From 5d18d2878c740a90cc16581decc4167ffe05c0a8 Mon Sep 17 00:00:00 2001
From: Andrii Holovko <andriy.holovko@gmail.com>
Date: Fri, 16 Feb 2024 11:57:37 +0200
Subject: [PATCH] feat(sdk): update credential offer params to spec version ID1
 (#728)

* feat(sdk): update Credential Issuer Configuration to ID1 (#724)

feat: update Credential Issuer Configuration to ID1

Signed-off-by: Mykhailo Sizov <mykhailo.sizov@securekey.com>

* feat(sdk): update credential offer params to ID1

Signed-off-by: Andrii Holovko <andriy.holovko@gmail.com>

---------

Signed-off-by: Mykhailo Sizov <mykhailo.sizov@securekey.com>
Signed-off-by: Andrii Holovko <andriy.holovko@gmail.com>
Co-authored-by: mishasizov-SK <109598497+mishasizov-SK@users.noreply.github.com>
---
 .../testdata/sample_credential_offer.json     |  6 ++-
 pkg/openid4ci/grants.go                       | 45 ++++++++++++++-----
 pkg/openid4ci/issuerinitiatedinteraction.go   |  2 +-
 .../testdata/sample_credential_offer.json     |  6 ++-
 4 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/cmd/wallet-sdk-gomobile/openid4ci/testdata/sample_credential_offer.json b/cmd/wallet-sdk-gomobile/openid4ci/testdata/sample_credential_offer.json
index 0604dc8b..81c99b50 100644
--- a/cmd/wallet-sdk-gomobile/openid4ci/testdata/sample_credential_offer.json
+++ b/cmd/wallet-sdk-gomobile/openid4ci/testdata/sample_credential_offer.json
@@ -12,7 +12,11 @@
   "grants":{
     "urn:ietf:params:oauth:grant-type:pre-authorized_code":{
       "pre-authorized_code":"8e557518-bbb1-4483-9490-d80f4f54f3361677012959367644351",
-      "user_pin_required":true
+      "tx_code":{
+        "length": 4,
+        "input_mode": "numeric",
+        "description": "Please provide the one-time code that was sent via e-mail"
+      }
     }
   }
 }
\ No newline at end of file
diff --git a/pkg/openid4ci/grants.go b/pkg/openid4ci/grants.go
index dfb4f05f..b9574fa5 100644
--- a/pkg/openid4ci/grants.go
+++ b/pkg/openid4ci/grants.go
@@ -11,12 +11,19 @@ import "errors"
 // PreAuthorizedCodeGrantParams represents an issuer's pre-authorized code grant parameters.
 type PreAuthorizedCodeGrantParams struct {
 	preAuthorizedCode string
-	userPINRequired   bool
+	txCode            *TxCode
+}
+
+// TxCode is a code intended to bind the pre-authorized code to a certain transaction to prevent replay attack.
+type TxCode struct {
+	inputMode   string
+	length      int
+	description string
 }
 
 // PINRequired indicates whether the issuer requires a PIN.
 func (p *PreAuthorizedCodeGrantParams) PINRequired() bool {
-	return p.userPINRequired
+	return p.txCode != nil
 }
 
 // AuthorizationCodeGrantParams represents an issuer's authorization code grant parameters.
@@ -69,19 +76,37 @@ func processPreAuthorizedCodeGrantParams(rawParams map[string]interface{}) (*Pre
 		return nil, errors.New("pre-authorized_code field value is not a bool")
 	}
 
-	var userPINRequired bool
+	var txCode *TxCode
 
-	userPINRequiredUntyped, exists := rawParams["user_pin_required"]
-	if exists { // userPINRequired is supposed to default to false if user_pin_required isn't specified.
-		var ok bool
+	txCodeUntyped, exists := rawParams["tx_code"]
+	if exists {
+		var m map[string]interface{}
 
-		userPINRequired, ok = userPINRequiredUntyped.(bool)
-		if !ok {
-			return nil, errors.New("user-pin-required field value is not a bool")
+		if m, ok = txCodeUntyped.(map[string]interface{}); !ok {
+			return nil, errors.New("tx_code is not a valid json object")
+		}
+
+		txCode = &TxCode{}
+
+		var (
+			inputMode, description string
+			length                 float64
+		)
+
+		if inputMode, ok = m["input_mode"].(string); ok {
+			txCode.inputMode = inputMode
+		}
+
+		if length, ok = m["length"].(float64); ok {
+			txCode.length = int(length)
+		}
+
+		if description, ok = m["description"].(string); ok {
+			txCode.description = description
 		}
 	}
 
-	return &PreAuthorizedCodeGrantParams{preAuthorizedCode: preAuthorizedCode, userPINRequired: userPINRequired}, nil
+	return &PreAuthorizedCodeGrantParams{preAuthorizedCode: preAuthorizedCode, txCode: txCode}, nil
 }
 
 func processAuthorizationCodeGrantParams(rawParams map[string]interface{}) (*AuthorizationCodeGrantParams, error) {
diff --git a/pkg/openid4ci/issuerinitiatedinteraction.go b/pkg/openid4ci/issuerinitiatedinteraction.go
index 5a67d0d3..b3f8f656 100644
--- a/pkg/openid4ci/issuerinitiatedinteraction.go
+++ b/pkg/openid4ci/issuerinitiatedinteraction.go
@@ -409,7 +409,7 @@ func (i *IssuerInitiatedInteraction) getPreAuthTokenResponse(pin, tokenEndpoint
 	params.Add("pre-authorized_code", i.preAuthorizedCodeGrantParams.preAuthorizedCode)
 
 	if pin != "" {
-		params.Add("user_pin", pin)
+		params.Add("tx_code", pin)
 	}
 
 	paramsReader := strings.NewReader(params.Encode())
diff --git a/pkg/openid4ci/testdata/sample_credential_offer.json b/pkg/openid4ci/testdata/sample_credential_offer.json
index 0604dc8b..81c99b50 100644
--- a/pkg/openid4ci/testdata/sample_credential_offer.json
+++ b/pkg/openid4ci/testdata/sample_credential_offer.json
@@ -12,7 +12,11 @@
   "grants":{
     "urn:ietf:params:oauth:grant-type:pre-authorized_code":{
       "pre-authorized_code":"8e557518-bbb1-4483-9490-d80f4f54f3361677012959367644351",
-      "user_pin_required":true
+      "tx_code":{
+        "length": 4,
+        "input_mode": "numeric",
+        "description": "Please provide the one-time code that was sent via e-mail"
+      }
     }
   }
 }
\ No newline at end of file