extract creating authentication requests and token requests from OID4VCI WalletService
  • Refactor SimpleAuthorizationService to extract actual authentication and authorization into AuthorizationServiceStrategy
• Implement JWE encryption with AES-CBC-HMAC algorithms
• SIOPv2/OpenID4VP: Support requesting and receiving claims from different credentials, i.e. a combined presentation
  • Require request options on every method in OidcSiopVerifier
  • Move credentialScheme, representation, requestedAttributes from RequestOptions to RequestOptionsCredentials
  • In OidcSiopVerifier move responseUrl from constructor parameter to RequestOptions
  • Add IdToken as result case to OidcSiopVerifier.AuthnResponseResult, when only an id_token is requested and received

4.1.1: VC-K

• Rebrand
  • Project name: KMM VC Library -> VC-K
  • Artifact names:
    • vclib -> vck
    • vclib-aries -> vck-aries
    • vclib-openid -> vck-openid
• Rename serializers to avoid ambiguities and kotlin bugs
  • cborSerializer -> vckCborSerializer
  • jsonSerializer -> vckJsonSerializer
  • Introduce jsonSerializer and cborSerilaizer with deprecation annotation for easier migration in projects consuming VC-K
• rename kmp-crypto submodule to signum and update all references
  • this changes the identifier in the version catalog!
• Update Dependencies
  • Signum (formerly KMP Crypto): 3.6.0
  • Jsonpath4K (formerly Jsonpath): 2.2.0
  • Kotlinx-Serialization 1.8.0-SNAPSHOT from upstream

4.0.0

• Add SubmissionRequirement.evaluate: Evaluates, whether a given submission requirement is satisfied.
• Add PresentationSubmissionValidator:
  • Add isValidSubmission: Evaluates, whether all submission requirements is satisfied, and fails on redundantly submitted credentials.
  • Add findUnnecessaryInputDescriptorSubmissions: Returns a list of redundantly submitted credentials.
• Rename BaseInputEvaluator -> InputEvaluator
  • Change evaluateFieldQueryResults -> evaluateConstraintFieldMatches: Returns all matching fields now, not just the first match
• Change Holder.matchInputDescriptorsAgainstCredentialStore: Returns all matching credentials now, not just the first match
• Do not use or assume DID as key identifiers and subjects in credentials
• Replace list of attribute types in Issuer.issueCredentials with one concrete CredentialScheme to be passed
• Remove functionality related to "attachments" to verifable credentials in JWT format
• Replace list of credentials to be issued with a single credential that will be issued per call to implementations of IssuerCredentialDataProvider
• Get rid of class Issuer.IssuedCredentialResult, replacing it with KmmResult<Issuer.IssuedCredential>
• Add return types to function calls to SubjectCredentialStore
• Change from list to single credential in parameter for Holder.storeCredentials(), changing name to storeCredential()
• Refactor AuthenticationRequestParametersFrom used in OidcSiopWallet to be serializable
• Add AuthenticationResponseFactory: Builds an authentication response from request and response parameters
• Change OidcSiopWallet:
  • Add startAuthorizationResponsePreparation(): Gathers data necessary for presentation building and yields a AuthorizationResponsePreparationState
  • Add finalizeAuthorizationResponseParameters(): Returns what createAuthenticationParams returned before, but also takes in AuthorizationResponsePreparationState and an optional non-default submission
  • Add finalizeAuthorizationResponse(): Returns what createAuthenticationResponse() did before
• Change OidcSiopVerifier:
  • Add createAuthnRequestUrlWithRequestObjectByReference() to offer authentication requests by reference to the Wallet
• Add AuthorizationResponsePreparationState: Holds data necessary for presentation building
• Add AuthenticationRequestParser: Extracted presentation request parsing logic from OidcSiopWallet and put it here
• Add AuthorizationRequestValidator: Extracted presentation request validation logic from OidcSiopWallet and put it here
• Add PresentationFactory: Extracted presentation response building logic from OidcSiopWallet and put it here
  • Also added some code for presentation submission validation
• Update implementation of OpenID 4 Verifiable Credential Issuance, draft 13
• Replace createCredentialRequestJwt() and createCredentialRequestCwt() with createCredentialRequest() in WalletService for OID4VCI
• Refactor createTokenRequestParameters() in WalletService for OID4VCI to account for authorization code or pre-auth code

3.8.0

Release 3.8.0:

