feat: add ack endpoint OIDC4VP

Signed-off-by: Misha Sizov <[email protected]>

cmd/vc-rest/startcmd/start.go

@@ -884,12 +884,6 @@ func buildEchoHandler(
 		IssuerVCSPublicHost: conf.StartupParameters.apiGatewayURL,
 	}))
 
-	oidc4vpv1.RegisterHandlers(e, oidc4vpv1.NewController(&oidc4vpv1.Config{
-		HTTPClient:      getHTTPClient(metricsProvider.ClientOIDC4PV1),
-		ExternalHostURL: conf.StartupParameters.hostURLExternal, // use host external as this url will be called internally
-		Tracer:          conf.Tracer,
-	}))
-
 	issuerv1.RegisterHandlers(e, issuerv1.NewController(&issuerv1.Config{
 		EventSvc:                       eventSvc,
 		EventTopic:                     conf.StartupParameters.issuerEventTopic,
@@ -1008,6 +1002,12 @@ func buildEchoHandler(
 
 	verifierv1.RegisterHandlers(e, verifierController)
 
+	oidc4vpv1.RegisterHandlers(e, oidc4vpv1.NewController(&oidc4vpv1.Config{
+		HTTPClient:      getHTTPClient(metricsProvider.ClientOIDC4PV1),
+		ExternalHostURL: conf.StartupParameters.hostURLExternal, // use host external as this url will be called internally
+		Tracer:          conf.Tracer,
+	}))
+
 	didConfigSvc := didconfiguration.New(&didconfiguration.Config{
 		VerifierProfileService: verifierProfileSvc,
 		IssuerProfileService:   issuerProfileSvc,

component/wallet-cli/pkg/oidc4vp/oidc4vp_flow.go

@@ -195,6 +195,19 @@ func (f *Flow) Run(ctx context.Context) error {
 
 	vps, presentationSubmission, err := f.queryWallet(&pd, requestObject.ClientMetadata.VPFormats)
 	if err != nil {
+		if strings.Contains(err.Error(), "no matching credentials found") {
+			// Send wallet notification no_match_found.
+			v := url.Values{}
+
+			v.Add("error", "access_denied")
+			v.Add("error_description", "no_match_found")
+			v.Add("state", requestObject.State)
+
+			if e := f.postAuthorizationResponse(ctx, requestObject.ResponseURI, []byte(v.Encode())); e != nil {
+				slog.Error("failed to send wallet notification", "err", e)
+			}
+		}
+
 		return fmt.Errorf("query wallet: %w", err)
 	}
 

docs/v1/openapi.yaml

@@ -230,9 +230,9 @@ paths:
         '200':
           description: OK
           content:
-              application/json:
-                schema:
-                  $ref: '#/components/schemas/GetRefreshedCredentialResp'
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GetRefreshedCredentialResp'
     get:
       summary: Get refresh status for credential.
       parameters:
@@ -601,10 +601,20 @@ paths:
               properties:
                 id_token:
                   type: string
+                  nullable: true
                   description: ID Token serves as an authentication receipt and includes metadata about the VP Token.
                 vp_token:
                   type: string
+                  nullable: true
                   description: VP Token includes one or more Verifiable Presentations.
+                error:
+                  type: string
+                  nullable: true
+                  description: Authorization response error code
+                error_description:
+                  type: string
+                  nullable: true
+                  description: Authorization response error description
                 state:
                   type: string
                   description: State from authorization request for correlation
@@ -915,10 +925,20 @@ paths:
               properties:
                 id_token:
                   type: string
+                  nullable: true
                   description: ID Token serves as an authentication receipt and includes metadata about the VP Token.
                 vp_token:
                   type: string
+                  nullable: true
                   description: VP Token includes one or more Verifiable Presentations.
+                error:
+                  type: string
+                  nullable: true
+                  description: Authorization response error code
+                error_description:
+                  type: string
+                  nullable: true
+                  description: Authorization response error description
                 state:
                   type: string
                   description: State from authorization request for correlation
@@ -1629,7 +1649,7 @@ components:
       required:
         - verifiable_presentation
       x-tags:
-          - refresh
+        - refresh
     GetRefreshedCredentialResp:
       title: GetRefreshedCredentialResp
       type: object
@@ -1640,7 +1660,7 @@ components:
           anyOf:
             - { }
       x-tags:
-          - refresh
+        - refresh
       required:
         - verifiable_credential
     DeprecatedComposeOIDC4CICredential:
@@ -2547,4 +2567,4 @@ components:
         - alg_values_supported
         - enc_values_supported
         - encryption_required
-  securitySchemes: {}
+  securitySchemes: {}

