feat: additional JSON-LD context on issuance (#941)

wolf4ood · web-flow · commit 14385c386c4d · 2026-03-10T13:03:31.000+01:00
diff --git a/core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/generator/JwtCredentialGenerator.java b/core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/generator/JwtCredentialGenerator.java
@@ -33,9 +33,11 @@
 
 import java.time.Clock;
 import java.time.Instant;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -72,7 +74,7 @@ public Result<VerifiableCredentialContainer> generateCredential(String participa
 
         var statusResult = createCredentialStatus(claims);
 
-        var credentialBuilder = generateVerifiableCredential(definition.getCredentialType(), definition.getValidity(), issuerId, holderDid, subjectResult.getContent());
+        var credentialBuilder = generateVerifiableCredential(definition.getAdditionalContext(), definition.getCredentialType(), definition.getValidity(), issuerId, holderDid, subjectResult.getContent());
 
         statusResult.onSuccess(credentialBuilder::credentialStatus);
 
@@ -114,9 +116,13 @@ private Result<String> signCredentialInternal(String participantContextId, Verif
     }
 
     @SuppressWarnings({"unchecked", "rawtypes"})
-    private VerifiableCredential.Builder generateVerifiableCredential(String type, long validity, String issuer, String holderId, Map<String, Object> credentialSubject) {
+    private VerifiableCredential.Builder generateVerifiableCredential(List<String> additionalContext, String type, long validity, String issuer, String holderId, Map<String, Object> credentialSubject) {
+        var ctx = new LinkedHashSet<>();
+        ctx.add(VcConstants.W3C_CREDENTIALS_URL);
+        ctx.addAll(additionalContext);
         return VerifiableCredential.Builder.newInstance()
                 .id(UUID.randomUUID().toString())
+                .contexts(new ArrayList<>(ctx))
                 .issuer(new Issuer(issuer))
                 .dataModelVersion(DataModelVersion.V_1_1)
                 .issuanceDate(Instant.now(clock))
@@ -149,8 +155,11 @@ private Result<CredentialStatus> createCredentialStatus(Map<String, Object> clai
     }
 
     private Map<String, Object> createVcClaim(VerifiableCredential verifiableCredential, String... type) {
+        var ctx = new LinkedHashSet<>();
+        ctx.add(VcConstants.W3C_CREDENTIALS_URL);
+        ctx.addAll(verifiableCredential.getContext());
         var claims = new HashMap<>(
-                Map.of(JsonLdKeywords.CONTEXT, List.of(VcConstants.W3C_CREDENTIALS_URL),
+                Map.of(JsonLdKeywords.CONTEXT, ctx,
                         TYPE_PROPERTY, Arrays.asList(type),
                         "id", verifiableCredential.getId(),
                         "issuanceDate", verifiableCredential.getIssuanceDate().toString(),
diff --git a/core/issuerservice/issuerservice-issuance/src/test/java/org/eclipse/edc/issuerservice/issuance/generator/JwtCredentialGeneratorTest.java b/core/issuerservice/issuerservice-issuance/src/test/java/org/eclipse/edc/issuerservice/issuance/generator/JwtCredentialGeneratorTest.java
@@ -92,6 +92,7 @@ void generateCredential() {
         assertThat(container.rawVc()).isNotNull();
         assertThat(container.format()).isEqualTo(VC1_0_JWT);
         assertThat(container.credential()).satisfies(verifiableCredential -> {
+            assertThat(verifiableCredential.getContext()).contains("https://www.w3.org/2018/credentials/v1");
             assertThat(verifiableCredential.getType()).contains("MembershipCredential");
             assertThat(verifiableCredential.getIssuer().id()).isEqualTo("did:example:issuer");
             assertThat(verifiableCredential.getCredentialSubject()).hasSize(1);
@@ -115,6 +116,48 @@ void generateCredential() {
         });
     }
 
