Home / Input Output / atala-prism-wallet-sdk-ts
Insights Pull Requests
May 03, 11-12 AM (0)
May 04, 12-1 AM (0)
May 04, 1-2 AM (0)
May 04, 2-3 AM (0)
May 04, 3-4 AM (0)
May 04, 4-5 AM (1)
May 04, 5-6 AM (1)
May 04, 6-7 AM (0)
May 04, 7-8 AM (1)
May 04, 8-9 AM (0)
May 04, 9-10 AM (0)
May 04, 10-11 AM (0)
May 04, 11-12 PM (0)
May 04, 12-1 PM (0)
May 04, 1-2 PM (6)
May 04, 2-3 PM (16)
May 04, 3-4 PM (1)
May 04, 4-5 PM (3)
May 04, 5-6 PM (3)
May 04, 6-7 PM (0)
May 04, 7-8 PM (2)
May 04, 8-9 PM (1)
May 04, 9-10 PM (0)
May 04, 10-11 PM (0)
May 04, 11-12 AM (0)
May 05, 12-1 AM (0)
May 05, 1-2 AM (0)
May 05, 2-3 AM (0)
May 05, 3-4 AM (0)
May 05, 4-5 AM (2)
May 05, 5-6 AM (6)
May 05, 6-7 AM (3)
May 05, 7-8 AM (5)
May 05, 8-9 AM (6)
May 05, 9-10 AM (2)
May 05, 10-11 AM (7)
May 05, 11-12 PM (8)
May 05, 12-1 PM (7)
May 05, 1-2 PM (8)
May 05, 2-3 PM (1)
May 05, 3-4 PM (1)
May 05, 4-5 PM (0)
May 05, 5-6 PM (1)
May 05, 6-7 PM (0)
May 05, 7-8 PM (0)
May 05, 8-9 PM (0)
May 05, 9-10 PM (0)
May 05, 10-11 PM (0)
May 05, 11-12 AM (0)
May 06, 12-1 AM (0)
May 06, 1-2 AM (0)
May 06, 2-3 AM (0)
May 06, 3-4 AM (0)
May 06, 4-5 AM (1)
May 06, 5-6 AM (0)
May 06, 6-7 AM (0)
May 06, 7-8 AM (0)
May 06, 8-9 AM (1)
May 06, 9-10 AM (0)
May 06, 10-11 AM (0)
May 06, 11-12 PM (0)
May 06, 12-1 PM (0)
May 06, 1-2 PM (0)
May 06, 2-3 PM (0)
May 06, 3-4 PM (0)
May 06, 4-5 PM (0)
May 06, 5-6 PM (0)
May 06, 6-7 PM (0)
May 06, 7-8 PM (0)
May 06, 8-9 PM (0)
May 06, 9-10 PM (0)
May 06, 10-11 PM (0)
May 06, 11-12 AM (0)
May 07, 12-1 AM (1)
May 07, 1-2 AM (0)
May 07, 2-3 AM (0)
May 07, 3-4 AM (0)
May 07, 4-5 AM (0)
May 07, 5-6 AM (0)
May 07, 6-7 AM (2)
May 07, 7-8 AM (0)
May 07, 8-9 AM (0)
May 07, 9-10 AM (1)
May 07, 10-11 AM (0)
May 07, 11-12 PM (1)
May 07, 12-1 PM (0)
May 07, 1-2 PM (0)
May 07, 2-3 PM (1)
May 07, 3-4 PM (0)
May 07, 4-5 PM (0)
May 07, 5-6 PM (0)
May 07, 6-7 PM (0)
May 07, 7-8 PM (0)
May 07, 8-9 PM (0)
May 07, 9-10 PM (0)
May 07, 10-11 PM (0)
May 07, 11-12 AM (0)
May 08, 12-1 AM (0)
May 08, 1-2 AM (0)
May 08, 2-3 AM (0)
May 08, 3-4 AM (0)
May 08, 4-5 AM (0)
May 08, 5-6 AM (0)
May 08, 6-7 AM (0)
May 08, 7-8 AM (5)
May 08, 8-9 AM (1)
May 08, 9-10 AM (0)
May 08, 10-11 AM (0)
May 08, 11-12 PM (0)
May 08, 12-1 PM (0)
May 08, 1-2 PM (0)
May 08, 2-3 PM (0)
May 08, 3-4 PM (0)
May 08, 4-5 PM (0)
May 08, 5-6 PM (0)
May 08, 6-7 PM (0)
May 08, 7-8 PM (1)
May 08, 8-9 PM (2)
May 08, 9-10 PM (0)
May 08, 10-11 PM (0)
May 08, 11-12 AM (0)
May 09, 12-1 AM (0)
May 09, 1-2 AM (1)
May 09, 2-3 AM (0)
May 09, 3-4 AM (0)
May 09, 4-5 AM (0)
May 09, 5-6 AM (0)
May 09, 6-7 AM (0)
May 09, 7-8 AM (0)
May 09, 8-9 AM (0)
May 09, 9-10 AM (2)
May 09, 10-11 AM (0)
May 09, 11-12 PM (0)
May 09, 12-1 PM (0)
May 09, 1-2 PM (1)
May 09, 2-3 PM (0)
May 09, 3-4 PM (0)
May 09, 4-5 PM (0)
May 09, 5-6 PM (0)
May 09, 6-7 PM (0)
May 09, 7-8 PM (2)
May 09, 8-9 PM (0)
May 09, 9-10 PM (0)
May 09, 10-11 PM (0)
May 09, 11-12 AM (0)
May 10, 12-1 AM (0)
May 10, 1-2 AM (0)
May 10, 2-3 AM (0)
May 10, 3-4 AM (0)
May 10, 4-5 AM (0)
May 10, 5-6 AM (0)
May 10, 6-7 AM (0)
May 10, 7-8 AM (0)
May 10, 8-9 AM (0)
May 10, 9-10 AM (0)
May 10, 10-11 AM (0)
May 10, 11-12 PM (0)
May 10, 12-1 PM (0)
May 10, 1-2 PM (0)
May 10, 2-3 PM (0)
May 10, 3-4 PM (0)
May 10, 4-5 PM (0)
May 10, 5-6 PM (0)
May 10, 6-7 PM (0)
May 10, 7-8 PM (0)
May 10, 8-9 PM (0)
May 10, 9-10 PM (0)
May 10, 10-11 PM (0)
May 10, 11-12 AM (0)
115 commits this week May 04, 2026 - May 11, 2026
A-Chronicle
A-Chronicle · · atala-prism-wallet-sdk-ts
refactor(pollux): replace FindDIDSigningKeys with explicit purpose-specific search functions 
Replace the generic FindDIDSigningKeys with six explicit, purpose-specific classes:
- FindIssuerSigningKeys: for credential issuance (assertionMethod)
- FindAuthenticationSigningKeys: for proving DID ownership (authentication)
- FindKeyAgreementSigningKeys: for encryption/key agreement (keyAgreement)
- FindCapabilityInvocationSigningKeys: for invoking delegated capabilities
- FindCapabilityDelegationSigningKeys: for delegating capabilities to others
- FindRevocationSigningKeys: for revoking credentials/keys

