From 85aaeca44fb92e0273039b62124f408ad9c59cb2 Mon Sep 17 00:00:00 2001
From: Arjen van Veen <arjen.van.veen@spruceid.com>
Date: Fri, 30 Jun 2023 14:48:21 +0200
Subject: [PATCH 1/4] add refresh token

---
 src/lib.rs   | 8 ++++++++
 src/token.rs | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/src/lib.rs b/src/lib.rs
index 954b753..01ebc46 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -81,6 +81,14 @@ pub struct PreAuthzCode {
     pub extra: HashMap<String, Value>,
 }
 
+#[derive(Debug, Serialize, Deserialize, Clone)]
+pub struct RefreshToken {
+    pub case_id: String,
+    pub app_install_id: String,
+    pub ibm_access_token: String,
+    pub device_jwk: String,
+}
+
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Hash, Eq)]
 #[non_exhaustive]
 pub enum TokenType {
diff --git a/src/token.rs b/src/token.rs
index 73b0894..8123636 100644
--- a/src/token.rs
+++ b/src/token.rs
@@ -22,6 +22,14 @@ pub enum Request {
         #[serde(alias = "pin")]
         user_pin: Option<String>,
     },
+    #[serde(rename = "urn:ietf:params:oauth:grant-type:refresh_token")]
+    RefreshToken {
+        client_id: Option<ClientId>,
+        refresh_token: String,
+        #[serde(alias = "pin")]
+        user_pin: Option<String>,
+    }
+
 }
 
 #[derive(Debug, Default, Deserialize, Serialize)]

From a57c9bf44f1e31c8376a9c9f32d21943ea743d14 Mon Sep 17 00:00:00 2001
From: Arjen van Veen <arjen.van.veen@spruceid.com>
Date: Fri, 30 Jun 2023 14:58:28 +0200
Subject: [PATCH 2/4] cargo fmt

---
 src/token.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/token.rs b/src/token.rs
index 8123636..314cc2f 100644
--- a/src/token.rs
+++ b/src/token.rs
@@ -28,8 +28,7 @@ pub enum Request {
         refresh_token: String,
         #[serde(alias = "pin")]
         user_pin: Option<String>,
-    }
-
+    },
 }
 
 #[derive(Debug, Default, Deserialize, Serialize)]

From 9a0f8cbe3be6af2f4f8d91c38e0826a2ea81023d Mon Sep 17 00:00:00 2001
From: Jacob <jacob.ward@spruceid.com>
Date: Mon, 3 Jul 2023 18:24:42 +0100
Subject: [PATCH 3/4] Remove RefreshToken claims.

Refresh token claims are implementation specific so shouldn't be defined
in the core library.
---
 src/lib.rs | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 01ebc46..954b753 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -81,14 +81,6 @@ pub struct PreAuthzCode {
     pub extra: HashMap<String, Value>,
 }
 
-#[derive(Debug, Serialize, Deserialize, Clone)]
-pub struct RefreshToken {
-    pub case_id: String,
-    pub app_install_id: String,
-    pub ibm_access_token: String,
-    pub device_jwk: String,
-}
-
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Hash, Eq)]
 #[non_exhaustive]
 pub enum TokenType {

From 11175c51eb82f2263d71f4448e1228d3663d6e5e Mon Sep 17 00:00:00 2001
From: Jacob <jacob.ward@spruceid.com>
Date: Fri, 7 Jul 2023 12:28:08 +0100
Subject: [PATCH 4/4] Don't encode private key in proof of possession header

---
 src/proof_of_possession.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/proof_of_possession.rs b/src/proof_of_possession.rs
index 4147ed5..24f21d4 100644
--- a/src/proof_of_possession.rs
+++ b/src/proof_of_possession.rs
@@ -88,12 +88,12 @@ impl ProofOfPossession {
         let (h_kid, h_jwk) = match (self.controller.vm.clone(), jwk.key_id.clone()) {
             (Some(did), _) => (Some(did), None),
             (None, Some(kid)) => (Some(kid), None),
-            (None, None) => (None, Some(jwk)),
+            (None, None) => (None, Some(jwk.to_public())),
         };
         let header = Header {
             algorithm: alg,
             key_id: h_kid,
-            jwk: h_jwk.cloned(),
+            jwk: h_jwk,
             type_: Some(JWS_TYPE.to_string()),
             ..Default::default()
         };