From 39bde8f835a96509727f54cbdf2d4db9fa08df8b Mon Sep 17 00:00:00 2001 From: Timo Glastra Date: Wed, 13 Mar 2024 20:40:24 +0100 Subject: [PATCH] fix: use seconds for all expires in values Signed-off-by: Timo Glastra --- .../callback-example/lib/__tests__/issuerCallback.spec.ts | 2 +- packages/client/lib/__tests__/SdJwt.spec.ts | 2 +- packages/issuer-rest/lib/__tests__/ClientIssuerIT.spec.ts | 2 +- .../issuer-rest/lib/__tests__/IssuerTokenServer.spec.ts | 8 ++++---- packages/issuer-rest/lib/oid4vci-api-functions.ts | 4 ++-- packages/issuer/lib/VcIssuer.ts | 7 ++----- packages/issuer/lib/__tests__/VcIssuer.spec.ts | 2 +- packages/issuer/lib/tokens/index.ts | 3 ++- 8 files changed, 14 insertions(+), 16 deletions(-) diff --git a/packages/callback-example/lib/__tests__/issuerCallback.spec.ts b/packages/callback-example/lib/__tests__/issuerCallback.spec.ts index be47ffa6..5a27a7bf 100644 --- a/packages/callback-example/lib/__tests__/issuerCallback.spec.ts +++ b/packages/callback-example/lib/__tests__/issuerCallback.spec.ts @@ -267,7 +267,7 @@ describe('issuerCallback', () => { expect(credentialResponse).toEqual({ c_nonce: expect.any(String), - c_nonce_expires_in: 300000, + c_nonce_expires_in: 300, credential: { '@context': ['https://www.w3.org/2018/credentials/v1', 'https://w3id.org/security/suites/ed25519-2020/v1'], credentialSubject: { diff --git a/packages/client/lib/__tests__/SdJwt.spec.ts b/packages/client/lib/__tests__/SdJwt.spec.ts index bb02c364..01629035 100644 --- a/packages/client/lib/__tests__/SdJwt.spec.ts +++ b/packages/client/lib/__tests__/SdJwt.spec.ts @@ -153,7 +153,7 @@ describe('sd-jwt vc', () => { expect(credentials).toEqual({ c_nonce: 'new-c-nonce', - c_nonce_expires_in: 300000, + c_nonce_expires_in: 300, credential: 'sd-jwt', format: 'vc+sd-jwt', }); diff --git a/packages/issuer-rest/lib/__tests__/ClientIssuerIT.spec.ts b/packages/issuer-rest/lib/__tests__/ClientIssuerIT.spec.ts index 229b4388..034b7a2b 100644 --- a/packages/issuer-rest/lib/__tests__/ClientIssuerIT.spec.ts +++ b/packages/issuer-rest/lib/__tests__/ClientIssuerIT.spec.ts @@ -327,7 +327,7 @@ describe('VcIssuer', () => { proofCallbacks: { signCallback: proofOfPossessionCallbackFunction }, }) expect(credentialResponse).toMatchObject({ - c_nonce_expires_in: 300000, + c_nonce_expires_in: 300, credential: { '@context': ['https://www.w3.org/2018/credentials/v1'], credentialSubject: {}, diff --git a/packages/issuer-rest/lib/__tests__/IssuerTokenServer.spec.ts b/packages/issuer-rest/lib/__tests__/IssuerTokenServer.spec.ts index fde3285a..c5c7e759 100644 --- a/packages/issuer-rest/lib/__tests__/IssuerTokenServer.spec.ts +++ b/packages/issuer-rest/lib/__tests__/IssuerTokenServer.spec.ts @@ -148,7 +148,7 @@ describe('OID4VCIServer', () => { accessTokenSignerCallback: signerCallback, accessTokenIssuer: 'https://www.example.com', preAuthorizedCodeExpirationDuration: 2000, - tokenExpiresIn: 300000, + tokenExpiresIn: 300, }, }, }) @@ -172,11 +172,11 @@ describe('OID4VCIServer', () => { expect(actual).toEqual({ access_token: expect.stringContaining('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQi'), token_type: 'bearer', - expires_in: 300000, + expires_in: 300, c_nonce: expect.any(String), - c_nonce_expires_in: 300000, + c_nonce_expires_in: 300, authorization_pending: false, - interval: 300000, + interval: 300, }) }) it('should return http code 400 with message User pin is required', async () => { diff --git a/packages/issuer-rest/lib/oid4vci-api-functions.ts b/packages/issuer-rest/lib/oid4vci-api-functions.ts index cb5d7073..e84c7efd 100644 --- a/packages/issuer-rest/lib/oid4vci-api-functions.ts +++ b/packages/issuer-rest/lib/oid4vci-api-functions.ts @@ -79,8 +79,8 @@ export function accessTokenEndpoint( const accessTokenIssuer = opts?.accessTokenIssuer ?? process.env.ACCESS_TOKEN_ISSUER ?? issuer.issuerMetadata.credential_issuer const preAuthorizedCodeExpirationDuration = - opts?.preAuthorizedCodeExpirationDuration ?? getNumberOrUndefined(process.env.PRE_AUTHORIZED_CODE_EXPIRATION_DURATION) ?? 