+    @SuppressWarnings({"unchecked", "rawtypes"})
+    @Test
+    void generateCredential_additionalContext() {
+
+        var subjectClaims = Map.of("name", "Foo Bar");
+        Map<String, Object> claims = Map.of("credentialSubject", subjectClaims);
+
+        var definition = createCredentialDefinitionBuilder()
+                .additionalContext(List.of("https://www.w3.org/2018/credentials/examples/v1"))
+                .build();
+
+        var result = jwtCredentialGenerator.generateCredential(TEST_PARTICIPANT, definition, PRIVATE_KEY_ALIAS, PUBLIC_KEY_ID, "did:example:issuer", "did:example:participant", claims);
+
+        assertThat(result).isSucceeded();
+
+        var container = result.getContent();
+        assertThat(container.rawVc()).isNotNull();
+        assertThat(container.format()).isEqualTo(VC1_0_JWT);
+        assertThat(container.credential()).satisfies(verifiableCredential -> {
+            assertThat(verifiableCredential.getContext()).contains("https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1");
+            assertThat(verifiableCredential.getType()).contains("MembershipCredential");
+            assertThat(verifiableCredential.getIssuer().id()).isEqualTo("did:example:issuer");
+            assertThat(verifiableCredential.getCredentialSubject()).hasSize(1);
+
+            var subject = verifiableCredential.getCredentialSubject().get(0);
+
+            assertThat(subject.getId()).isEqualTo("did:example:participant");
+            assertThat(subject.getClaims()).isEqualTo(subjectClaims);
+
+        });
+
+
+        var extractedClaims = extractJwtClaims(container.rawVc());
+
+        REQUIRED_CLAIMS.forEach(claim -> assertThat(extractedClaims.getClaim(claim)).describedAs("Claim '%s' cannot be null", claim).isNotNull());
+        assertThat(extractJwtHeader(container.rawVc()).getKeyID()).isEqualTo("did:example:issuer#%s".formatted(PUBLIC_KEY_ID));
+        assertThat(extractedClaims.getClaim(VERIFIABLE_CREDENTIAL_CLAIM)).isInstanceOfSatisfying(Map.class, vcClaim -> {
+            assertThat((List) vcClaim.get("type")).contains("MembershipCredential");
+            assertThat((Map) vcClaim.get("credentialSubject")).containsAllEntriesOf(subjectClaims);
+        });
+    }
+
     @SuppressWarnings({"unchecked", "rawtypes"})
     @Test
     void generateCredential_whenNoStatus() {
@@ -256,13 +299,17 @@ protected ECKey createKey(Curve curve, String centralIssuerKeyId) {
     }
 
     private CredentialDefinition createCredentialDefinition() {
+        return createCredentialDefinitionBuilder()
+                .build();
+    }
+
+    private CredentialDefinition.Builder createCredentialDefinitionBuilder() {
         return CredentialDefinition.Builder.newInstance()
                 .credentialType("MembershipCredential")
                 .mapping(new MappingDefinition("input", "outut", true))
                 .jsonSchema("{}")
                 .participantContextId(UUID.randomUUID().toString())
-                .formatFrom(VC1_0_JWT)
-                .build();
+                .formatFrom(VC1_0_JWT);
     }
 
     private JWTClaimsSet extractJwtClaims(String vpJwt) {
diff --git a/e2e-tests/dcp-issuance-tests/src/test/java/org/eclipse/edc/identityhub/tests/dcp/flow/DcpIssuanceFlowEndToEndTest.java b/e2e-tests/dcp-issuance-tests/src/test/java/org/eclipse/edc/identityhub/tests/dcp/flow/DcpIssuanceFlowEndToEndTest.java
@@ -50,6 +50,7 @@
 import org.junit.jupiter.api.extension.RegisterExtension;
 
 import java.time.Duration;
+import java.util.List;
 import java.util.Map;
 
