Skip to content

Commit

Permalink
Merge pull request #71 from Sphereon-Opensource/feature/enable-author…
Browse files Browse the repository at this point in the history
…ization-code-flow-helpers

Feature/enable authorization code flow helpers
  • Loading branch information
nklomp authored Oct 14, 2023
2 parents 2d2c2f2 + 1114e83 commit a9cd134
Show file tree
Hide file tree
Showing 20 changed files with 130 additions and 231 deletions.
15 changes: 1 addition & 14 deletions packages/callback-example/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,15 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline

**Note:** Version bump only for package @sphereon/oid4vci-callback-example





## [0.7.2](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.1...v0.7.2) (2023-09-28)

**Note:** Version bump only for package @sphereon/oid4vci-callback-example





## [0.7.1](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.0...v0.7.1) (2023-09-28)


### Bug Fixes

* Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))




- Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))

# [0.7.0](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.6.0...v0.7.0) (2023-08-19)

Expand Down
24 changes: 5 additions & 19 deletions packages/client/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,34 +7,20 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline

**Note:** Version bump only for package @sphereon/oid4vci-client





## [0.7.2](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.1...v0.7.2) (2023-09-28)


### Bug Fixes

* id lookup against server metadata not working ([592ec4b](https://github.com/Sphereon-Opensource/OID4VCI/commit/592ec4b837898eb3022d19479d79b6065e7a0d9e))




- id lookup against server metadata not working ([592ec4b](https://github.com/Sphereon-Opensource/OID4VCI/commit/592ec4b837898eb3022d19479d79b6065e7a0d9e))

## [0.7.1](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.7.0...v0.7.1) (2023-09-28)


### Bug Fixes

* Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))
* clearinterval ([214e3c6](https://github.com/Sphereon-Opensource/OID4VCI/commit/214e3c6d7ced9b27c50186db8ed876330230a6a5))
* relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([ce39958](https://github.com/Sphereon-Opensource/OID4VCI/commit/ce39958f21f82243f26111fd14bd2443517eef9c))
* relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([cb5f9c1](https://github.com/Sphereon-Opensource/OID4VCI/commit/cb5f9c1c12285508c6d403814d032e8883a59e7d))




- Better match credential offer types and formats onto issuer metadata ([4044c21](https://github.com/Sphereon-Opensource/OID4VCI/commit/4044c2175b4cbee16f44c8bb5499bba249ca4993))
- clearinterval ([214e3c6](https://github.com/Sphereon-Opensource/OID4VCI/commit/214e3c6d7ced9b27c50186db8ed876330230a6a5))
- relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([ce39958](https://github.com/Sphereon-Opensource/OID4VCI/commit/ce39958f21f82243f26111fd14bd2443517eef9c))
- relax auth_endpoint handling. Doesn't have to be available when doing pre-auth flow. Client handles errors anyway in case of auth/par flow ([cb5f9c1](https://github.com/Sphereon-Opensource/OID4VCI/commit/cb5f9c1c12285508c6d403814d032e8883a59e7d))