• Kotlin 2.0.0
• Gradle 8.8
• Bouncy Castle 1.78.1
• Kotest 5.9.1
• Ktor 2.3.11
• kotlinx.datetime 0.6.0
• kotlinx.coroutines 1.8.1
• KmmResult 1.6.0
• Serialization 1.7.1-SNAPSHOT
• Extract credential classes for Mobile Driving Licence according to ISO 18013-5 into separate library, see https://github.com/a-sit-plus/mobile-driving-licence-credential
• Implementers need to specify supported credential representations in CredentialScheme
• Update CredentialScheme to split up properties for representations
• Refactor methods in LibraryInitializer, deprecating the old ones, to accomodate additional parameters for serializing ISO credentials
• Update SD-JWT implementation to include sd_hash
• Update SIOPv2 implementation to increase interoperability

3.7.0

• Add OAuth2AuthorizationServerMetadata data class which implements RFC8414
• Change usage of OidcUserInfo in interfaces to OidcUserInfoExtended, to also deserialize unknown properties
• OID4VCI: WalletService: Replace parameters containing whole authentication parameters with single parameters holding code and state
• Change several integer properties to durations, e.g. expirations (in seconds) for OIDC data classes
• In SupportedCredentialFormat replace claims with isoClaims and sdJwtClaims to be able to handle both formats defined in OID4VCI Draft 13
• Wrap exceptions during deserialization in KmmResult, i.e. changing all deserialize() methods in companion objects
• OidcSiopWallet: Rename newInstance() to newDefaultInstance(), to align it with other factory methods
• OidcSiopWallet: Rename retrieveAuthenticationRequestParameters() to parseAuthenticationRequestParameters(), changing result type to KmmResult<AuthenticationRequestParameters>
• OidcSiopWallet: Support getting presentation definition remotely, with presentation_definition_uri from OpenId4VP
• Be more lenient when parsing several authentication request parameters
• Add VerifiablePresentationFactory: Used to have a separate place for creating verifiable presentations, HolderAgent got a little cramped
• Change OidcSiopVerifier.validateAuthnResponse: Supports new presentation semantics, where the vp_token may be a array of verifiable presentations.
• Change OidcSiopWallet.createAuthnResponseParams: Feed the newly required parameters to Holder.createPresentation; Changed output semantics to potentially submit a list of verifiable presentations
• Change HolderAgent.createPresentation: Changed function signature; Changed output semantics.
• Add BaseInputEvaluator: Input evaluator according to DIF.PresentationExchange 2.0.0
• Refactor AuthenticationRequestParameters → AuthenticationRequestParametersFrom to contain parsed parameters and their source
• Update KMP-Crypto to 3.1.0, to support JWE and ECDH-ES
• SIOPv2: Implement x509_san_dns and x509_san_uri client ID schemes
• Refactor OpenIdConstants to contain sealed classes, where appropriate

3.6.1

• Update to KMP-Crypto 2.6.0

3.6.0

• Self-Issued OpenID Provider v2:
  • OidcSiopWallet.AuthenticationResponseResult.Post: Replace property body: String with params: Map<String, String>, to be posted to the Relying Party. Clients may call extension function at.asitplus.wallet.lib.oidvci.formUrlEncode on params to get the encoded body for HTTP calls.
  • Move JsonWebKeySet to library at.asitplus.crypto:datatypes-jws
  • DefaultVerifierJwsService may load public keys for verifying JWS from a JWK Set URL in the header, see constructor argument jwkSetRetriever (cf. to OidcSiopWallet)
  • OidcSiopWallet and OidcSiopVerifier implement response mode direct_post.jwt, as per OpenID for Verifiable Presentations draft 20
  • OidcSiopVerifier: Add constructor parameter attestationJwt to create authentication requests as JWS with an Verifier Attestation JWT in header jwt (see OpenId4VP draft 20)
  • OidcSiopVerifier: Rename createAuthnRequestAsRequestObject() to createAuthnRequestAsSignedRequestObject(), also changing the return type
  • OidcSiopVerifier: Add option to set client_metadata_uri instead of embedding client metadata in authentication requests
  • OidcSiopVerifier: Refactor list of parameters for customizing authentication requests to single data class RequestOptions
  • OidcSiopWallet: Rename constructor parameter jwkSetRetriever to a more general remoteResourceRetriever, to use it for various parameters defined by reference
  • OidcSiopWallet: Replace constructor parameter verifierJwsService with requestObjectJwsVerifier to allow callers to verify JWS objects with a pre-registered key (as in the OpenId4VP client ID scheme "pre-registered")
  • Get rid of collections in serializable types and use sets instead
• OpenID for Verifiable Credential Issuance:
  • Implement OpenID for Verifiable Credential Issuance draft 13, from 2024-02-08
  • Rename IssuerService to CredentialIssuer
  • Implement RFC 7636 Proof Key for Code Exchange for OpenID for Verifiable Credential Issuance implementations, i.e. IssuerService/CredentialIssuer and WalletService
  • IssuerService/CredentialIssuer: Make public API functions suspending, also return KmmResult to transport exceptions
  • IssuerService/CredentialIssuer: Change parameter of credential() from authorizationHeader to accessToken, requiring the plain access token
  • IssuerService/CredentialIssuer: Extract responsibilities of an OAuth Authorizaiton Server into AuthorizationService
  • WalletService: Make public API functions suspending
  • WalletService: Implement proving possesion of private key with CBOR Web Tokens
  • WalletService: Move constructor parameters to requestOptions for every method call
  • Get rid of collections in serializable types and use sets instead
• Dependency updates
  • Conventions 1.9.23+20240410
    • Ktor 2.3.10
    • Auto-publish version catalogs
• Issuer: Change cryptoAlgorithms from Collection to Set