300000 - const interval = opts?.interval ?? getNumberOrUndefined(process.env.INTERVAL) ?? 300000 + opts?.preAuthorizedCodeExpirationDuration ?? getNumberOrUndefined(process.env.PRE_AUTHORIZED_CODE_EXPIRATION_DURATION) ?? 300 + const interval = opts?.interval ?? getNumberOrUndefined(process.env.INTERVAL) ?? 300 const tokenExpiresIn = opts?.tokenExpiresIn ?? 300 // todo: this means we cannot sign JWTs or issue access tokens when configured from env vars! diff --git a/packages/issuer/lib/VcIssuer.ts b/packages/issuer/lib/VcIssuer.ts index 66ffbf8b..04e439de 100644 --- a/packages/issuer/lib/VcIssuer.ts +++ b/packages/issuer/lib/VcIssuer.ts @@ -41,8 +41,6 @@ import { assertValidPinNumber, createCredentialOfferObject, createCredentialOffe import { LookupStateManager } from './state-manager' import { CredentialDataSupplier, CredentialDataSupplierArgs, CredentialIssuanceInput, CredentialSignerCallback } from './types' -const SECOND = 1000 - export class VcIssuer { private readonly _issuerMetadata: CredentialIssuerMetadataOpts private readonly _userPinRequired: boolean @@ -79,8 +77,7 @@ export class VcIssuer { this._credentialSignerCallback = args?.credentialSignerCallback this._jwtVerifyCallback = args?.jwtVerifyCallback this._credentialDataSupplier = args?.credentialDataSupplier - this._cNonceExpiresIn = - ((args?.cNonceExpiresIn ?? (process.env.C_NONCE_EXPIRES_IN ? parseInt(process.env.C_NONCE_EXPIRES_IN) : 300)) as number) * SECOND + this._cNonceExpiresIn = (args?.cNonceExpiresIn ?? (process.env.C_NONCE_EXPIRES_IN ? parseInt(process.env.C_NONCE_EXPIRES_IN) : 300)) as number } public getCredentialOfferSessionById(id: string): Promise { @@ -247,7 +244,7 @@ export class VcIssuer { } const validated = await this.validateCredentialRequestProof({ ...opts, - tokenExpiresIn: opts.tokenExpiresIn ?? 180000, + tokenExpiresIn: opts.tokenExpiresIn ?? 180, }) preAuthorizedCode = validated.preAuthorizedCode issuerState = validated.issuerState diff --git a/packages/issuer/lib/__tests__/VcIssuer.spec.ts b/packages/issuer/lib/__tests__/VcIssuer.spec.ts index 4b4b08d3..62cc8068 100644 --- a/packages/issuer/lib/__tests__/VcIssuer.spec.ts +++ b/packages/issuer/lib/__tests__/VcIssuer.spec.ts @@ -362,7 +362,7 @@ describe('VcIssuer', () => { }), ).resolves.toEqual({ c_nonce: 'new-test-nonce', - c_nonce_expires_in: 300000, + c_nonce_expires_in: 300, credential: { '@context': ['https://www.w3.org/2018/credentials/v1'], credentialSubject: {}, diff --git a/packages/issuer/lib/tokens/index.ts b/packages/issuer/lib/tokens/index.ts index 7fe85786..4a51584e 100644 --- a/packages/issuer/lib/tokens/index.ts +++ b/packages/issuer/lib/tokens/index.ts @@ -43,7 +43,8 @@ export const generateAccessToken = async ( }, ): Promise => { const { accessTokenIssuer, alg, accessTokenSignerCallback, tokenExpiresIn, preAuthorizedCode } = opts - const iat = new Date().getTime() + // JWT uses seconds for iat and exp + const iat = new Date().getTime() / 1000 const exp = iat + tokenExpiresIn const jwt: Jwt = { header: { typ: 'JWT', alg: alg ?? Alg.ES256K },