fix: Ensure we always use the ES256 key for EBSI auth

Sphereon-Opensource · Jul 16, 2024 · be7dc15 · be7dc15
1 parent 130721b
commit be7dc15
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/packages/ebsi-support/src/functions/Attestation.ts b/packages/ebsi-support/src/functions/Attestation.ts
@@ -80,8 +80,9 @@ export const ebsiCreateAttestationAuthRequestURL = async (
   }
   // This only works if the DID is actually registered, otherwise use our internal KMS;
   // that is why the offline argument is passed in when type is Verifiable Auth to Onboard, as no DID is present at that point yet
+  // We are getting the ES256 key here, as that is the one needed for auth in EBSI
   const authKey = await getAuthenticationKey(
-    { identifier, offlineWhenNoDIDRegistered: credentialType === 'VerifiableAuthorisationToOnboard', noVerificationMethodFallback: true },
+    { identifier, offlineWhenNoDIDRegistered: credentialType === 'VerifiableAuthorisationToOnboard', noVerificationMethodFallback: true, keyType: 'Secp256r1' },
     context,
   )
   const kid = authKey.meta?.jwkThumbprint ?? calculateJwkThumbprintForKey({ key: authKey })