trustbloc · fqutishat · Jun 26, 2024 · Jun 26, 2024
diff --git a/api/spec/openapi.gen.go b/api/spec/openapi.gen.go
diff --git a/component/wallet-cli/README.md b/component/wallet-cli/README.md
@@ -187,7 +187,7 @@ To trace HTTP requests between `wallet-cli` and `vcs`, use the `--enable-tracing
 Use the `oidc4vp` command to present Verifiable Credential(s) to the Verifier:
 ```bash
       --attestation-url string              attestation url, i.e. https://<host>/vcs/wallet/attestation
-      --authorization-request-uri string    authorization request uri, starts with 'openid-vc://?request_uri=' prefix
+      --authorization-request-uri string    authorization request uri, starts with 'openid-vc://?request_uri=' prefix if default URL schema is used 
       --disable-domain-matching             disables domain matching for issuer and verifier when presenting credentials (only for did:web)
       --enable-linked-domain-verification   enables linked domain verification
       --enable-tracing                      enables http tracing

diff --git a/component/wallet-cli/cmd/oidc4vp_cmd.go b/component/wallet-cli/cmd/oidc4vp_cmd.go
@@ -138,12 +138,15 @@ func NewOIDC4VPCommand() *cobra.Command {
 				return fmt.Errorf("either --qr-code-path or --authorization-request-uri flag must be set")
 			}
 
-			requestURI := strings.TrimPrefix(authorizationRequest, "openid-vc://?request_uri=")
+			requestURI := strings.SplitN(authorizationRequest, "?request_uri=", 2)
+			if len(requestURI) != 2 {
+				return fmt.Errorf("invalid authorizationRequest format: %s", authorizationRequest)
+			}
 
 			var flow *oidc4vp.Flow
 
 			opts := []oidc4vp.Opt{
-				oidc4vp.WithRequestURI(requestURI),
+				oidc4vp.WithRequestURI(requestURI[1]),
 				oidc4vp.WithWalletDIDIndex(walletDIDIndex),
 			}
 
@@ -177,7 +180,7 @@ func createFlags(cmd *cobra.Command, flags *oidc4vpCommandFlags) {
 	cmd.Flags().StringVar(&flags.serviceFlags.mongoDBConnectionString, "mongodb-connection-string", "", "mongodb connection string")
 
 	cmd.Flags().StringVar(&flags.qrCodePath, "qr-code-path", "", "path to file with qr code")
-	cmd.Flags().StringVar(&flags.authorizationRequestURI, "authorization-request-uri", "", "authorization request uri, starts with 'openid-vc://?request_uri=' prefix")
+	cmd.Flags().StringVar(&flags.authorizationRequestURI, "authorization-request-uri", "", "authorization request uri, starts with 'openid-vc://?request_uri=' prefix if default URL schema is used")
 	cmd.Flags().BoolVar(&flags.enableLinkedDomainVerification, "enable-linked-domain-verification", false, "enables linked domain verification")
 	cmd.Flags().BoolVar(&flags.disableDomainMatching, "disable-domain-matching", false, "disables domain matching for issuer and verifier when presenting credentials (only for did:web)")
 	cmd.Flags().IntVar(&flags.walletDIDIndex, "wallet-did-index", -1, "index of wallet did, if not set the most recently created DID is used")

diff --git a/docs/v1/openapi.yaml b/docs/v1/openapi.yaml
@@ -1268,11 +1268,13 @@ components:
           type: string
         scopes:
           type: array
+          description: List of custom scopes that defines additional claims requested from Holder to Verifier.
           items:
             type: string
-          description: List of custom scopes that defines additional claims requested from Holder to Verifier.
