invocation: add support for self-signed invocations (issuer=subject) #120
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds support for self-signed invocations where the issuer and subject are the same entity. This allows invocations to be executed without requiring delegation proofs when the invoker is acting on itself.
Key changes:
- Added
NewSelfSignedconstructor for creating self-signed invocations - Modified proof verification logic to allow self-signed invocations (issuer == subject) without proofs
- Added
IsSelfSigned()helper method to check if an invocation is self-signed
Reviewed changes
Copilot reviewed 11 out of 17 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| token/invocation/invocation.go | Added NewSelfSigned constructor and IsSelfSigned method; improved error message for issuer parsing |
| token/invocation/proof.go | Updated proof verification to allow self-signed invocations without proofs; updated documentation comments |
| token/invocation/invocation_test.go | Refactored tests to table-driven format; added test cases for self-signed invocations |
| token/invocation/schema_test.go | Updated test to use embedded full example data and renamed constants for clarity |
| token/invocation/testdata/*.dagjson | Added new test data files for self-signed and full example invocations |
| token/delegation/delegation.go | Improved error message for issuer parsing (consistency) |
| token/delegation/delegationtest/token_gen.go | Added self-delegation test tokens for all personas |
| token/delegation/delegationtest/generator/*.go | Added generator logic for self-delegations |
| token/delegation/delegationtest/data/*.dagcbor | Added binary test data for self-delegation tokens |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // d. The public key can be extracted from the `did:key`. | ||
| // e. The public key type is supported by go-ucan. | ||
| // c. The Payload contains an iss field that contains a valid DID. | ||
| // d. One or more public keys can be derived from the DID. |
There was a problem hiding this comment.
More than one public key?
There was a problem hiding this comment.
Yes, method other than did:key can resolve to multiple public keys at the same time. So go-ucan try to find one matching the signature.
smoyer64
left a comment
There was a problem hiding this comment.
As written, none of the tests are passing (and oddly look like they're timing out)
0a7ffe4 to
4b3a0c5
Compare
130e2e4 to
a7e698e
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 19 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The spec should be clarified before merging this.