3.5.0

• Kotlin 1.9.23
• Ktor 2.3.9
• Update to latest KMP Crypto 2.5.0
  • Introduces correct mulitbase encoding
  • EC Point Compression
  • THIS IS A BREAKING CHANGE WRT. SERIALIZATION OF DID-ENCODED KEYS
    • Given that all EC keys were previously uncompressed, different mutlicodec identifiers are now supported and the old encoding of uncompressed keys does not work anymore, as it was faulty.
    • In addition, the encoding of the mutlibase prefix has changed, since varint-Encoding is now used correctly.
• Fix name shadowing of gradle plugins by renaming file Plugin.kt -> VcLibConventions.kt
• Fix: Add missing iOS exports
• Add switch to disable composite build (useful for publishing)
• Get rid of arrays in serializable types and use collections instead
• Improve interoperability with verifiers and issuers from https://github.com/eu-digital-identity-wallet/
• OidcSiopVerifier: Move credentialScheme from constructor to createAuthnRequest
• OidcSiopWallet: Add constructor parameter to fetch JSON Web Key Sets

3.4.0

• Target Java 17
• Updated dependencies from conventions: Bouncycastle 1.77, Serialization 1.6.3-snapshot (fork), Napier 2.7.1, KMP Crypto 2.3.0
• Integrate kmp-crypto library
• Change signature parsing and return types to CryptoSignature class
• Change base public key class fromJsonWebKey to CryptoPublicKey
• Change base algorithm class from JwsAlgorithm to CryptoAlgorithm
• Remove all ASN.1 parsing to use kmp-crypto functionality instead
• Change type of X.509 certificates from ByteArray to X509Certificate
• Refactor CryptoService.identifier to CryptoService.jsonWebKey.identifier
• Refactor CryptoService.toPublicKey() to Crypto.publicKey
• Add member coseKey to CryptoService
• Support ES384, ES512, RS256, RS384, RS512, PS256, PS384 and PS512 signatures in DefaultCryptoService
• Change DefaultCryptoService constructor signature: When handing over a private/public key pair, the CryptoAlgorithm parameter is now mandatory
• Change return type of methods in JwsService to KmmResult<T> to transport exceptions from native implementations
• Support static QR code use case for OIDC SIOPv2 flows in OidcSiopVerifier
• Move constructor parameters credentialRepresentation, requestedAttributes from OidcSiopVerifier into function calls

3.3.0

Release 3.3.0:

• Change non-typed attribute types (i.e. Strings) to typed credential schemes (i.e. ConstantIndex.CredentialScheme), this includes methods getCredentials, createPresentation in interface Holder, and method getCredentials in interface SubjectCredentialStore
• Add scheme to Credential stored in IssuerCredentialStore
• Add claimNames to ConstantIndex.CredentialScheme to list names of potential attributes (or claims) of the credential
• Add claimNames (a nullable list of requested claim names) to method getCredential in interface IssuerCredentialDataProvider, and to method issueCredential in interface Issuer
• Add functionality to request only specific claims to OID4VCI implementation
• Support issuing arbitrary data types in selective disclosure items (classes ClaimToBeIssued and SelectiveDisclosureItem)