         presentationDefinitionFilters:
           $ref: '#/components/schemas/PresentationDefinitionFilters'
+        customURLScheme:
+          type: string
     PresentationDefinitionFilters:
       title: PresentationDefinitionFilters
       x-tags:

diff --git a/pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper.go b/pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper.go
@@ -37,6 +37,7 @@ func (w *Wrapper) InitiateOidcInteraction(
 	presentationDefinition *presexch.PresentationDefinition,
 	purpose string,
 	customScopes []string,
+	customURLScheme string,
 	profile *profileapi.Verifier) (*oidc4vp.InteractionInfo, error) {
 	ctx, span := w.tracer.Start(ctx, "oidc4vp.InitiateOidcInteraction")
 	defer span.End()
@@ -45,7 +46,8 @@ func (w *Wrapper) InitiateOidcInteraction(
 	span.SetAttributes(attribute.String("purpose", purpose))
 	span.SetAttributes(attribute.StringSlice("custom_copes", customScopes))
 
-	resp, err := w.svc.InitiateOidcInteraction(ctx, presentationDefinition, purpose, customScopes, profile)
+	resp, err := w.svc.InitiateOidcInteraction(ctx,
+		presentationDefinition, purpose, customScopes, customURLScheme, profile)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper_test.go b/pkg/observability/tracing/wrappers/oidc4vp/oidc4vp_wrapper_test.go
@@ -24,11 +24,11 @@ func TestWrapper_InitiateOidcInteraction(t *testing.T) {
 	ctrl := gomock.NewController(t)
 
 	svc := NewMockService(ctrl)
-	svc.EXPECT().InitiateOidcInteraction(gomock.Any(), &presexch.PresentationDefinition{}, "purpose", []string{"additionalScope"}, &profileapi.Verifier{}).Times(1)
+	svc.EXPECT().InitiateOidcInteraction(gomock.Any(), &presexch.PresentationDefinition{}, "purpose", []string{"additionalScope"}, "", &profileapi.Verifier{}).Times(1)
 
 	w := Wrap(svc, trace.NewNoopTracerProvider().Tracer(""))
 
-	_, err := w.InitiateOidcInteraction(context.Background(), &presexch.PresentationDefinition{}, "purpose", []string{"additionalScope"}, &profileapi.Verifier{})
+	_, err := w.InitiateOidcInteraction(context.Background(), &presexch.PresentationDefinition{}, "purpose", []string{"additionalScope"}, "", &profileapi.Verifier{})
 	require.NoError(t, err)
 }
 

diff --git a/pkg/restapi/v1/verifier/controller.go b/pkg/restapi/v1/verifier/controller.go
@@ -354,7 +354,7 @@ func (c *Controller) initiateOidcInteraction(
 	}
 
 	result, err := c.oidc4VPService.InitiateOidcInteraction(
-		ctx, pd, lo.FromPtr(data.Purpose), lo.FromPtr(data.Scopes), profile)
+		ctx, pd, lo.FromPtr(data.Purpose), lo.FromPtr(data.Scopes), lo.FromPtr(data.CustomURLScheme), profile)
 	if err != nil {
 		return nil, resterr.NewSystemError(resterr.VerifierOIDC4vpSvcComponent, "InitiateOidcInteraction", err)
 	}

diff --git a/pkg/restapi/v1/verifier/controller_test.go b/pkg/restapi/v1/verifier/controller_test.go
@@ -2039,8 +2039,8 @@ func TestController_InitiateOidcInteraction(t *testing.T) {
 	mockProfileSvc := NewMockProfileService(gomock.NewController(t))
 
 	oidc4VPSvc := NewMockOIDC4VPService(gomock.NewController(t))
-	oidc4VPSvc.EXPECT().InitiateOidcInteraction(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
-		AnyTimes().Return(&oidc4vp.InteractionInfo{}, nil)
+	oidc4VPSvc.EXPECT().InitiateOidcInteraction(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(),
+		gomock.Any()).AnyTimes().Return(&oidc4vp.InteractionInfo{}, nil)
 
 	t.Run("Success", func(t *testing.T) {
 		mockProfileSvc.EXPECT().GetProfile(gomock.Any(), gomock.Any()).Times(1).Return(&profileapi.Verifier{
@@ -2090,7 +2090,7 @@ func TestController_initiateOidcInteraction(t *testing.T) {
 
 	oidc4VPSvc := NewMockOIDC4VPService(gomock.NewController(t))
 	oidc4VPSvc.EXPECT().InitiateOidcInteraction(
-		gomock.Any(), gomock.Any(), gomock.Any(), []string{"test_scope"}, gomock.Any()).
+		gomock.Any(), gomock.Any(), gomock.Any(), []string{"test_scope"}, "", gomock.Any()).