 import static io.restassured.RestAssured.given;
@@ -155,10 +156,11 @@ void issuanceFlow(IssuerService issuer, IdentityHub identityHub) {
                         assertThat(vc.getStateAsEnum()).isEqualTo(VcStatus.ISSUED);
                         assertThat(vc.getIssuerId()).isEqualTo(issuerDid);
                         assertThat(vc.getHolderId()).isEqualTo(participantDid);
-                        assertThat(vc.getVerifiableCredential().credential().getCredentialStatus()).isNotEmpty()
-                                .anySatisfy(t -> {
-                                    assertThat(t.getProperty("", "statusPurpose").toString()).isEqualTo("revocation");
-                                });
+                        assertThat(vc.getVerifiableCredential().credential()).satisfies(v -> {
+                            assertThat(v.getCredentialStatus()).isNotEmpty()
+                                    .anySatisfy(t -> assertThat(t.getProperty("", "statusPurpose").toString()).isEqualTo("revocation"));
+                            assertThat(v.getContext()).contains("https://example.com/credentials/membership/v1");
+                        });
                     });
 
             // checks that the credential was issued on the issuer side
@@ -168,8 +170,11 @@ void issuanceFlow(IssuerService issuer, IdentityHub identityHub) {
                         assertThat(vc.getStateAsEnum()).isEqualTo(VcStatus.ISSUED);
                         assertThat(vc.getIssuerId()).isEqualTo(issuerDid);
                         assertThat(vc.getHolderId()).isEqualTo(participantDid);
-                        assertThat(vc.getVerifiableCredential().credential().getCredentialStatus()).hasSize(1)
-                                .allSatisfy(t -> assertThat(t.type()).isEqualTo("BitstringStatusListEntry"));
+                        assertThat(vc.getVerifiableCredential().credential()).satisfies(v -> {
+                            assertThat(v.getCredentialStatus()).hasSize(1)
+                                    .allSatisfy(t -> assertThat(t.type()).isEqualTo("BitstringStatusListEntry"));
+                            assertThat(v.getContext()).contains("https://example.com/credentials/membership/v1");
+                        });
                     });
 
             // verify that the status credential on the issuer side is accessible
@@ -213,6 +218,7 @@ void issuanceFlow(IssuerService issuer, IdentityHub identityHub) {
             var credentialDefinition = CredentialDefinition.Builder.newInstance()
                     .id("membershipCredential-id")
                     .credentialType("MembershipCredential")
+                    .additionalContext(List.of("https://example.com/credentials/membership/v1"))
                     .jsonSchemaUrl("https://example.com/schema")
                     .jsonSchema("{}")
                     .attestation(attestationDefinition.getId())
diff --git a/extensions/api/issuer-admin-api/issuer-admin-api-configuration/src/main/resources/issuer-admin-api-version.json b/extensions/api/issuer-admin-api/issuer-admin-api-configuration/src/main/resources/issuer-admin-api-version.json
@@ -2,7 +2,7 @@
   {
     "version": "1.0.0-alpha",
     "urlPath": "/v1alpha",
-    "lastUpdated": "2026-03-04T15:00:00Z",
+    "lastUpdated": "2026-03-10T15:00:00Z",
     "maturity": null
   }
 ]
diff --git a/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/BaseSqlDialectStatements.java b/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/BaseSqlDialectStatements.java
@@ -39,6 +39,7 @@ public String getInsertTemplate() {
                 .jsonColumn(getRulesColumn())
                 .jsonColumn(getMappingsColumn())
                 .jsonColumn(getJsonSchemaColumn())
+                .jsonColumn(getAdditionalContextColumn())
                 .column(getJsonSchemaUrlColumn())
                 .column(getValidityColumn())
                 .column(getFormatsColumn())
@@ -55,6 +56,7 @@ public String getUpdateTemplate() {
                 .jsonColumn(getRulesColumn())
                 .jsonColumn(getMappingsColumn())
                 .jsonColumn(getJsonSchemaColumn())
+                .jsonColumn(getAdditionalContextColumn())
                 .column(getJsonSchemaUrlColumn())
                 .column(getValidityColumn())
                 .column(getFormatsColumn())
diff --git a/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/CredentialDefinitionStoreStatements.java b/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/CredentialDefinitionStoreStatements.java
@@ -60,6 +60,10 @@ default String getJsonSchemaUrlColumn() {
         return "json_schema_url";
     }
 
