Improve errors when retrieving DID JWT proof params.

digitalbazaar · Aug 25, 2024 · 218b1cf · 218b1cf
1 parent 5e4bf72
commit 218b1cf
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # bedrock-vc-delivery ChangeLog
 
+## 5.3.1 - 2024-08-dd
+
+### Fixed
+- Throw better error if DID proof JWT verification method cannot be retrieved
+  from `kid` URL.
+
 ## 5.3.0 - 2024-08-24
 
 ### Added

diff --git a/lib/verify.js b/lib/verify.js
@@ -159,6 +159,18 @@ export async function verifyDidProofJwt({workflow, exchange, jwt} = {}) {
     }
 
     const vm = await didIo.get({url: kid});
+    if(!vm) {
+      throw new BedrockError(
+        `Verification method identified by "kid" (${kid}) could not be ` +
+        'retrieved.', {
+          name: 'DataError',
+          details: {
+            public: true,
+            httpStatusCode: 400
+          }
+        });
+    }
+
     // `vm.controller` must be the issuer of the DID JWT; also ensure that
     // the specified controller authorized `vm` for the purpose of
     // authentication
@@ -174,8 +186,13 @@ export async function verifyDidProofJwt({workflow, exchange, jwt} = {}) {
       match.controller === vm.controller)) {
       throw new BedrockError(
         `Verification method controller "${issuer}" did not authorize ` +
-        `verification method "${vm.id}" for the purpose of "authentication".`,
-        {name: 'NotAllowedError'});
+        `verification method "${vm.id}" for the purpose of "authentication".`, {
+          name: 'NotAllowedError',
+          details: {
+            public: true,
+            httpStatusCode: 400
+          }
+        });
     }
     let jwk;
     if(isEcdsa) {