Update spec on VC issuer's derivation_origin (#2357)

dfinity · Mar 12, 2024 · 01a6cd0 · 01a6cd0
1 parent 4f61acc
commit 01a6cd0
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/demos/vc_issuer/src/main.rs b/demos/vc_issuer/src/main.rs
@@ -101,7 +101,7 @@ impl Storable for IssuerConfig {
 
 impl Default for IssuerConfig {
     fn default() -> Self {
-        let derivation_origin = format!("https://{}.ic0.app", ic_cdk::id().to_text());
+        let derivation_origin = format!("https://{}.icp0.io", ic_cdk::id().to_text());
         Self {
             ic_root_key_raw: extract_raw_root_pk_from_der(IC_ROOT_PK_DER)
                 .expect("failed to extract raw root pk from der"),

diff --git a/demos/vc_issuer/tests/issue_credential.rs b/demos/vc_issuer/tests/issue_credential.rs
@@ -340,7 +340,7 @@ fn should_fail_vc_consent_message_if_missing_required_argument() {
 fn should_return_derivation_origin() {
     let env = env();
     let canister_id = install_canister(&env, VC_ISSUER_WASM.clone());
-    let frontend_hostname = format!("https://{}.ic0.app", canister_id.to_text());
+    let frontend_hostname = format!("https://{}.icp0.io", canister_id.to_text());
     let req = DerivationOriginRequest { frontend_hostname };
     let response = api::derivation_origin(&env, canister_id, principal_1(), &req)
         .expect("API call failed")

diff --git a/docs/vc-spec.md b/docs/vc-spec.md
@@ -98,11 +98,14 @@ credential by an issuer, and this happens by approving a human-readable consent
 Identity provider uses a VC-extension of  [ICRC-21](https://github.com/dfinity/wg-identity-authentication/blob/main/topics/icrc_21_consent_msg.md), and requests the consent message via `Icrc21VcConsentMessageRequest`,
 Upon successful response idenity provider displays the consent message from `Icrc21ConsentInfo` to the user.
 
-### 2: Derivation Origin (optional)
+### 2: Derivation Origin
+
+The issuer must implement also `derivation_origin`-API, which allows for taking the advantage
+of the [Alternative Derivation Origins](https://internetcomputer.org/docs/current/references/ii-spec#alternative-frontend-origins)-feature.
+`derivation_origin` is called by the identity provider to obtain an URL to be used as the derivation origin
+for user's principal.  If an issuer doesn't use the _Alternative Derivation Origins_-feature,
+the function should return just the default value, namely the canister's URL: `https://<issuer-canister-id>.icp0.io`.
 
-If an issuer wants to take advantage of the [Alternative Derivation Origins](https://internetcomputer.org/docs/current/references/ii-spec#alternative-frontend-origins)-feature,
-it must implement `derivation_origin`-API, which then is called by the identity provider to
-obtain an URL to be used as the derivation origin for user's principal.
 ```candid
 service: {
     derivation_origin : (DerivationOriginRequest) ->