Hey everyone! 
Wanted to share that JWSETKit now has full SD-JWT (Selective Disclosure JWT) support, implementing RFC 9901.
What's SD-JWT? It lets you issue credentials where users can selectively reveal only the claims they need that is great for privacy-preserving identity use cases like digital wallets (e.g. European Digital Identity), verifiable credentials (e.g. SD-JWT VC draft and W3C VC), and OIDC flows.
Quick example:
import JWSETKit
// Issuer: Create SD-JWT with selective claims
let claims = try JSONWebTokenClaims {
$0.issuer = "https://issuer.example.com"
$0.subject = "user123"
$0.givenName = "John"
$0.familyName = "Doe"
$0.email = "john@example.com"
}
let sdJWT = try JSONWebSelectiveDisclosureToken(
claims: claims,
policy: .standard,
using: issuerKey
)
// Holder: Present only what's needed
let presentation = try sdJWT.presenting(paths: ["/email"])
// Verifier: Validate and access presented disclosed claims
try presentation.verifySignature(using: issuerPublicKey)
let disclosed = try presentation.disclosedPayload
let email = disclosed.email
If you're already using JWSETKit for JWT/JWS/JWE, SD-JWT fits right in with the same patterns.
For those unfamiliar, JWSETKit is a full JOSE implementation with native CryptoKit support. We went through the SSWG review process and have been iterating based on that feedback (now using swift-crypto exclusively).
Links:
Questions and feedback welcome!