From ae85aabb032338a9dee774e80f054b7b53cd118a Mon Sep 17 00:00:00 2001 From: Mykhailo Sizov Date: Fri, 16 Feb 2024 12:41:26 +0200 Subject: [PATCH] feat: updated authorization request dto Signed-off-by: Mykhailo Sizov --- pkg/openid4ci/interaction.go | 18 ++++++++---- .../issuerinitiatedinteraction_test.go | 12 ++++---- pkg/openid4ci/models.go | 29 +++++++++++++++++-- 3 files changed, 44 insertions(+), 15 deletions(-) diff --git a/pkg/openid4ci/interaction.go b/pkg/openid4ci/interaction.go index 4c5852ea..f4d5d5d1 100644 --- a/pkg/openid4ci/interaction.go +++ b/pkg/openid4ci/interaction.go @@ -153,17 +153,23 @@ func (i *interaction) instantiateCodeVerifier() error { func (i *interaction) generateAuthorizationDetails(format string, types []string) ([]byte, error) { // TODO: Add support for requesting multiple credentials at once (by sending an array). // Currently we always use the first credential type specified in the offer. - authorizationDetails := &authorizationDetails{ - Type: "openid_credential", - Types: types, - Format: format, + authorizationDetailsDTO := &authorizationDetails{ + CredentialConfigurationID: "", + CredentialDefinition: &issuer.CredentialDefinition{ + Context: nil, + CredentialSubject: nil, + Type: types, + }, + Format: format, + Locations: nil, + Type: "openid_credential", } if i.issuerMetadata.AuthorizationServer != "" { - authorizationDetails.Locations = []string{i.issuerMetadata.CredentialIssuer} + authorizationDetailsDTO.Locations = []string{i.issuerMetadata.CredentialIssuer} } - authorizationDetailsBytes, err := json.Marshal(authorizationDetails) + authorizationDetailsBytes, err := json.Marshal(authorizationDetailsDTO) if err != nil { return nil, err } diff --git a/pkg/openid4ci/issuerinitiatedinteraction_test.go b/pkg/openid4ci/issuerinitiatedinteraction_test.go index f3fb342c..a9893d63 100644 --- a/pkg/openid4ci/issuerinitiatedinteraction_test.go +++ b/pkg/openid4ci/issuerinitiatedinteraction_test.go @@ -400,9 +400,9 @@ func TestIssuerInitiatedInteraction_CreateAuthorizationURL(t *testing.T) { authorizationURL, err := interaction.CreateAuthorizationURL("clientID", "redirectURI") require.NoError(t, err) require.Contains(t, authorizationURL, authorizationServerURL+ - "?authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22locations"+ - "%22%3A%5B%22%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22VerifiedEmployee%22%5D%2C%22"+ - "format%22%3A%22jwt_vc_json%22%7D&client_id=clientID") + "?authorization_details=%7B%22credential_definition%22%3A%7B%22type%22%3A%5B%22VerifiableCredential"+ + "%22%2C%22VerifiedEmployee%22%5D%7D%2C%22format%22%3A%22jwt_vc_json%22%2C%22locations%22%3A%5B%22%2"+ + "2%5D%2C%22type%22%3A%22openid_credential%22%7D&client_id=clientID") }) t.Run("Using the OAuth Discoverable Client ID Scheme", func(t *testing.T) { interaction := newIssuerInitiatedInteraction(t, createCredentialOfferIssuanceURI(t, server.URL, true, true)) @@ -411,9 +411,9 @@ func TestIssuerInitiatedInteraction_CreateAuthorizationURL(t *testing.T) { openid4ci.WithOAuthDiscoverableClientIDScheme()) require.NoError(t, err) require.Contains(t, authorizationURL, authorizationServerURL+ - "?authorization_details=%7B%22type%22%3A%22openid_credential%22%2C%22locations"+ - "%22%3A%5B%22%22%5D%2C%22types%22%3A%5B%22VerifiableCredential%22%2C%22VerifiedEmployee%22%5D%2C%22"+ - "format%22%3A%22jwt_vc_json%22%7D&client_id=clientID") + "?authorization_details=%7B%22credential_definition%22%3A%7B%22type%22%3A%5B%22VerifiableCredential"+ + "%22%2C%22VerifiedEmployee%22%5D%7D%2C%22format%22%3A%22jwt_vc_json%22%2C%22locations%22%3A%5B%22%2"+ + "2%5D%2C%22type%22%3A%22openid_credential%22%7D&client_id=clientID") }) }) t.Run("Fail to get issuer metadata", func(t *testing.T) { diff --git a/pkg/openid4ci/models.go b/pkg/openid4ci/models.go index db1092b3..69a376f5 100644 --- a/pkg/openid4ci/models.go +++ b/pkg/openid4ci/models.go @@ -9,6 +9,8 @@ package openid4ci import ( "encoding/json" "time" + + "github.com/trustbloc/wallet-sdk/pkg/models/issuer" ) // CredentialOffer represents the Credential Offer object as defined in @@ -32,11 +34,32 @@ type AuthorizeResult struct { UserPINRequired bool } +// authorizationDetails is a model to convey the details about the Credentials the Client wants to obtain. type authorizationDetails struct { - Type string `json:"type,omitempty"` + // REQUIRED when Format parameter is not present. + // String specifying a unique identifier of the Credential being described in the + // credential_configurations_supported map in the Credential Issuer Metadata. + // The referenced object in the credential_configurations_supported map conveys the details, + // such as the format, for issuance of the requested Credential. + // It MUST NOT be present if format parameter is present. + CredentialConfigurationID string `json:"credential_configuration_id,omitempty"` + + // Object containing the detailed description of the credential type. + CredentialDefinition *issuer.CredentialDefinition `json:"credential_definition,omitempty"` + + // REQUIRED when CredentialConfigurationID parameter is not present. + // String identifying the format of the Credential the Wallet needs. + // This Credential format identifier determines further claims in the authorization details object needed + // to identify the Credential type in the requested format. + // It MUST NOT be present if credential_configuration_id parameter is present. + Format string `json:"format,omitempty"` + + // An array of strings that allows a client to specify the location of the resource server(s) + // allowing the Authorization Server to mint audience restricted access tokens. Locations []string `json:"locations,omitempty"` - Types []string `json:"types,omitempty"` - Format string `json:"format,omitempty"` + + // String that determines the authorization details type. MUST be set to "openid_credential" for OIDC4VC. + Type string `json:"type"` } // OpenIDConfig represents an issuer's OpenID configuration.