Draft21 (#281)

* Removed client_metadata_uri * Corrected fun name * Added VpFormat to resolved request * Added support for request_uri_method * Added tests for WalletMetaData * Code format * More checks * More changes * Added JarConfig * Added to JarConfig an option on using or not wallet_nonce * Added various options to JarConfig, including SupportedRequestUriMethods * Fixed typos * Removed default value for VpConfig * Renamed TOs * Re-workd VpFormats * Improved tests * Fix * README updates * Bump to version 0.6.0 --------- Co-authored-by: Vafeiadis Nikos <[email protected]>
eu-digital-identity-wallet · Oct 22, 2024 · 2dea24b · 2dea24b
1 parent 22b4826
commit 2dea24b
Show file tree

Hide file tree

Showing 24 changed files with 859 additions and 150 deletions.
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ the [EUDI Wallet Reference Implementation project description](https://github.co
 
 This is a Kotlin library, targeting JVM, that supports 
 the [SIOPv2 (draft 12)](https://openid.bitbucket.io/connect/openid-connect-self-issued-v2-1_0.html) 
-and [OpenId4VP (draft 20)](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) protocols.
+and [OpenId4VP (draft 21)](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html) protocols.
 In particular, the library focus on the wallet's role using those two protocols with constraints
 included in ISO 23220-4 and ISO-18013-7
 
@@ -70,8 +70,8 @@ val siopOpenId4Vp = SiopOpenId4Vp.ktor(walletConfig)
 Wallet receives an OAUTH2 Authorization request, formed by the Verifier, that may represent
 
 - a [SIOPv2 authentication request](https://openid.bitbucket.io/connect/openid-connect-self-issued-v2-1_0.html#name-self-issued-openid-provider-a), or
-- a [OpenID4VP authorization request](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-authorization-request) or,
-- a combined [SIOP & OpenID4VP request](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-combining-this-specificatio)
+- a [OpenID4VP authorization request](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#name-authorization-request) or,
+- a combined [SIOP & OpenID4VP request](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#name-combining-this-specificatio)
 
 In the same device scenario, the aforementioned authorization request reaches the wallet in terms of a deep link.
 Similarly, in the cross-device scenario, the request would be obtained via scanning a QR Code.
@@ -148,7 +148,7 @@ and then run the Example.
 
 ## SIOPv2 & OpenId4VP features supported
 
-### `response_mode`
+### Parameter `response_mode`
 
 A Wallet can take the form of a web or mobile application.
 OpenId4VP describes flows for both cases. Given that we are focusing on a mobile wallet we could
@@ -174,6 +174,15 @@ Library requires the presence of `client_id_scheme` with one of the following va
 - `did` where verifier must send the authorization request signed (JAR) using a key resolvable via DID URL.
 - `verifier_attestation` where verifier must send the authorization request signed (JAR), witch contains a verifier attestation JWT from a trusted issuer
 
+### Retrieving Authorization Request 
+
+According to OpenID4VP, when the `request_uri` parameter is included in the authorization request wallet must fetch the Authorization Request by following this URI.
+In this case there are two methods to get the request, controlled by the `request_uri_method` comunicated by the verifier:
+- Via an HTTP GET: In this case the Wallet MUST send the request to retrieve the Request Object using the HTTP GET method, as defined in [RFC9101](https://www.rfc-editor.org/rfc/rfc9101.html). 
+- Via an HTTP POST: In this case a supporting Wallet MUST send the request using the HTTP POST method as detailed in [Section 5.8](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#name-request-uri-method-post).
+
+In the later case wallet can communicate its [metadata](src/main/kotlin/eu/europa/ec/eudi/openid4vp/internal/request/WalletMetaData.kt) to the verifier. Library supports both methods.
+
 ### Authorization Request encoding
 
 OAUTH2 foresees that `AuthorizationRequest` is encoded as an HTTP GET
@@ -196,18 +205,15 @@ Presentation Definition JSON object.
 
 According to OpenId4VP, verifier may pass the `presentation_definition` either
 
-* [by value](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-5.1)
-* [by reference](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-presentation_definition_uri)
-* [using scope](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-using-scope-parameter-to-re)
+* [by value](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#section-5.1)
+* [by reference](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#section-5.2)
+* [using scope](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#section-5.3)
 
 Library supports all these options
 
 ### Client metadata in Authorization Request
-According to [OpenId4VP](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-authorization-request) verifier may pass his metadata (client metadata) either
-* by value, or
-* by reference
-
-Library supports both options
+According to [OpenId4VP](https://openid.net/specs/openid-4-verifiable-presentations-1_0-21.html#name-authorization-request) verifier may pass his metadata (client metadata) by value. 
+Library parses and validates the verifier metadata. 
 
