From fd55d91d5c5890525634ecd88dcccfcd30a07a4e Mon Sep 17 00:00:00 2001 From: Christian Kollmann <christian.kollmann@a-sit.at> Date: Tue, 30 May 2023 16:48:27 +0200 Subject: [PATCH] Extract more constants for OpenID --- .../asitplus/wallet/lib/oidc/OidcSiopProtocol.kt | 15 +++++++++------ .../asitplus/wallet/lib/oidc/OpenIdConstants.kt | 9 ++++++--- .../asitplus/wallet/lib/oidvci/IssuerService.kt | 3 ++- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt index 6d19c184..bf9ff8db 100644 --- a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt +++ b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocol.kt @@ -24,6 +24,9 @@ import at.asitplus.wallet.lib.jws.JwsHeader import at.asitplus.wallet.lib.jws.JwsService import at.asitplus.wallet.lib.jws.JwsSigned import at.asitplus.wallet.lib.jws.VerifierJwsService +import at.asitplus.wallet.lib.oidc.OpenIdConstants.ID_TOKEN +import at.asitplus.wallet.lib.oidc.OpenIdConstants.URN_TYPE_JWK_THUMBPRINT +import at.asitplus.wallet.lib.oidc.OpenIdConstants.VP_TOKEN import com.benasher44.uuid.uuid4 import io.github.aakira.napier.Napier import kotlinx.datetime.Clock @@ -106,13 +109,13 @@ class OidcSiopProtocol( val metadata = RelyingPartyMetadata( redirectUris = arrayOf(relyingPartyUrl), jsonWebKeySet = JsonWebKeySet(arrayOf(agentPublicKey)), - subjectSyntaxTypesSupported = arrayOf("urn:ietf:params:oauth:jwk-thumbprint", "did:key"), + subjectSyntaxTypesSupported = arrayOf(URN_TYPE_JWK_THUMBPRINT, "did:key"), vpFormats = FormatHolder( jwtVp = FormatContainerJwt(algorithms = arrayOf(JwsAlgorithm.ES256.text)), ), ) return AuthenticationRequestParameters( - responseType = "id_token vp_token", // TODO Extract constants + responseType = "$ID_TOKEN $VP_TOKEN", clientId = relyingPartyUrl, redirectUri = relyingPartyUrl, scope = "openid profile", @@ -181,17 +184,17 @@ class OidcSiopProtocol( val audience = params.clientMetadata?.jsonWebKeySet?.keys?.get(0)?.identifier ?: return null .also { Napier.w("Could not parse audience") } - if ("urn:ietf:params:oauth:jwk-thumbprint" !in params.clientMetadata.subjectSyntaxTypesSupported) + if (URN_TYPE_JWK_THUMBPRINT !in params.clientMetadata.subjectSyntaxTypesSupported) return null .also { Napier.w("Incompatible subject syntax types algorithms") } if (params.clientId != params.redirectUri) return null .also { Napier.w("client_id does not match redirect_uri") } - if ("id_token" !in params.responseType) + if (ID_TOKEN !in params.responseType) return null - .also { Napier.w("response_type is not \"id_token\"") } + .also { Napier.w("response_type is not \"$ID_TOKEN\"") } // TODO "claims" may be set by the RP to tell OP which attributes to release - if ("vp_token" !in params.responseType && params.presentationDefinition == null) + if (VP_TOKEN !in params.responseType && params.presentationDefinition == null) return null .also { Napier.w("vp_token not requested") } if (params.clientMetadata.vpFormats == null) diff --git a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt index f31ca8e2..cd2d2aaf 100644 --- a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt +++ b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OpenIdConstants.kt @@ -2,7 +2,9 @@ package at.asitplus.wallet.lib.oidc object OpenIdConstants { - const val ID_TOKEN = "idToken" + const val ID_TOKEN = "id_token" + + const val VP_TOKEN = "vp_token" const val GRANT_TYPE_CODE = "code" @@ -10,6 +12,8 @@ object OpenIdConstants { const val TOKEN_TYPE_BEARER = "bearer" + const val URN_TYPE_JWK_THUMBPRINT = "urn:ietf:params:oauth:jwk-thumbprint" + const val PATH_WELL_KNOWN_CREDENTIAL_ISSUER = "/.well-known/openid-credential-issuer" /** @@ -25,7 +29,6 @@ object OpenIdConstants { const val JWT = "jwt" const val JWT_HEADER_TYPE = "openid4vci-proof+jwt" - } /** @@ -50,4 +53,4 @@ object OpenIdConstants { const val INVALID_PROOF = "invalid_or_missing_proof" } -} \ No newline at end of file +} diff --git a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt index a39494aa..f56882f5 100644 --- a/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt +++ b/vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/IssuerService.kt @@ -11,6 +11,7 @@ import at.asitplus.wallet.lib.oidc.OpenIdConstants.Errors import at.asitplus.wallet.lib.oidc.OpenIdConstants.ProofTypes import at.asitplus.wallet.lib.oidc.OpenIdConstants.TOKEN_PREFIX_BEARER import at.asitplus.wallet.lib.oidc.OpenIdConstants.TOKEN_TYPE_BEARER +import at.asitplus.wallet.lib.oidc.OpenIdConstants.URN_TYPE_JWK_THUMBPRINT import io.ktor.http.URLBuilder import kotlin.coroutines.cancellation.CancellationException @@ -41,7 +42,7 @@ class IssuerService( format = CredentialFormatEnum.JWT_VC, id = it.vcType, types = arrayOf(VERIFIABLE_CREDENTIAL, it.vcType), - supportedBindingMethods = arrayOf("did:key", "jwk-thumbprint"), + supportedBindingMethods = arrayOf("did:key", URN_TYPE_JWK_THUMBPRINT), supportedCryptographicSuites = arrayOf(JwsAlgorithm.ES256.text), ) } -- GitLab