pkg/event/spi/spi.go

@@ -39,6 +39,10 @@ const (
 	VerifierOIDCInteractionFailed          EventType = "verifier.oidc-interaction-failed.v1"
 	VerifierOIDCInteractionClaimsRetrieved EventType = "verifier.oidc-interaction-claims-retrieved.v1"
 
+	VerifierOIDCInteractionNoConsent    EventType = "verifier.oidc-interaction-no-consent.v1"
+	VerifierOIDCInteractionNoMatchFound EventType = "verifier.oidc-interaction-no-match-found.v1"
+	VerifierOIDCInteractionExpired      EventType = "verifier.oidc-interaction-expired.v1"
+
 	// IssuerOIDCInteractionInitiated Issuer oidc event.
 	IssuerOIDCInteractionInitiated EventType = "issuer.oidc-interaction-initiated.v1"
 	// IssuerOIDCInteractionQRScanned Issuer oidc event.

pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper.go

@@ -97,3 +97,13 @@ func (w *Wrapper) DeleteClaims(ctx context.Context, claimsID string) error {
 
 	return w.svc.DeleteClaims(ctx, claimsID)
 }
+
+func (w *Wrapper) HandleWalletNotification(ctx context.Context, req *oidc4vp.WalletNotification) error {
+	ctx, span := w.tracer.Start(ctx, "oidc4vp.HandleWalletNotification")
+	defer span.End()
+
+	span.SetAttributes(attribute.String("tx_id", string(req.TxID)))
+	span.SetAttributes(attribute.String("event", req.Error))
+
+	return w.svc.HandleWalletNotification(ctx, req)
+}

pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper_test.go

@@ -11,6 +11,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/google/uuid"
+
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 	"github.com/trustbloc/vc-go/presexch"
@@ -76,3 +78,20 @@ func TestWrapper_DeleteClaims(t *testing.T) {
 
 	_ = w.DeleteClaims(context.Background(), "claimsID")
 }
+
+func TestWrapper_HandleWalletNotification(t *testing.T) {
+	ctrl := gomock.NewController(t)
+
+	ack := &oidc4vp.WalletNotification{
+		TxID:             oidc4vp.TxID(uuid.NewString()),
+		Error:            uuid.NewString(),
+		ErrorDescription: uuid.NewString(),
+	}
+
+	svc := NewMockService(ctrl)
+	svc.EXPECT().HandleWalletNotification(gomock.Any(), ack).Times(1)
+
+	w := Wrap(svc, nooptracer.NewTracerProvider().Tracer(""))
+
+	_ = w.HandleWalletNotification(context.Background(), ack)
+}

pkg/restapi/v1/oidc4ci/controller.go

@@ -129,10 +129,7 @@ type CwtProofChecker interface {
 }
 
 type AckService interface {
-	Ack(
-		ctx context.Context,
-		req oidc4ci.AckRemote,
-	) error
+	Ack(ctx context.Context, req oidc4ci.AckRemote) error
 }
 
 type LDPProofParser interface {
@@ -623,7 +620,7 @@ func mustGenerateNonce() string {
 	return base64.URLEncoding.EncodeToString(b)
 }
 
-// OidcAcknowledgement handles OIDC acknowledgement request (POST /oidc/notification).
+// OidcAcknowledgement handles OIDC4CI acknowledgement request (POST /oidc/notification).
 func (c *Controller) OidcAcknowledgement(e echo.Context) error {
 	req := e.Request()
 

pkg/restapi/v1/oidc4vp/controller.go

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 */
 
 //go:generate oapi-codegen --config=openapi.cfg.yaml ../../../../docs/v1/openapi.yaml
-//go:generate mockgen -destination controller_mocks_test.go -self_package mocks -package oidc4vp_test . HTTPClient
+//go:generate mockgen -destination controller_mocks_test.go -self_package mocks -package oidc4vp_test -source=controller.go -mock_names httpClient=MockHTTPClient
 
 package oidc4vp