Skip to content

Commit

Permalink
feat: add ack endpoint OIDC4VP
Browse files Browse the repository at this point in the history
Signed-off-by: Misha Sizov <[email protected]>
  • Loading branch information
mishasizov-SK committed Aug 19, 2024
1 parent c2d189f commit a1a95dc
Show file tree
Hide file tree
Showing 23 changed files with 1,002 additions and 684 deletions.
392 changes: 196 additions & 196 deletions api/spec/openapi.gen.go

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions cmd/vc-rest/startcmd/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -884,12 +884,6 @@ func buildEchoHandler(
IssuerVCSPublicHost: conf.StartupParameters.apiGatewayURL,
}))

oidc4vpv1.RegisterHandlers(e, oidc4vpv1.NewController(&oidc4vpv1.Config{
HTTPClient: getHTTPClient(metricsProvider.ClientOIDC4PV1),
ExternalHostURL: conf.StartupParameters.hostURLExternal, // use host external as this url will be called internally
Tracer: conf.Tracer,
}))

issuerv1.RegisterHandlers(e, issuerv1.NewController(&issuerv1.Config{
EventSvc: eventSvc,
EventTopic: conf.StartupParameters.issuerEventTopic,
Expand Down Expand Up @@ -1008,6 +1002,12 @@ func buildEchoHandler(

verifierv1.RegisterHandlers(e, verifierController)

oidc4vpv1.RegisterHandlers(e, oidc4vpv1.NewController(&oidc4vpv1.Config{
HTTPClient: getHTTPClient(metricsProvider.ClientOIDC4PV1),
ExternalHostURL: conf.StartupParameters.hostURLExternal, // use host external as this url will be called internally
Tracer: conf.Tracer,
}))

didConfigSvc := didconfiguration.New(&didconfiguration.Config{
VerifierProfileService: verifierProfileSvc,
IssuerProfileService: issuerProfileSvc,
Expand Down
1 change: 1 addition & 0 deletions component/wallet-cli/pkg/oidc4vp/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ type ClientMetadata struct {
ClientPurpose string `json:"client_purpose"`
SubjectSyntaxTypesSupported []string `json:"subject_syntax_types_supported"`
VPFormats *presexch.Format `json:"vp_formats"`
NotificationEndpoint string `json:"notification_endpoint"`
}

type Claims = map[string]interface{}
Expand Down
13 changes: 13 additions & 0 deletions component/wallet-cli/pkg/oidc4vp/oidc4vp_flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,19 @@ func (f *Flow) Run(ctx context.Context) error {

vps, presentationSubmission, err := f.queryWallet(&pd, requestObject.ClientMetadata.VPFormats)
if err != nil {
if strings.Contains(err.Error(), "no matching credentials found") {
// Send wallet notification no_match_found.
v := url.Values{}

v.Add("error", "access_denied")
v.Add("error_description", "no_match_found")
v.Add("state", requestObject.State)

if e := f.postAuthorizationResponse(ctx, requestObject.ResponseURI, []byte(v.Encode())); e != nil {
slog.Error("failed to send wallet notification", "err", e)
}
}

return fmt.Errorf("query wallet: %w", err)
}

Expand Down
32 changes: 26 additions & 6 deletions docs/v1/openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -230,9 +230,9 @@ paths:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/GetRefreshedCredentialResp'
application/json:
schema:
$ref: '#/components/schemas/GetRefreshedCredentialResp'
get:
summary: Get refresh status for credential.
parameters:
Expand Down Expand Up @@ -601,10 +601,20 @@ paths:
properties:
id_token:
type: string
nullable: true
description: ID Token serves as an authentication receipt and includes metadata about the VP Token.
vp_token:
type: string
nullable: true
description: VP Token includes one or more Verifiable Presentations.
error:
type: string
nullable: true
description: Authorization response error code
error_description:
type: string
nullable: true
description: Authorization response error description
state:
type: string
description: State from authorization request for correlation
Expand Down Expand Up @@ -915,10 +925,20 @@ paths:
properties:
id_token:
type: string
nullable: true
description: ID Token serves as an authentication receipt and includes metadata about the VP Token.
vp_token:
type: string
nullable: true
description: VP Token includes one or more Verifiable Presentations.
error:
type: string
nullable: true
description: Authorization response error code
error_description:
type: string
nullable: true
description: Authorization response error description
state:
type: string
description: State from authorization request for correlation
Expand Down Expand Up @@ -1629,7 +1649,7 @@ components:
required:
- verifiable_presentation
x-tags:
- refresh
- refresh
GetRefreshedCredentialResp:
title: GetRefreshedCredentialResp
type: object
Expand All @@ -1640,7 +1660,7 @@ components:
anyOf:
- { }
x-tags:
- refresh
- refresh
required:
- verifiable_credential
DeprecatedComposeOIDC4CICredential:
Expand Down Expand Up @@ -2547,4 +2567,4 @@ components:
- alg_values_supported
- enc_values_supported
- encryption_required
securitySchemes: {}
securitySchemes: {}
4 changes: 4 additions & 0 deletions pkg/event/spi/spi.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ const (
VerifierOIDCInteractionFailed EventType = "verifier.oidc-interaction-failed.v1"
VerifierOIDCInteractionClaimsRetrieved EventType = "verifier.oidc-interaction-claims-retrieved.v1"

