Skip to content

Commit

Permalink
feat: add aud/response_uri to request object, and client_id to the re…
Browse files Browse the repository at this point in the history
…quest
  • Loading branch information
auer-martin committed Aug 16, 2024
1 parent 6556cc0 commit 400df29
Show file tree
Hide file tree
Showing 9 changed files with 10,609 additions and 7,452 deletions.
2 changes: 2 additions & 0 deletions packages/oid4vci-common/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,13 @@
"@sphereon/oid4vc-common": "workspace:*",
"@sphereon/ssi-types": "0.29.0",
"cross-fetch": "^3.1.8",
"debug": "^4.3.5",
"jwt-decode": "^4.0.0",
"uint8arrays": "3.1.1",
"uuid": "^9.0.0"
},
"devDependencies": {
"@types/debug": "^4.1.12",
"@types/jest": "^29.5.12",
"@types/uuid": "^9.0.1",
"typescript": "5.4.5"
Expand Down
3 changes: 2 additions & 1 deletion packages/siop-oid4vp/lib/authorization-request/Payload.ts
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ export const createAuthorizationRequestPayload = async (
const state = payload?.state ?? undefined
const nonce = payload?.nonce ? getNonce(state, payload.nonce) : undefined
// TODO: if opts['registration] throw Error to get rid of test code using that key
const clientMetadata = opts['registration'] ? opts['registration'] : (opts.clientMetadata as ClientMetadataOpts)
const clientMetadata = opts['registration'] ?? (opts.clientMetadata as ClientMetadataOpts)
const registration = await createRequestRegistration(clientMetadata, opts)
const claims = opts.version >= SupportedVersion.SIOPv2_ID1 ? opts.payload.claims : createPresentationDefinitionClaimsProperties(opts.payload.claims)
const isRequestTarget = isTargetOrNoTargets(PropertyTarget.AUTHORIZATION_REQUEST, opts.requestObject.targets)
Expand All @@ -59,6 +59,7 @@ export const createAuthorizationRequestPayload = async (
const authRequestPayload = {
...payload,
//TODO implement /.well-known/openid-federation support in the OP side to resolve the client_id (URL) and retrieve the metadata
...(clientMetadata.client_id && { client_id: clientMetadata.client_id }),
...(isRequestTarget && opts.requestObject.passBy === PassBy.REFERENCE ? { request_uri: opts.requestObject.reference_uri } : {}),
...(isRequestTarget && isRequestByValue && { request }),
...(nonce && { nonce }),
Expand Down
1 change: 1 addition & 0 deletions packages/siop-oid4vp/lib/authorization-request/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ export interface RequestObjectPayloadOpts<CT extends ClaimPayloadCommonOpts> {
claims?: CT // from openid-connect-self-issued-v2-1_0-ID1 look at https://openid.net/specs/openid-connect-core-1_0.html#Claims
nonce?: string // An optional nonce, will be generated if not provided
state?: string // An optional state, will be generated if not provided
aud?: string // The audience of the request
authorization_endpoint?: string
response_mode?: ResponseMode // How the URI should be returned. This is not being used by the library itself, allows an implementor to make a decision
response_types_supported?: ResponseType[] | ResponseType
Expand Down
2 changes: 2 additions & 0 deletions packages/siop-oid4vp/lib/request-object/Payload.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ export const createRequestObjectPayload = async (opts: CreateAuthorizationReques
const iat = payload.iat ?? now
const nbf = payload.nbf ?? iat
const exp = payload.exp ?? iat + validInSec
const aud = payload.aud
const jti = payload.jti ?? uuidv4()

return removeNullUndefined({
Expand All @@ -51,6 +52,7 @@ export const createRequestObjectPayload = async (opts: CreateAuthorizationReques
nbf,
exp,
jti,
aud,
})
}

Expand Down
9 changes: 2 additions & 7 deletions packages/siop-oid4vp/lib/request-object/RequestObject.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { JwtIssuer, parseJWT } from '@sphereon/oid4vc-common'
import { ClaimPayloadCommonOpts, ClaimPayloadOptsVID1, CreateAuthorizationRequestOpts } from '../authorization-request'
import { assertValidAuthorizationRequestOpts } from '../authorization-request/Opts'
import { fetchByReferenceOrUseByValue, removeNullUndefined } from '../helpers'
import { AuthorizationRequestPayload, JwtIssuerWithContext, RequestObjectJwt, RequestObjectPayload, ResponseMode, SIOPErrors } from '../types'
import { AuthorizationRequestPayload, JwtIssuerWithContext, RequestObjectJwt, RequestObjectPayload, SIOPErrors } from '../types'