# [0.7.0](https://github.com/Sphereon-Opensource/OID4VCI/compare/v0.6.0...v0.7.0) (2023-08-19)

Expand Down
1 change: 0 additions & 1 deletion packages/client/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ import { OpenID4VCIClient } from '@sphereon/oid4vci-client';
// The client is initiated from a URI. This URI is provided by the Issuer, typically as a URL or QR code.
const client = await OpenID4VCIClient.fromURI({
uri: 'openid-initiate-issuance://?issuer=https%3A%2F%2Fissuer.research.identiproof.io&credential_type=OpenBadgeCredentialUrl&pre-authorized_code=4jLs9xZHEfqcoow0kHE7d1a8hUk6Sy-5bVSV2MqBUGUgiFFQi-ImL62T-FmLIo8hKA1UdMPH0lM1xAgcFkJfxIw9L-lI3mVs0hRT8YVwsEM1ma6N3wzuCdwtMU4bcwKp&user_pin_required=true',
flowType: AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW, // The flow to use
kid: 'did:example:ebfeb1f712ebc6f1c276e12ec21#key-1', // Our DID. You can defer this also to when the acquireCredential method is called
alg: Alg.ES256, // The signing Algorithm we will use. You can defer this also to when the acquireCredential method is called
clientId: 'test-clientId', // The clientId if the Authrozation Service requires it. If a clientId is needed you can defer this also to when the acquireAccessToken method is called
Expand Down
36 changes: 18 additions & 18 deletions packages/client/lib/AccessTokenClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ import {
AccessTokenResponse,
assertedUniformCredentialOffer,
AuthorizationServerOpts,
AuthzFlowType,
EndpointMetadata,
getIssuerFromCredentialOfferPayload,
GrantTypes,
isPreAuthCode,
IssuerOpts,
OpenIDResponse,
PRE_AUTH_CODE_LITERAL,
Expand Down Expand Up @@ -67,6 +67,7 @@ export class AccessTokenClient {
issuerOpts?: IssuerOpts;
}): Promise<OpenIDResponse<AccessTokenResponse>> {
this.validate(accessTokenRequest, isPinRequired);

const requestTokenURL = AccessTokenClient.determineTokenURL({
asOpts,
issuerOpts,
Expand All @@ -76,45 +77,44 @@ export class AccessTokenClient {
? await MetadataClient.retrieveAllMetadata(issuerOpts.issuer, { errorOnNotFound: false })
: undefined,
});

return this.sendAuthCode(requestTokenURL, accessTokenRequest);
}

public async createAccessTokenRequest(opts: AccessTokenRequestOpts): Promise<AccessTokenRequest> {
const { asOpts, pin, codeVerifier, code, redirectUri } = opts;
const credentialOfferRequest = await toUniformCredentialOfferRequest(opts.credentialOffer);
const request: Partial<AccessTokenRequest> = {};

if (asOpts?.clientId) {
request.client_id = asOpts.clientId;
}

this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
request.user_pin = pin;
if (credentialOfferRequest.supportedFlows.includes(AuthzFlowType.PRE_AUTHORIZED_CODE_FLOW)) {
this.assertNumericPin(this.isPinRequiredValue(credentialOfferRequest.credential_offer), pin);
request.user_pin = pin;

const isPreAuth = isPreAuthCode(credentialOfferRequest);
if (isPreAuth) {
if (codeVerifier) {
throw new Error('Cannot pass a code_verifier when flow type is pre-authorized');
}
request.grant_type = GrantTypes.PRE_AUTHORIZED_CODE;
// we actually know it is there because of the isPreAuthCode call
request[PRE_AUTH_CODE_LITERAL] =
credentialOfferRequest?.credential_offer.grants?.['urn:ietf:params:oauth:grant-type:pre-authorized_code']?.[PRE_AUTH_CODE_LITERAL];

return request as AccessTokenRequest;
}
if (!isPreAuth && credentialOfferRequest.credential_offer.grants?.authorization_code?.issuer_state) {
this.throwNotSupportedFlow(); // not supported yet

if (credentialOfferRequest.supportedFlows.includes(AuthzFlowType.AUTHORIZATION_CODE_FLOW)) {
request.grant_type = GrantTypes.AUTHORIZATION_CODE;
}
if (codeVerifier) {
request.code_verifier = codeVerifier;
request.code = code;
request.redirect_uri = redirectUri;
request.grant_type = GrantTypes.AUTHORIZATION_CODE;
}
if (request.grant_type === GrantTypes.AUTHORIZATION_CODE && isPreAuth) {
throw Error('A pre_authorized_code flow cannot have an issuer state in the credential offer');

if (codeVerifier) {
request.code_verifier = codeVerifier;
}

return request as AccessTokenRequest;
}

return request as AccessTokenRequest;
throw new Error('Credential offer request does not follow neither pre-authorized code nor authorization code flow requirements.');
}

private assertPreAuthorizedGrantType(grantType: GrantTypes): void {
Expand Down
Loading

0 comments on commit a9cd134

Please sign in to comment.