+    default String getAdditionalContextColumn() {
+        return "additional_context";
+    }
+
     default String getValidityColumn() {
         return "validity";
     }
diff --git a/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/SqlCredentialDefinitionStore.java b/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/SqlCredentialDefinitionStore.java
@@ -47,7 +47,7 @@
  */
 public class SqlCredentialDefinitionStore extends AbstractSqlStore implements CredentialDefinitionStore {
 
-    private static final TypeReference<List<String>> ATTESTATIONS_LIST_REF = new TypeReference<>() {
+    private static final TypeReference<List<String>> STRING_LIST_REF = new TypeReference<>() {
     };
 
     private static final TypeReference<List<CredentialRuleDefinition>> RULES_LIST_REF = new TypeReference<>() {
@@ -109,6 +109,7 @@ public StoreResult<Void> create(CredentialDefinition credentialDefinition) {
                         toJson(credentialDefinition.getRules()),
                         toJson(credentialDefinition.getMappings()),
                         toJson(credentialDefinition.getJsonSchema()),
+                        toJson(credentialDefinition.getAdditionalContext()),
                         credentialDefinition.getJsonSchemaUrl(),
                         credentialDefinition.getValidity(),
                         credentialDefinition.getFormat(),
@@ -145,6 +146,7 @@ public StoreResult<Void> update(CredentialDefinition credentialDefinition) {
                             toJson(credentialDefinition.getRules()),
                             toJson(credentialDefinition.getMappings()),
                             toJson(credentialDefinition.getJsonSchema()),
+                            toJson(credentialDefinition.getAdditionalContext()),
                             credentialDefinition.getJsonSchemaUrl(),
                             credentialDefinition.getValidity(),
                             credentialDefinition.getFormat(),
@@ -209,9 +211,10 @@ private CredentialDefinition mapResultSet(ResultSet resultSet) throws Exception
                 .id(resultSet.getString(statements.getIdColumn()))
                 .participantContextId(resultSet.getString(statements.getParticipantContextIdColumn()))
                 .credentialType(resultSet.getString(statements.getCredentialTypeColumn()))
-                .attestations(fromJson(resultSet.getString(statements.getAttestationsColumn()), ATTESTATIONS_LIST_REF))
+                .attestations(fromJson(resultSet.getString(statements.getAttestationsColumn()), STRING_LIST_REF))
                 .rules(fromJson(resultSet.getString(statements.getRulesColumn()), RULES_LIST_REF))
                 .mappings(fromJson(resultSet.getString(statements.getMappingsColumn()), MAPPINGS_LIST_REF))
+                .additionalContext(fromJson(resultSet.getString(statements.getAdditionalContextColumn()), STRING_LIST_REF))
                 .jsonSchema(resultSet.getString(statements.getJsonSchemaColumn()))
                 .jsonSchemaUrl(resultSet.getString(statements.getJsonSchemaUrlColumn()))
                 .validity(resultSet.getLong(statements.getValidityColumn()))
diff --git a/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/schema/postgres/CredentialDefinitionMapping.java b/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/java/org/eclipse/edc/issuerservice/store/sql/credentialdefinition/schema/postgres/CredentialDefinitionMapping.java
@@ -38,6 +38,7 @@ public class CredentialDefinitionMapping extends TranslationMapping {
     public static final String FIELD_VALIDITY = "validity";
     public static final String FIELD_FORMAT = "format";
     public static final String FIELD_ATTESTATIONS = "attestations";
+    public static final String FIELD_ADDITIONAL_CONTEXT = "additionalContext";
     public static final String FIELD_RULES = "rules";
     public static final String FIELD_MAPPINGS = "mappings";
 
