Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for runtime fetching of context fiels #386

Open
PascalSprenger opened this issue May 9, 2024 · 3 comments
Open

Add support for runtime fetching of context fiels #386

PascalSprenger opened this issue May 9, 2024 · 3 comments

Comments

@PascalSprenger
Copy link

Hello, I am absolutely unsure if this is a bug or if I am using it incorrectly.

I would like to create verifiable credentials via didkit-cli.
If I use an official context as a source, everything works.
Here is my working examples from the tutorial:

			String vcData = String.format(‘’
										            {
					    ‘@context’: 
					    ‘https://www.w3.org/2018/credentials/v1’
					    ‘id’: ‘urn:uuid:12345678-abcd-1234-ef00-123456789abc’,
					    ‘type’: [‘VerifiableCredential’],
					    ‘issuer’: ‘%s’,
					    ‘issuanceDate’: ‘%s’,
					    ‘credentialSubject’: {
					    	‘id’: ‘did:example:abcdef’
					    }
					}‘’", issuerDID, DateTimeFormatter.ISO_INSTANT.format(Instant.now()),claimsJson.toString());

However, if I now try to host the identical context (copy/paste) from https://www.w3.org/2018/credentials/v1 myself via Xampp local, I always get the following error:

Error: thread ‘main’ panicked at C:\Users\xxx\.cargo\registry\src\index.crates.io-6f17d22bba15001f\didkit-cli-0.3.2\src\credential.rs:80:14:
Error: called `Result::unwrap()` on an `Err` value: LDP(ToRdfError(Expand(ContextProcessing(Meta(ContextLoadingFailed(LoadingDocumentFailed(UnknownContext(‘http://localhost/vc2.jsonld’)))), Span { start: 42, end: 71 })))))

Do you have any idea what this could be? I have now tried several different schemas and always get this error.

If I pass a custom context directly via:

					    {
					    ‘dateOfBirth’: ‘http://localhost/definitions/birthDate.html’ 
					    }

so without hosting it, it seems to work.
@sbihel
Copy link
Member

sbihel commented May 10, 2024

Do you have any idea what this could be? I have now tried several different schemas and always get this error.

We do not yet support fetching context files at runtime (which has significant security implications). All the context files that are currently supported (like https://www.w3.org/2018/credentials/v1) are actually hardcoded. In Rust there is a way to pass additional context files but this functionality is not currently exposed in bindings.

If I pass a custom context directly via:

Yes, but here you are defining a term directly. The URI doesn't actually have to resolve to anything.

@sbihel sbihel changed the title Use of selfhosted Context Add support for runtime fetching of context fiels May 10, 2024
@PascalSprenger
Copy link
Author

Thanks for the answer!
Would it be possible to add some kind of whitelist where you can explicitly allow external context? (Maybe just localhost) This would at least limit the security concerns somewhat.

Otherwise: Can you perhaps tell me where Context is hardcoded? Then I can play around with it locally,

@sbihel
Copy link
Member

sbihel commented May 23, 2024

Would it be possible to add some kind of whitelist where you can explicitly allow external context?

Potentially after spruceid/ssi#508 is merged but I cannot commit to anything at this time.

Otherwise: Can you perhaps tell me where Context is hardcoded? Then I can play around with it locally,

Here's an example PR that adds support for a new context: spruceid/ssi#548.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbihel @PascalSprenger