statusListCredential - Could not detect credential payload type

[andrej-zirko-acn]

Hi,
I got the following validation error:

• Could not detect credential payload type - https://rwa.uwidev.udisp8.di-uisp-accenture.com/acnid.a7ee508a-1020-427e-9c0a-ed4739a49a52.credential-status.dde4729ecfe76886324ae507e85e0f871d045f119152668f6d422a6c99ff2f20 [undefined,undefined]

It seems the validator expects JSON/JSON-LD for statusListCredential attribute. However the BitStringStatusList specification allows also JWT. I also haven't found anything in the OpenBadge specification preventing the use of JWT for the status list credential.

Is this limitation of the validator itself or have I overlooked something in the specification?

Thank you,
Andrej

[xaviaracil]

The validator runs a CredentialParseProbe (

digital-credentials-public-validator/inspector-vc/src/main/java/org/oneedtech/inspect/vc/BitstringStatusListCredentialInspector.java

Line 66 in cb11130

accumulator.add(new CredentialParseProbe().run(resource, ctx));

) that identifies the payload type, supporting JSON, JTW, and images. There should be an issue there that prevents the detector from identifying the type.

[xaviaracil]

@andrej-zirko-acn The validator can't determine the payload type because it can't match the HTTP request's content-type (application/octet-stream) to any recognized content-type (application/ld+json, application/json, text/plain):

curl -v -H 'Accept: application/ld+json, application/json, text/plain' "https://rwa.uwidev.udisp8.di-uisp-accenture.com/acnid.a7ee508a-1020-427e-9c0a-ed4739a49a52.credential-status.dde4729ecfe76886324ae507e85e0f871d045f119152668f6d422a6c99ff2f20":

* Host rwa.uwidev.udisp8.di-uisp-accenture.com:443 was resolved.
* IPv6: (none)
* IPv4: 18.172.226.27, 18.172.226.28, 18.172.226.37, 18.172.226.109
*   Trying 18.172.226.27:443...
* Connected to rwa.uwidev.udisp8.di-uisp-accenture.com (18.172.226.27) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES128-GCM-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=rwa.uwidev.udisp8.di-uisp-accenture.com
*  start date: Jul 10 00:00:00 2025 GMT
*  expire date: Aug  8 23:59:59 2026 GMT
*  subjectAltName: host "rwa.uwidev.udisp8.di-uisp-accenture.com" matched cert's "rwa.uwidev.udisp8.di-uisp-accenture.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://rwa.uwidev.udisp8.di-uisp-accenture.com/acnid.a7ee508a-1020-427e-9c0a-ed4739a49a52.credential-status.dde4729ecfe76886324ae507e85e0f871d045f119152668f6d422a6c99ff2f20
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: rwa.uwidev.udisp8.di-uisp-accenture.com]
* [HTTP/2] [1] [:path: /acnid.a7ee508a-1020-427e-9c0a-ed4739a49a52.credential-status.dde4729ecfe76886324ae507e85e0f871d045f119152668f6d422a6c99ff2f20]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: application/ld+json, application/json, text/plain]
> GET /acnid.a7ee508a-1020-427e-9c0a-ed4739a49a52.credential-status.dde4729ecfe76886324ae507e85e0f871d045f119152668f6d422a6c99ff2f20 HTTP/2
> Host: rwa.uwidev.udisp8.di-uisp-accenture.com
> User-Agent: curl/8.7.1
> Accept: application/ld+json, application/json, text/plain
> 
* Request completely sent off
< HTTP/2 200 
< content-type: application/octet-stream
< content-length: 1612
< last-modified: Fri, 13 Mar 2026 10:28:33 GMT
< x-amz-server-side-encryption: AES256
< accept-ranges: bytes
< server: AmazonS3
< date: Thu, 19 Mar 2026 12:14:12 GMT
< etag: "458433cd69f302e1737337d81973964b"
< x-cache: RefreshHit from cloudfront
< via: 1.1 75b9bdd59371b81ea5dc267da9de4d44.cloudfront.net (CloudFront)
< x-amz-cf-pop: BCN50-P2
< x-amz-cf-id: 2L-cCHg-u3hood_jAhtADWdTy0i0utWNQom8YlPA2GkcKYMDSwEniQ==
< 
* Connection #0 to host rwa.uwidev.udisp8.di-uisp-accenture.com left intact
eyJhbGciOiJFUzI1NiIsImtpZCI6IkRPQ29JX1d2UFlqZmhLalAyT3NpTFp5TXlCS0NFSTVBUkRPWEhVXzFXa2MifQ.eyJpc3MiOiJcImRpZDp3ZWI6ZGlkLnV3aWRldi51ZGlzcDguZGktdWlzcC1hY2NlbnR1cmUuY29tOnRlbmFudHM6ZTg3MjJiNzgtMTdhYi00MDc1LTgwZjUtYWYzYWUxNjg4ODNmXCIiLCJzdWIiOiJcImRpZDp3ZWI6ZGlkLnV3aWRldi51ZGlzcDguZGktdWlzcC1hY2NlbnR1cmUuY29tOnRlbmFudHM6ZTg3MjJiNzgtMTdhYi00MDc1LTgwZjUtYWYzYWUxNjg4ODNmXCIiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL3J3YS51d2lkZXYudWRpc3A4LmRpLXVpc3AtYWNjZW50dXJlLmNvbS9hY25pZC5hN2VlNTA4YS0xMDIwLTQyN2UtOWMwYS1lZDQ3MzlhNDlhNTIuY3JlZGVudGlhbC1zdGF0dXMuZGRlNDcyOWVjZmU3Njg4NjMyNGFlNTA3ZTg1ZTBmODcxZDA0NWYxMTkxNTI2NjhmNmQ0MjJhNmM5OWZmMmYyMCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJCaXRzdHJpbmdTdGF0dXNMaXN0Q3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRpZC51d2lkZXYudWRpc3A4LmRpLXVpc3AtYWNjZW50dXJlLmNvbTp0ZW5hbnRzOmU4NzIyYjc4LTE3YWItNDA3NS04MGY1LWFmM2FlMTY4ODgzZiIsInZhbGlkRnJvbSI6IjIwMjYtMDMtMTNUMTA6Mjg6MzIuMTYwODc2NjQyWiIsInZhbGlkVW50aWwiOiIyMDM2LTAzLTEzVDEwOjI4OjMyLjE2MDg3Njc4MVoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImFjbmlkLmE3ZWU1MDhhLTEwMjAtNDI3ZS05YzBhLWVkNDczOWE0OWE1Mi5jcmVkZW50aWFsLXN0YXR1cy5kZGU0NzI5ZWNmZTc2ODg2MzI0YWU1MDdlODVlMGY4NzFkMDQ1ZjExOTE1MjY2OGY2ZDQyMmE2Yzk5ZmYyZjIwIiwidHlwZSI6IkJpdHN0cmluZ1N0YXR1c0xpc3QiLCJzdGF0dXNQdXJwb3NlIjoicmV2b2NhdGlvbiIsImVuY29kZWRMaXN0IjoidUg0c0lBQUFBQUFBQV8tM0JBUUVBQUFDQWtQNnY3Z2dLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFCaW1fQjhCQUlBQUFBIn19fQ.PcTq2QILzmKVTp6Z9E6kKikwuPXje9HgOrW5GrYpiOziOsNS5GAvrAZpoHxqI9SGCEe7wVgH1eOQZ8LS3YZJwQ%