@@ -55,5 +56,7 @@ public CredentialDefinitionMapping(CredentialDefinitionStoreStatements statement
         add(FIELD_ATTESTATIONS, new JsonArrayTranslator(statements.getAttestationsColumn()));
         add(FIELD_RULES, new JsonFieldTranslator(RULES_ALIAS));
         add(FIELD_MAPPINGS, new JsonFieldTranslator(MAPPING_ALIAS));
+        add(FIELD_ADDITIONAL_CONTEXT, new JsonArrayTranslator(statements.getAdditionalContextColumn()));
+
     }
 }
diff --git a/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/resources/credential-definition-schema.sql b/extensions/store/sql/issuerservice-credential-definition-store-sql/src/main/resources/credential-definition-schema.sql
@@ -21,6 +21,7 @@ CREATE TABLE IF NOT EXISTS credential_definitions
     attestations           JSON    NOT NULL DEFAULT '[]',
     rules                  JSON    NOT NULL DEFAULT '[]',
     mappings               JSON    NOT NULL DEFAULT '[]',
+    additional_context     JSON    NOT NULL DEFAULT '[]',
     json_schema            JSON,
     json_schema_url        VARCHAR,
     validity               BIGINT  NOT NULL,
diff --git a/spi/issuerservice/issuerservice-issuance-spi/src/main/java/org/eclipse/edc/issuerservice/spi/issuance/model/CredentialDefinition.java b/spi/issuerservice/issuerservice-issuance-spi/src/main/java/org/eclipse/edc/issuerservice/spi/issuance/model/CredentialDefinition.java
@@ -37,6 +37,7 @@
 public class CredentialDefinition extends AbstractParticipantResource {
 
     private final List<String> attestations = new ArrayList<>();
+    private final List<String> additionalContext = new ArrayList<>();
     private final List<CredentialRuleDefinition> rules = new ArrayList<>();
     private final List<MappingDefinition> mappings = new ArrayList<>();
     private String format;
@@ -47,7 +48,7 @@ public class CredentialDefinition extends AbstractParticipantResource {
 
     private CredentialDefinition() {
     }
-    
+
     public String getCredentialType() {
         return credentialType;
     }
@@ -77,6 +78,10 @@ public List<String> getAttestations() {
         return attestations;
     }
 
+    public List<String> getAdditionalContext() {
+        return additionalContext;
+    }
+
     public List<CredentialRuleDefinition> getRules() {
         return rules;
     }
@@ -140,6 +145,11 @@ public Builder attestation(String attestation) {
             return this;
         }
 
+        public Builder additionalContext(List<String> additionalContext) {
+            this.entity.additionalContext.addAll(additionalContext);
+            return this;
+        }
+
         public Builder rules(Collection<CredentialRuleDefinition> rules) {
             this.entity.rules.addAll(rules);
             return this;
diff --git a/spi/issuerservice/issuerservice-issuance-spi/src/testFixtures/java/org/eclipse/edc/issuerservice/spi/issuance/credentialdefinition/store/CredentialDefinitionStoreTestBase.java b/spi/issuerservice/issuerservice-issuance-spi/src/testFixtures/java/org/eclipse/edc/issuerservice/spi/issuance/credentialdefinition/store/CredentialDefinitionStoreTestBase.java
@@ -21,6 +21,7 @@
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 
+import java.util.List;
 import java.util.Set;
 import java.util.UUID;
 
@@ -42,6 +43,18 @@ void create() {
         assertThat(query.getContent()).usingRecursiveFieldByFieldElementComparator().containsExactly(credentialDefinition);
     }
 
