This project adheres to Semantic Versioning.
The following changes have been implemented but not released yet:
1.2.0 - 2024-12-17
- Query endpoint discovery: the
getVerifiableCredentialApiConfiguration
function now has aqueryService
entry if the target service supports the Inrupt Access Grant query endpoint.
1.1.2 - 2024-10-22
- Added support for the
https://schema.inrupt.com/credentials/v2.jsonld
JSON-LD context.
1.1.1 - 2024-10-14
- This release has no impact on shipped code. A feature flag has been added to Problem Details end-to-end tests.
1.1.0 - 2024-09-03
- Integrate @inrupt/solid-client-errors for handling HTTP errors.
- Node 22 is now supported.
1.0.3 - 2024-05-15
- Added
types
inexports
entries. This fixes issue #1028.
1.0.2 - 2024-01-17
- Export type
VerifiableCredentialApiConfiguration
, which is part of the public API but was missing from the exports.
1.0.0 - 2023-12-21
- Parsing Verifiable Credentials. This allows the Verifiable Credential to be read using the RDF/JS DatasetCore API.
This is a breaking change because the
VerifiableCredential
type now is also of typeDatasetCore
. Importantly, this dataset is not preserved when converting to verifiableCredentials a string and back doingJSON.parse(JSON.stringify(verifiableCredential))
. We reccomend that developers setreturnLegacyJsonld
tofalse
in functions such asgetVerifiableCredential
in order to avoid returning deprecated object properties. Instead developers should make use of the exportedgetter
functions to get these attributes. - Use the global
fetch
function instead of@inrupt/universal-fetch
. This means this library now only works with Node 18 and higher. - The deprecated signature of
issueVerifiableCredential
(including asubjectId
parameter) is no longer supported. Please remove the extraneous parameter. - Due to changes in the rollup config, the
umd
output is now found atdist/index.umd.js
rather thanumd/index.js
.
0.7.4 - 2023-11-17
- Remove some assumptions for an end-to-end test. This should be transparent to dependants.
0.7.3 - 2023-11-16
- Remove some assumptions for an end-to-end test. This should be transparent to dependants.
- Build system (bundler and TypeScript) updates. This should be transparent to dependants.
- Fix broken checks for
null
fields
- Node 20 is now supported
- Node 18 is now supported
- A new function
isValidVerifiablePresentation
has been added to theverify
module, which verifies the validity of a VP using a verification service. getVerifiableCredentialApiConfiguration
now discovers the future-compatible specification-compliant endpoints, as well as the legacy endpoints.- A
query
function is added from the top-level export and the@inrupt/solid-client-vc/query
submodule. It implements the Verifiable Presentation Request mechanism as described in https://w3c-ccg.github.io/vp-request-spec/. An important note is that we make the assumption that an endpoint supporting Verifiable Presentation Request is available at a /query path, which is outside of the VC API specification scope. This assumption is used to distinguish new endpoints vs legacy endpoints. Currently, only Query by Example VPRs are supported, which is similar to the legacy behavior in a lot of ways. The existinggetVerifiableCredentialAllFromShape
function now supports both legacy and VPR-compliant endpoints.
- Upgraded documentation tooling and improved documentation output.
- Added named exports to revoke, verify, and derive (these were previously default exports but they format poorly in the documentation)
getVerifiableCredentialAllFromShape
supports a new option,includeExpiredVc
. If set to true, the Holder endpoint will return VCs that have expired and are thus no longer valid. This new option defaults to false.
The following sections document changes that have been released already:
getVerifiableCredential
: function exported by the./common
module to dereference a VC URL and validate the obtained content.
- Passing a subject ID to
issueVerifiableCredential
is now deprecated.
isValidVc
: this function, exported by theverify
module, verifies that a VC is valid. Such verification is performed server-side by a verification service, which checks the validity of the signature, and that the VC hasn't been revoked.
- If getting a large response from the
/derive
endpoint, the code would freeze due to the response being cloned for display purpose. This is no longer the case.
- Looking up the configuration discovery file explicitly sets the
Accept
header toapplication/ld+json
, preventing the a406 Unacceptable
response when trying to dereference it as Turtle.
getVerifiableCredentialApiConfiguration
: If the VC service exposes a.well-known/vc-configuration
document, this function fetches it, parses it, and returns known services from it.
- Looking up a VC at the '/derive' endpoint was issuing incorrect requests.
- Revoking a VC was setting the revocation status to an incorrect value, preventing the revocation to actually happen.
- Receiving a legitimate VP could be rejected by the library if it had a single string as a type, which should be acceptable.
getVerifiableCredentialAllFromShape
expected a response format from the VC holder mismatching the actual response.
- No longer uses the default session from
@inrupt/solid-client-authn-browser
because it causes issues with Webpack.
- Revoke a credential: the
revokeVerifiableCredential
function allows to ask an issuer to revoke a given credential. - Lookup credentials at a Holder endpoint: the
getVerifiableCredentialAllFromShape
function collects presentations for all the VCs matching a given shape from a given holder. - Request the issuance of a Verifiable Credential: the
issueVerifiableCredential
function requests a Verifiable Credential to be issued by a server implementing the W3C VC Issuer HTTP API.