import { assertValidRequestObjectOpts } from './Opts'
import { assertValidRequestObjectPayload, createRequestObjectPayload } from './Payload'
Expand Down Expand Up @@ -74,6 +74,7 @@ export class RequestObject {
if (this.payload.registration_uri) {
delete this.payload.registration
}

assertValidRequestObjectPayload(this.payload)

const jwtIssuer: JwtIssuerWithContext = this.opts.jwtIssuer
Expand All @@ -92,12 +93,6 @@ export class RequestObject {
this.jwt = await this.opts.createJwtCallback(jwtIssuer, { header, payload: this.payload })
} else if (jwtIssuer.method === 'x5c') {
this.payload.iss = jwtIssuer.issuer
this.payload.client_id = jwtIssuer.issuer

if (this.opts.payload.response_mode !== ResponseMode.DIRECT_POST) {
this.payload.redirect_uri = jwtIssuer.issuer
}

this.payload.client_id_scheme = jwtIssuer.clientIdScheme

const header = { x5c: jwtIssuer.x5c, typ: 'JWT' }
Expand Down
14 changes: 13 additions & 1 deletion packages/siop-oid4vp/lib/rp/RPBuilder.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { Hasher } from '@sphereon/ssi-types'

import { PropertyTarget, PropertyTargets } from '../authorization-request'
import { PresentationVerificationCallback } from '../authorization-response'
import { CreateJwtCallback, VerifyJwtCallback } from '../types'
import { CreateJwtCallback, RequestAud, VerifyJwtCallback } from '../types'
import {
AuthorizationRequestPayload,
ClientMetadataOpts,
Expand Down Expand Up @@ -80,6 +80,12 @@ export class RPBuilder {
return this
}

withAudience(issuer: RequestAud, targets?: PropertyTargets): RPBuilder {
this._authorizationRequestPayload.aud = assignIfAuth({ propertyValue: issuer, targets }, false)
this._requestObjectPayload.aud = assignIfRequestObject({ propertyValue: issuer, targets }, true)
return this
}

withPresentationVerification(presentationVerificationCallback: PresentationVerificationCallback): RPBuilder {
this.presentationVerificationCallback = presentationVerificationCallback
return this
Expand Down Expand Up @@ -119,6 +125,12 @@ export class RPBuilder {
return this
}

withResponsetUri(redirectUri: string, targets?: PropertyTargets): RPBuilder {
this._authorizationRequestPayload.response_uri = assignIfAuth({ propertyValue: redirectUri, targets }, false)
this._requestObjectPayload.response_uri = assignIfRequestObject({ propertyValue: redirectUri, targets }, true)
return this
}

withRequestByReference(referenceUri: string): RPBuilder {
return this.withRequestBy(PassBy.REFERENCE, referenceUri /*, PropertyTarget.AUTHORIZATION_REQUEST*/)
}
Expand Down
4 changes: 4 additions & 0 deletions packages/siop-oid4vp/lib/types/SIOP.types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -634,6 +634,10 @@ export enum ResponseIss {
JWT_VC_PRESENTATION_V1 = 'https://self-issued.me/v2/openid-vc',
}

export enum RequestAud {
SELF_ISSUED_V2 = 'https://self-issued.me/v2',
}

export const isRequestOpts = (object: CreateAuthorizationRequestOpts | AuthorizationResponseOpts): object is CreateAuthorizationRequestOpts =>
'requestBy' in object

Expand Down
2 changes: 2 additions & 0 deletions packages/siop-oid4vp/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
"@sphereon/ssi-types": "0.22.0",
"@sphereon/wellknown-dids-client": "^0.1.3",
"cross-fetch": "^4.0.0",
"debug": "^4.3.5",
"events": "^3.3.0",
"jwt-decode": "^4.0.0",
"language-tags": "^1.0.9",
Expand All @@ -45,6 +46,7 @@
"@transmute/did-key-ed25519": "^0.3.0-unstable.10",
"@transmute/ed25519-key-pair": "0.7.0-unstable.82",
"@transmute/ed25519-signature-2018": "^0.7.0-unstable.82",
"@types/debug": "^4.1.12",
"@types/jest": "^29.5.11",
"@types/jwt-decode": "^3.1.0",
"@types/language-tags": "^1.0.4",
Expand Down
Loading

0 comments on commit 400df29

Please sign in to comment.