This improves code clarity and scalability by making the purpose of each key
type explicit at the API level. Each search function includes comprehensive
W3C DID Core Specification references and documentation.

All explicit finders are thin wrappers delegating to the refactored
FindSigningKeys implementation that now supports all six DID verification
relationships via PURPOSE_TO_VERIFICATION_RELATIONSHIP mapping.

Fixes #596

Signed-off-by: Anshika Chaubey <[email protected]>
3868a757 · pull/618/head · 2/334 ++ 11 --
A-Chronicle
A-Chronicle · · atala-prism-wallet-sdk-ts
fix(pollux): fix JWT/SDJWT iat/exp claim units to seconds (RFC 7519) 
NumericDate claims per RFC 7519 must be emitted in seconds, not milliseconds.
Several SDK code paths were using Date.now() directly, which returns milliseconds,
causing tokens to be emitted with iat/exp values interpreted as far-future dates
when conforming verifiers parse them as seconds. This breaks interoperability with
RFC 7519-compliant consumers.

Fixed affected sites:
- HandleRequestCredential.ts: createJWT() and createSDJWT() methods
- CreateCredentialRequest.ts: OID4VCI proof JWT

All NumericDate claims now use Math.floor(Date.now() / 1000) to emit seconds.

Tests added to verify iat/exp are in seconds (NumericDate range):
- HandleRequestCredential.test.ts: RFC 7519 NumericDate Compliance tests
- CreateCredentialRequest.test.ts: OIDC proof JWT iat seconds validation

Fixes #610

Signed-off-by: Anshika Chaubey <[email protected]>
7b19efef · pull/617/head · 4/87 ++ 5 --
dependabot[bot]
dependabot[bot] · · atala-prism-wallet-sdk-ts
chore(deps): bump fast-uri in the npm_and_yarn group across 1 directory 
Bumps the npm_and_yarn group with 1 update in the / directory: [fast-uri](https://github.com/fastify/fast-uri).


Updates `fast-uri` from 3.1.0 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
aaca2f07 · dependabot/npm_and_yarn/npm_and_yarn-053c9c4054 · 1/3 ++ 3 --
abhigyan1102
abhigyan1102 · · atala-prism-wallet-sdk-ts
fix(pollux): add exp/nbf validation and fix error logging in SDJWT.verify 
Fixes #553 — remove console.log(err) from SDJWT.verify() catch block
Fixes #554 — add temporal claim validation (exp/nbf) per RFC 7519

Changes:
- Check exp claim (§4.1.4): return false if current time >= exp
- Check nbf claim (§4.1.5): return false if current time < nbf
- Remove console.log: empty catch block, consistent with JWT.verify()
- Use string literals for claim keys to keep import type-only
- Remove static temporal fixtures; tests use vi.useFakeTimers()
  to control system clock and build SD-JWT payloads dynamically

Matches the areTimestampsValid() pattern in JWT.verify (#550, #552).
Credentials without exp/nbf keep current behavior (no enforcement).

