add resource

Signed-off-by: Timo Glastra <[email protected]>
openwallet-foundation-labs · Nov 8, 2024 · d7b6eb0 · d7b6eb0
1 parent e4a2595
commit d7b6eb0
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 13 deletions.
diff --git a/packages/oauth2/src/Oauth2Client.ts b/packages/oauth2/src/Oauth2Client.ts
@@ -145,11 +145,13 @@ export class Oauth2Client {
     additionalRequestPayload,
     txCode,
     dpop,
+    resource,
   }: Omit<RetrievePreAuthorizedCodeAccessTokenOptions, 'callbacks'>) {
     const result = await retrievePreAuthorizedCodeAccessToken({
       authorizationServerMetadata,
       preAuthorizedCode,
       txCode,
+      resource,
       additionalRequestPayload: {
         ...additionalRequestPayload,
         tx_code: txCode,
@@ -167,13 +169,15 @@ export class Oauth2Client {
     authorizationCode,
     pkceCodeVerifier,
     redirectUri,
+    resource,
     dpop,
   }: Omit<RetrieveAuthorizationCodeAccessTokenOptions, 'callbacks'>) {
     const result = await retrieveAuthorizationCodeAccessToken({
       authorizationServerMetadata,
       authorizationCode,
       pkceCodeVerifier,
       additionalRequestPayload,
+      resource,
       callbacks: this.options.callbacks,
       dpop,
       redirectUri,

diff --git a/packages/oid4vci/src/Oid4vciClient.ts b/packages/oid4vci/src/Oid4vciClient.ts
@@ -275,7 +275,7 @@ export class Oid4vciClient {
     dpop,
   }: Omit<
     RetrievePreAuthorizedCodeAccessTokenOptions,
-    'callbacks' | 'authorizationServerMetadata' | 'preAuthorizedCode'
+    'callbacks' | 'authorizationServerMetadata' | 'preAuthorizedCode' | 'resource'
   > & {
     credentialOffer: CredentialOfferObject
     issuerMetadata: IssuerMetadataResult
@@ -307,6 +307,7 @@ export class Oid4vciClient {
       authorizationServerMetadata,
       preAuthorizedCode,
       txCode,
+      resource: issuerMetadata.credentialIssuer.credential_issuer,
       additionalRequestPayload,
       dpop,
     })
@@ -354,6 +355,7 @@ export class Oid4vciClient {
       additionalRequestPayload,
       dpop,
       redirectUri,
+      resource: issuerMetadata.credentialIssuer.credential_issuer,
     })
 
