diff --git a/packages/jarm/__tests__/jarm.test.ts b/packages/jarm/__tests__/jarm.test.ts new file mode 100644 index 00000000..a4166dac --- /dev/null +++ b/packages/jarm/__tests__/jarm.test.ts @@ -0,0 +1,5 @@ +describe('jarm', () => { + it('should create some tests', () => { + expect(true).toBe(true); + }); +}); diff --git a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts index 07f0d10f..777b2caf 100644 --- a/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts +++ b/packages/jarm/lib/jarm-auth-response-send/jarm-auth-response-send.ts @@ -42,7 +42,7 @@ export const jarmAuthResponseSend = async (input: JarmAuthResponseSendInput): Pr case 'fragment.jwt': return handleFragmentJwt(responseEndpoint, authResponse); case 'form_post.jwt': - throw new Error('Not implemented'); + throw new Error('Not implemented. form_post.jwt is not yet supported.'); } }; diff --git a/packages/jarm/lib/jarm-auth-response/v-jarm-auth-response-params.ts b/packages/jarm/lib/jarm-auth-response/v-jarm-auth-response-params.ts index 1cbb90de..2a6465fc 100644 --- a/packages/jarm/lib/jarm-auth-response/v-jarm-auth-response-params.ts +++ b/packages/jarm/lib/jarm-auth-response/v-jarm-auth-response-params.ts @@ -27,12 +27,12 @@ export const vJarmAuthResponseParams = v.looseObject({ iss: v.string(), /** - * The client_id of the client the response is intended for + * Expiration of the JWT */ exp: v.number(), /** - * Expiration of the JWT + * The client_id of the client the response is intended for */ aud: v.string(), }); @@ -50,7 +50,7 @@ export const validateJarmAuthResponseParams = (input: { } // 4. The client obtains the aud element from the JWT and checks whether it matches the client id the client used to identify itself in the corresponding authorization request. If the check fails, the client MUST abort processing and refuse the response. - if (authRequestParams.client_id !== authResponseParams.client_id) { + if (authRequestParams.client_id !== authResponseParams.aud) { throw new Error(`Invalid audience in jarm-auth-response. Expected '${authRequestParams.client_id}' received '${authResponseParams.aud}'.`); } diff --git a/packages/siop-oid4vp/lib/op/OP.ts b/packages/siop-oid4vp/lib/op/OP.ts index 78d07b4a..6989b1a6 100644 --- a/packages/siop-oid4vp/lib/op/OP.ts +++ b/packages/siop-oid4vp/lib/op/OP.ts @@ -159,7 +159,9 @@ export class OP { } public static async extractEncJwksFromClientMetadata(clientMetadata: JwksMetadataParams) { - // The client metadata will be parsed in the joseExtractJWKS function + // TODO: Currently no mechanisms are in place to deal with multiple 'enc' keys in the client metadata. + // TODO: Maybe we should return all 'enc' keys in the client metadata. In addition the JWKS from the jwks_uri are not fetched if jwks are present. + // TODO: Is that the expected behavior? const jwks = await extractJwksFromJwksMetadata(clientMetadata) const encryptionJwk = jwks?.keys.find((key) => key.use === 'enc') if (!encryptionJwk) {