Signed-off-by: Abhigyan Singh <[email protected]>
bbc42aaf · pull/556/head · 3/156 ++ 0 --
TheSeydiCharyyev
TheSeydiCharyyev · · atala-prism-wallet-sdk-ts
refactor(pollux): reduce JWT.verify cognitive complexity 
SonarCloud flags `JWT.verify` (`packages/lib/sdk/src/pollux/utils/jwt/JWT.ts`)
as exceeding the cognitive-complexity threshold (16, allowed 15) due to
the inline exp and nbf checks added in #550 and #552.

Extract the temporal-claim validation into a small private helper
`areTimestampsValid(payload)`:

- Drops `verify`'s cognitive complexity from 16 to 13 (under the
  threshold) by replacing two inline if-blocks with one delegated call.
- Centralises the RFC 7519 §4.1.4 (exp) and §4.1.5 (nbf) handling in a
  single, focused method, which makes future additions (e.g. `iat`
  validation, see #610) and reuse from the SDJWT verifier easier.
- Behaviour is unchanged: same checks, same return value, same
  short-circuit ordering (exp before nbf, before signature verification).

No public API change. 765/765 tests pass locally on this branch.

Signed-off-by: Seydi Charyyev <[email protected]>
33f8c708 · pull/613/head · 1/20 ++ 11 --
TheSeydiCharyyev
TheSeydiCharyyev · · atala-prism-wallet-sdk-ts
chore: remove dead commented-out code 
SonarCloud flags four blocks of commented-out code as MAJOR code smells.
The blocks are dead — unused, unreachable, and not maintained — and only
add noise when reading these files. Removing them closes the
corresponding SonarCloud issues.

- packages/lib/sdk/src/plugins/internal/oidc/connection/CreateAuthorizationRequest.ts:
  remove commented-out PKCE/nonce/code_challenge branches; the explanatory
  TODO is kept since it documents the still-pending work.
- packages/lib/sdk/src/plugins/internal/oidc/connection/ProcessCallbackUrl.ts:
  remove commented-out implicit/hybrid flow rejection.
- packages/shared/domain/src/utils/guards.ts: remove the commented-out
  notEmptyArray export and its orphaned JSDoc block.
- packages/lib/sdk/src/plugins/internal/oea/index.ts: remove two
  commented-out plugin.register calls referencing protocol types and
  handlers that no longer exist (HandlePresentationRequest is not
  imported, the OEA.ProtocolType.* members do not exist).

No behavior change; no tests touched. 765/765 tests pass locally.

Signed-off-by: Seydi Charyyev <[email protected]>
e89720a5 · pull/612/head · 4/0 ++ 27 --
dependabot[bot]
dependabot[bot] · · atala-prism-wallet-sdk-ts
chore(deps): bump ip-address 
Bumps the npm_and_yarn group with 1 update in the / directory: [ip-address](https://github.com/beaugunderson/ip-address).


Updates `ip-address` from 10.1.0 to 10.2.0
- [Commits](https://github.com/beaugunderson/ip-address/commits)

---
updated-dependencies:
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
85ac684d · dependabot/npm_and_yarn/npm_and_yarn-32e07c5719 · 1/3 ++ 3 --
TheSeydiCharyyev
TheSeydiCharyyev · · atala-prism-wallet-sdk-ts
fix(pollux): check nbf claim in JWT.verify 
JWT.verify did not validate the nbf (not before) claim, so JWTs with
nbf in the future were incorrectly considered valid. This is a
security issue per RFC 7519 Section 4.1.5.

Added an explicit nbf check after JWT decode: if nbf is present and
the current time is before it, verify() returns false. JWTs without
an nbf claim keep the previous behavior (no nbf enforced).

This is a sister fix to #489/#550 (which addressed the exp claim).

Adding the nbf check exposed pre-existing bugs in JWT/SDJWT creation
paths that emitted nbf as milliseconds (Date.now()) instead of
seconds (NumericDate per RFC 7519). Without correction these tokens
would be rejected by the new check, breaking
createPresentationForRequestProof and credential issuance. Three
creation sites are corrected to seconds:

  - src/plugins/internal/dif/PresentationRequest.ts (VP nbf)
  - src/plugins/internal/didcomm/tasks/HandleRequestCredential.ts
    (JWT and SDJWT credential nbf)

The hardcoded VP JWT in tests/plugins/dif/PresentationVerify.test.ts
and the credential fixture in tests/fixtures/credentials/jwt.ts
contained nbf in milliseconds and have been regenerated with valid
(seconds) timestamps. Inline currentDate.getTime() test data has
been corrected to Math.floor(.../1000).

Note: iat and exp in the same creation paths are also emitted as
milliseconds; this does not block the new nbf check (exp in ms is
interpreted as far future and passes) but violates RFC 7519. Filed
separately.

Closes #551

Signed-off-by: Seydi Charyyev <[email protected]>
cfd33859 · pull/552/head · 6/85 ++ 23 --
Showing 25 of 115 recent commits. Check out Input Output on GitHub to see more.