VerifierOIDCInteractionNoConsent EventType = "verifier.oidc-interaction-no-consent.v1"
VerifierOIDCInteractionNoMatchFound EventType = "verifier.oidc-interaction-no-match-found.v1"
VerifierOIDCInteractionExpired EventType = "verifier.oidc-interaction-expired.v1"

// IssuerOIDCInteractionInitiated Issuer oidc event.
IssuerOIDCInteractionInitiated EventType = "issuer.oidc-interaction-initiated.v1"
// IssuerOIDCInteractionQRScanned Issuer oidc event.
Expand Down
2 changes: 1 addition & 1 deletion pkg/kms/aws/service_mocks.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

112 changes: 8 additions & 104 deletions pkg/kms/mocks/kms_mocks.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,13 @@ func (w *Wrapper) DeleteClaims(ctx context.Context, claimsID string) error {

return w.svc.DeleteClaims(ctx, claimsID)
}

func (w *Wrapper) HandleWalletNotification(ctx context.Context, req *oidc4vp.WalletNotification) error {
ctx, span := w.tracer.Start(ctx, "oidc4vp.HandleWalletNotification")
defer span.End()

span.SetAttributes(attribute.String("tx_id", string(req.TxID)))
span.SetAttributes(attribute.String("event", req.Error))

return w.svc.HandleWalletNotification(ctx, req)
}
19 changes: 19 additions & 0 deletions pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ import (
"context"
"testing"

"github.com/google/uuid"

"github.com/golang/mock/gomock"
"github.com/stretchr/testify/require"
"github.com/trustbloc/vc-go/presexch"
Expand Down Expand Up @@ -76,3 +78,20 @@ func TestWrapper_DeleteClaims(t *testing.T) {

_ = w.DeleteClaims(context.Background(), "claimsID")
}

func TestWrapper_HandleWalletNotification(t *testing.T) {
ctrl := gomock.NewController(t)

ack := &oidc4vp.WalletNotification{
TxID: oidc4vp.TxID(uuid.NewString()),
Error: uuid.NewString(),
ErrorDescription: uuid.NewString(),
}

svc := NewMockService(ctrl)
svc.EXPECT().HandleWalletNotification(gomock.Any(), ack).Times(1)

w := Wrap(svc, nooptracer.NewTracerProvider().Tracer(""))

_ = w.HandleWalletNotification(context.Background(), ack)
}
7 changes: 2 additions & 5 deletions pkg/restapi/v1/oidc4ci/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,7 @@ type CwtProofChecker interface {
}

type AckService interface {
Ack(
ctx context.Context,
req oidc4ci.AckRemote,
) error
Ack(ctx context.Context, req oidc4ci.AckRemote) error
}

type LDPProofParser interface {
Expand Down Expand Up @@ -623,7 +620,7 @@ func mustGenerateNonce() string {
return base64.URLEncoding.EncodeToString(b)
}

// OidcAcknowledgement handles OIDC acknowledgement request (POST /oidc/notification).
// OidcAcknowledgement handles OIDC4CI acknowledgement request (POST /oidc/notification).
func (c *Controller) OidcAcknowledgement(e echo.Context) error {
req := e.Request()

Expand Down
2 changes: 1 addition & 1 deletion pkg/restapi/v1/oidc4vp/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
*/

//go:generate oapi-codegen --config=openapi.cfg.yaml ../../../../docs/v1/openapi.yaml
//go:generate mockgen -destination controller_mocks_test.go -self_package mocks -package oidc4vp_test . HTTPClient
//go:generate mockgen -destination controller_mocks_test.go -self_package mocks -package oidc4vp_test -source=controller.go -mock_names httpClient=MockHTTPClient

package oidc4vp

Expand Down
Loading

0 comments on commit a1a95dc

Please sign in to comment.