OID4VCI: Support issuer state

a-sit-plus · Nov 13, 2024 · 01a4432 · 01a4432
1 parent c5c1f3f
commit 01a4432
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@ Release 5.2.0:
  - SD-JWT: Validate confirmation claims correctly
  - Adapt to changes in `signum`, i.e. the classes `JwsSigned` and `JweDecrypted` are now typed to their payload
  - ISO credentials: Serialize and deserialize device signed items correctly (i.e. considering the namespace of the element)
+ - Add `issuerState` to `OAuth2Client.createAuthRequest` for OID4VCI flows
 
 Release 5.1.0:
  - Drop ARIES protocol implementation, and the `vck-aries` artifact

diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oauth2/OAuth2Client.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oauth2/OAuth2Client.kt
@@ -6,7 +6,10 @@ import at.asitplus.openid.OpenIdConstants.GRANT_TYPE_CODE
 import at.asitplus.signum.indispensable.io.Base64UrlStrict
 import at.asitplus.wallet.lib.iso.sha256
 import at.asitplus.wallet.lib.jws.JwsService
-import at.asitplus.wallet.lib.oidvci.*
+import at.asitplus.wallet.lib.oidvci.DefaultMapStore
+import at.asitplus.wallet.lib.oidvci.MapStore
+import at.asitplus.wallet.lib.oidvci.WalletService
+import at.asitplus.wallet.lib.oidvci.buildDPoPHeader
 import io.matthewnelson.encoding.core.Encoder.Companion.encodeToString
 import kotlin.random.Random
 
@@ -52,19 +55,22 @@ class OAuth2Client(
      * @param authorizationDetails from RFC 9396 OAuth 2.0 Rich Authorization Requests
      * @param resource from RFC 8707 Resource Indicators for OAuth 2.0, in OID4VCI flows the value
      * of [IssuerMetadata.credentialIssuer]
+     * @param issuerState for OID4VCI flows the value from [CredentialOfferGrantsAuthCode.issuerState]
      */
     suspend fun createAuthRequest(
         state: String,
         authorizationDetails: Set<AuthorizationDetails>? = null,
         scope: String? = null,
         resource: String? = null,
+        issuerState: String? = null,
     ) = AuthenticationRequestParameters(
         responseType = GRANT_TYPE_CODE,
         state = state,
         clientId = clientId,
         authorizationDetails = authorizationDetails,
         scope = scope,
         resource = resource,
+        issuerState = issuerState,
         redirectUrl = redirectUrl,
         codeChallenge = generateCodeVerifier(state),
         codeChallengeMethod = CODE_CHALLENGE_METHOD_SHA256,

diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/CredentialIssuer.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/CredentialIssuer.kt
@@ -91,7 +91,7 @@ class CredentialIssuer(
      * Offer all [credentialSchemes] to clients.
      *
      * Callers need to encode this in [CredentialOfferUrlParameters], and offer the resulting URL to clients,
-     * i.e. by displaying a QR Code that can be scanned with wallet appps.
+     * i.e. by displaying a QR Code that can be scanned with wallet apps.
      */
     suspend fun credentialOfferWithAuthorizationCode(): CredentialOffer = CredentialOffer(
         credentialIssuer = publicContext,

diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/Extensions.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidvci/Extensions.kt
@@ -112,8 +112,8 @@ fun CredentialFormatEnum.toRepresentation() = when (this) {
 
 fun Issuer.IssuedCredential.toCredentialResponseParameters() = when (this) {
     is Issuer.IssuedCredential.Iso -> CredentialResponseParameters(
-        CredentialFormatEnum.MSO_MDOC,
-        issuerSigned.serialize().encodeToString(Base64UrlStrict),
+        format = CredentialFormatEnum.MSO_MDOC,
+        credential = issuerSigned.serialize().encodeToString(Base64UrlStrict),
     )
 
     is Issuer.IssuedCredential.VcJwt -> CredentialResponseParameters(