     return {

diff --git a/packages/oid4vci/src/__tests__/Oid4vciClient.test.ts b/packages/oid4vci/src/__tests__/Oid4vciClient.test.ts
@@ -41,9 +41,12 @@ describe('Oid4vciClient', () => {
         HttpResponse.text(undefined, { status: 404 })
       ),
       http.post(paradymDraft13.credentialIssuerMetadata.token_endpoint, async ({ request }) => {
-        expect(await request.text()).toEqual(
-          'pre-authorized_code=1130293840889780123292078&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code'
-        )
+        expect(parseXwwwFormUrlEncoded(await request.text())).toEqual({
+          'pre-authorized_code': '1130293840889780123292078',
+          grant_type: preAuthorizedCodeGrantIdentifier,
+          resource: credentialOffer.credential_issuer,
+        })
+
         return HttpResponse.json(paradymDraft13.accessTokenResponse)
       }),
       http.post(paradymDraft13.credentialIssuerMetadata.credential_endpoint, async ({ request }) => {
@@ -139,9 +142,13 @@ describe('Oid4vciClient', () => {
         HttpResponse.text(undefined, { status: 404 })
       ),
       http.post(paradymDraft11.credentialIssuerMetadata.token_endpoint, async ({ request }) => {
-        expect(await request.text()).toEqual(
-          'pre-authorized_code=1130293840889780123292078&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code&tx_code=some-tx-code&user_pin=some-tx-code'
-        )
+        expect(parseXwwwFormUrlEncoded(await request.text())).toEqual({
+          'pre-authorized_code': '1130293840889780123292078',
+          grant_type: preAuthorizedCodeGrantIdentifier,
+          tx_code: 'some-tx-code',
+          user_pin: 'some-tx-code',
+          resource: credentialOffer.credential_issuer,
+        })
         return HttpResponse.json(paradymDraft11.accessTokenResponse)
       }),
       http.post(paradymDraft11.credentialIssuerMetadata.credential_endpoint, async ({ request }) => {
@@ -327,9 +334,14 @@ describe('Oid4vciClient', () => {
           },
           signature: expect.any(String),
         })
-        expect(await request.text()).toEqual(
-          'code=SHSw3KROXXsyvlCSPWBi4b&redirect_uri=https%3A%2F%2Fexample.com%2Fredirect&code_verifier=l-yZMbym56l7IlENP17y-XgKzT6a37ut5n9yXMrh9BpTOt9g77CwCsWheRW0oMA2tL471UZhIr705MdHxRSQvQ&grant_type=authorization_code'
-        )
+        expect(parseXwwwFormUrlEncoded(await request.text())).toEqual({
+          code: 'SHSw3KROXXsyvlCSPWBi4b',
+          redirect_uri: 'https://example.com/redirect',
+          code_verifier: 'l-yZMbym56l7IlENP17y-XgKzT6a37ut5n9yXMrh9BpTOt9g77CwCsWheRW0oMA2tL471UZhIr705MdHxRSQvQ',
+          grant_type: 'authorization_code',
+          resource: credentialOffer.credential_issuer,
+        })
+
         return HttpResponse.json(bdrDraft13.accessTokenResponse, {
           headers: {
             'DPoP-Nonce': 'nonce-should-be-used',
@@ -529,9 +541,12 @@ describe('Oid4vciClient', () => {
         }
       ),
       http.post(presentationDuringIssuance.authorizationServerMetadata.token_endpoint, async ({ request }) => {
-        expect(await request.text()).toEqual(
-          `code=${presentationDuringIssuance.authorizationChallengeResponse.authorization_code}&redirect_uri=https%3A%2F%2Fexample.com%2Fredirect&grant_type=authorization_code`
-        )
+        expect(parseXwwwFormUrlEncoded(await request.text())).toEqual({
+          code: presentationDuringIssuance.authorizationChallengeResponse.authorization_code,
+          redirect_uri: 'https://example.com/redirect',
+          grant_type: 'authorization_code',
+          resource: credentialOffer.credential_issuer,
+        })
         return HttpResponse.json(presentationDuringIssuance.accessTokenResponse)
       }),
       http.post(presentationDuringIssuance.credentialIssuerMetadata.credential_endpoint, async ({ request }) => {

diff --git a/packages/oid4vci/tests/full-flow.test.ts b/packages/oid4vci/tests/full-flow.test.ts
@@ -168,6 +168,7 @@ describe('Full E2E test', () => {
         expect(accessTokenRequest).toEqual({
           'pre-authorized_code': expect.any(String),
           grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+          resource: createdCredentialOffer.credentialOfferObject.credential_issuer,
         })
 
         const parsedAccessTokenRequest = authorizationServer.parseAccessTokenRequest({
@@ -182,6 +183,7 @@ describe('Full E2E test', () => {
           accessTokenRequest: {
             'pre-authorized_code': preAuthorizedCode,
             grant_type: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
+            resource: createdCredentialOffer.credentialOfferObject.credential_issuer,
           },
           grant: {
             grantType: 'urn:ietf:params:oauth:grant-type:pre-authorized_code',
@@ -475,6 +477,7 @@ describe('Full E2E test', () => {
           redirect_uri: 'https://redirect-uri.com',
           code_verifier: expect.any(String),
           grant_type: 'authorization_code',
+          resource: credentialIssuerMetadata.credential_issuer,
         })
 
         const parsedAccessTokenRequest = authorizationServer.parseAccessTokenRequest({
@@ -491,6 +494,7 @@ describe('Full E2E test', () => {
             redirect_uri: 'https://redirect-uri.com',
             code_verifier: expect.any(String),
             grant_type: 'authorization_code',
+            resource: createdCredentialOffer.credentialOfferObject.credential_issuer,
           },
           grant: {
             grantType: 'authorization_code',