 ### Supported response types
 

diff --git a/gradle.properties b/gradle.properties
@@ -6,7 +6,7 @@ org.gradle.parallel=true
 
 # Project properties
 group=eu.europa.ec.eudi
-version=0.5.1-SNAPSHOT
+version=0.6.0
 
 # Sonar
 systemProp.sonar.gradle.skipCompile=true

diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vp/AuthorizationRequestResolver.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vp/AuthorizationRequestResolver.kt
@@ -18,6 +18,7 @@ package eu.europa.ec.eudi.openid4vp
 import eu.europa.ec.eudi.openid4vp.Client.*
 import eu.europa.ec.eudi.openid4vp.ResolvedRequestObject.OpenId4VPAuthorization
 import eu.europa.ec.eudi.openid4vp.ResolvedRequestObject.SiopOpenId4VPAuthentication
+import eu.europa.ec.eudi.openid4vp.internal.request.RequestUriMethod
 import eu.europa.ec.eudi.prex.PresentationDefinition
 import org.bouncycastle.asn1.x500.X500Name
 import org.bouncycastle.asn1.x500.style.BCStyle
@@ -120,6 +121,7 @@ sealed interface ResolvedRequestObject : Serializable {
         override val state: String?,
         override val nonce: String,
         override val jarmRequirement: JarmRequirement?,
+        val vpFormats: VpFormats,
         val presentationDefinition: PresentationDefinition,
     ) : ResolvedRequestObject
 
@@ -132,6 +134,7 @@ sealed interface ResolvedRequestObject : Serializable {
         override val state: String?,
         override val nonce: String,
         override val jarmRequirement: JarmRequirement?,
+        val vpFormats: VpFormats,
         val idTokenType: List<IdTokenType>,
         val subjectSyntaxTypesSupported: List<SubjectSyntaxType>,
         val scope: Scope,
@@ -140,7 +143,7 @@ sealed interface ResolvedRequestObject : Serializable {
 }
 
 /**
- * Errors that can occur while validating & resolving an authorization request
+ * Errors that can occur while validating and resolving an authorization request
  */
 sealed interface AuthorizationRequestError : Serializable
 
@@ -153,6 +156,15 @@ sealed interface RequestValidationError : AuthorizationRequestError {
 
     data class InvalidJarJwt(val cause: String) : AuthorizationRequestError
 
+    data object InvalidUseOfBothRequestAndRequestUri : RequestValidationError {
+        private fun readResolve(): Any = InvalidUseOfBothRequestAndRequestUri
+    }
+
+    data class UnsupportedRequestUriMethod(val method: RequestUriMethod) : RequestValidationError
+    data object InvalidRequestUriMethod : RequestValidationError {
+        private fun readResolve(): Any = InvalidRequestUriMethod
+    }
+
     //
     // Response Type errors
     //
@@ -226,10 +238,6 @@ sealed interface RequestValidationError : AuthorizationRequestError {
 
     data class UnsupportedClientMetaData(val value: String) : RequestValidationError
 
-    data object InvalidClientMetaDataUri : RequestValidationError {
-        private fun readResolve(): Any = InvalidClientMetaDataUri
-    }
-
     data object OneOfClientMedataOrUri : RequestValidationError {
         private fun readResolve(): Any = OneOfClientMedataOrUri
     }
@@ -283,7 +291,6 @@ sealed interface ResolutionError : AuthorizationRequestError {
     }
 
     data class UnableToFetchPresentationDefinition(val cause: Throwable) : ResolutionError
-    data class UnableToFetchClientMetadata(val cause: Throwable) : ResolutionError
     data class UnableToFetchRequestObject(val cause: Throwable) : ResolutionError
     data class ClientMetadataJwkUriUnparsable(val cause: Throwable) : ResolutionError
     data class ClientMetadataJwkResolutionFailed(val cause: Throwable) : ResolutionError
@@ -310,12 +317,12 @@ fun <T> AuthorizationRequestError.asFailure(): Result<T> =
     Result.failure(asException())
 
 /**
- * The outcome of [validating & resolving][AuthorizationRequestResolver.resolveRequestUri]
+ * The outcome of [validating and resolving][AuthorizationRequestResolver.resolveRequestUri]
  * an authorization request.
  */
 sealed interface Resolution {
     /**
-     * Represents the success of validating & resolving an authorization request
+     * Represents the success of validating and resolving an authorization request
      * into a [requestObject]
      */
     data class Success(val requestObject: ResolvedRequestObject) : Resolution