+    @Test
+    void create_withAdditionalContext() {
+        var credentialDefinition = createCredentialDefinitionBuilder(UUID.randomUUID().toString(), "Membership")
+                .additionalContext(List.of("https://example.com/context1", "https://example.com/context2"))
+                .build();
+        var result = getStore().create(credentialDefinition);
+        assertThat(result).isSucceeded();
+        var query = getStore().query(QuerySpec.max());
+        assertThat(query).isSucceeded();
+        assertThat(query.getContent()).usingRecursiveFieldByFieldElementComparator().containsExactly(credentialDefinition);
+    }
+
     @Test
     void create_whenExists_shouldReturnFailure() {
         var credentialDefinition = createCredentialDefinition();
@@ -236,6 +249,32 @@ void byAttestation() {
                     .containsExactlyInAnyOrder(def1, def2);
         }
 
+        @Test
+        void byAdditionalContext() {
+            var def1 = createCredentialDefinitionBuilder("id1", "Membership")
+                    .additionalContext(List.of("https://example.com/context1", "https://example.com/context2"))
+                    .build();
+            var def2 = createCredentialDefinitionBuilder("id2", "Iso9001Cert")
+                    .additionalContext(List.of("https://example.com/context2", "https://example.com/context3"))
+
+                    .build();
+
+            var r = getStore().create(def1).compose(v -> getStore().create(def2));
+            assertThat(r).isSucceeded();
+
+            var query = QuerySpec.Builder.newInstance()
+                    .filter(new Criterion("additionalContext", "contains", "https://example.com/context1"))
+                    .build();
+
+            var result = getStore().query(query);
+            assertThat(result).isSucceeded();
+
+            assertThat(result.getContent())
+                    .hasSize(1)
+                    .usingRecursiveFieldByFieldElementComparator()
+                    .containsExactlyInAnyOrder(def1);
+        }
+
         @Test
         void byFormats() {
             var def1 = createCredentialDefinitionBuilder("id1", "Membership")

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`{`
`3`	`3`	`"version": "1.0.0-alpha",`
`4`	`4`	`"urlPath": "/v1alpha",`
`5`		`- "lastUpdated": "2026-03-04T15:00:00Z",`
	`5`	`+ "lastUpdated": "2026-03-10T15:00:00Z",`
`6`	`6`	`"maturity": null`
`7`	`7`	`}`
`8`	`8`	`]`
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,10 @@ default String getJsonSchemaUrlColumn() {`
`60`	`60`	`return "json_schema_url";`
`61`	`61`	`}`
`62`	`62`
	`63`	`+ default String getAdditionalContextColumn() {`
	`64`	`+ return "additional_context";`
	`65`	`+ }`
	`66`	`+`
`63`	`67`	`default String getValidityColumn() {`
`64`	`68`	`return "validity";`
`65`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ public class CredentialDefinitionMapping extends TranslationMapping {`
`38`	`38`	`public static final String FIELD_VALIDITY = "validity";`
`39`	`39`	`public static final String FIELD_FORMAT = "format";`
`40`	`40`	`public static final String FIELD_ATTESTATIONS = "attestations";`
	`41`	`+ public static final String FIELD_ADDITIONAL_CONTEXT = "additionalContext";`
`41`	`42`	`public static final String FIELD_RULES = "rules";`
`42`	`43`	`public static final String FIELD_MAPPINGS = "mappings";`
`43`	`44`
`@@ -55,5 +56,7 @@ public CredentialDefinitionMapping(CredentialDefinitionStoreStatements statement`
`55`	`56`	`add(FIELD_ATTESTATIONS, new JsonArrayTranslator(statements.getAttestationsColumn()));`
`56`	`57`	`add(FIELD_RULES, new JsonFieldTranslator(RULES_ALIAS));`
`57`	`58`	`add(FIELD_MAPPINGS, new JsonFieldTranslator(MAPPING_ALIAS));`
	`59`	`+ add(FIELD_ADDITIONAL_CONTEXT, new JsonArrayTranslator(statements.getAdditionalContextColumn()));`
	`60`	`+`
`58`	`61`	`}`
`59`	`62`	`}`