Add verifying of expiration date

[Harasz]

Hi team,
Verifiable Credentials Data Model has a expiration date, from what I can see currently DIDKit is not checking this date during verification. Does it not implemented yet or there is another reason?

[clehner]

Hi @Harasz,
You're correct, it is not checked; currently only the issuer property (or iss JWT claim) is checked, for correspondence with a proof object (or JWS) that verifies. Other VC Data Model properties must be checked by the caller. The analogous exp claim in JWT VCs is checked though. Relevant source code:
https://github.com/spruceid/ssi/blob/351c9238622cf39330297ea4d91931d6dcee0386/src/vc.rs#L2035-L2061
https://github.com/spruceid/ssi/blob/351c9238622cf39330297ea4d91931d6dcee0386/src/vc.rs#L2091-L2159

We're unsure how to go about deciding what additional checks to perform. In VC API there was a "checks" option for the caller to pass what checks to perform (e.g. "proof" and "credentialStatus"), but this was removed: w3c/vc-di-ed25519signature2020-test-suite#3 (but it is still supported in didkit-http for credential status / revocation list checking). So I think we may need to either agree on a new set of default checks, or add back the checks option or similar mechanism.

[Harasz]

Checks option sounds good.