 		AnyTimes().Return(&oidc4vp.InteractionInfo{}, nil)
 
 	t.Run("Success", func(t *testing.T) {
@@ -2321,7 +2321,7 @@ func TestController_initiateOidcInteraction(t *testing.T) {
 	t.Run("oidc4VPService.InitiateOidcInteraction failed", func(t *testing.T) {
 		oidc4VPSvc := NewMockOIDC4VPService(gomock.NewController(t))
 		oidc4VPSvc.EXPECT().
-			InitiateOidcInteraction(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
+			InitiateOidcInteraction(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
 			AnyTimes().Return(nil, errors.New("fail"))
 
 		controller := NewController(&Config{

diff --git a/pkg/restapi/v1/verifier/openapi.gen.go b/pkg/restapi/v1/verifier/openapi.gen.go
diff --git a/pkg/service/oidc4vp/api.go b/pkg/service/oidc4vp/api.go
@@ -63,6 +63,7 @@ type ServiceInterface interface {
 		presentationDefinition *presexch.PresentationDefinition,
 		purpose string,
 		customScopes []string,
+		customURLScheme string,
 		profile *profileapi.Verifier,
 	) (*InteractionInfo, error)
 	VerifyOIDCVerifiablePresentation(ctx context.Context, txID TxID, authResponse *AuthorizationResponseParsed) error

diff --git a/pkg/service/oidc4vp/oidc4vp_service.go b/pkg/service/oidc4vp/oidc4vp_service.go
@@ -54,6 +54,7 @@ const (
 	vpTokenIDTokenResponseType = "vp_token id_token" //nolint:gosec
 	directPostResponseMode     = "direct_post"
 	didClientIDScheme          = "did"
+	defaultURLScheme           = "openid-vc://"
 )
 
 const (
@@ -229,6 +230,7 @@ func (s *Service) InitiateOidcInteraction(
 	presentationDefinition *presexch.PresentationDefinition,
 	purpose string,
 	customScopes []string,
+	customURLScheme string,
 	profile *profileapi.Verifier,
 ) (*InteractionInfo, error) {
 	logger.Debugc(ctx, "InitiateOidcInteraction begin")
@@ -273,7 +275,13 @@ func (s *Service) InitiateOidcInteraction(
 
 	logger.Debugc(ctx, "InitiateOidcInteraction request object published")
 
-	authorizationRequest := "openid-vc://?request_uri=" + requestURI
+	urlScheme := defaultURLScheme
+
+	if customURLScheme != "" {
+		urlScheme = customURLScheme
+	}
+
+	authorizationRequest := fmt.Sprintf("%s?request_uri=%s", urlScheme, requestURI)
 
 	if errSendEvent := s.sendOIDCInteractionInitiatedEvent(ctx, tx, profile, authorizationRequest); errSendEvent != nil {
 		return nil, errSendEvent

diff --git a/pkg/service/oidc4vp/oidc4vp_service_test.go b/pkg/service/oidc4vp/oidc4vp_service_test.go
@@ -13,6 +13,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"strings"
 	"testing"
 	"time"
 
@@ -140,10 +141,21 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 	t.Run("Success", func(t *testing.T) {
 		info, err := s.InitiateOidcInteraction(context.TODO(), &presexch.PresentationDefinition{
 			ID: "test",
-		}, "test", []string{customScope}, correctProfile)
+		}, "test", []string{customScope}, "", correctProfile)
 
 		require.NoError(t, err)
 		require.NotNil(t, info)
+		require.True(t, strings.HasPrefix(info.AuthorizationRequest, "openid-vc://"))
+	})
+
+	t.Run("Success with custom URL scheme", func(t *testing.T) {
+		info, err := s.InitiateOidcInteraction(context.TODO(), &presexch.PresentationDefinition{
+			ID: "test",
+		}, "test", []string{customScope}, "openid4vp://", correctProfile)
+
+		require.NoError(t, err)
+		require.NotNil(t, info)
+		require.True(t, strings.HasPrefix(info.AuthorizationRequest, "openid4vp://"))
 	})
 
 	t.Run("No signature did", func(t *testing.T) {
@@ -152,7 +164,7 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 		incorrectProfile.SigningDID = nil
 
 		info, err := s.InitiateOidcInteraction(
-			context.TODO(), &presexch.PresentationDefinition{}, "test", []string{customScope}, incorrectProfile)
+			context.TODO(), &presexch.PresentationDefinition{}, "test", []string{customScope}, "", incorrectProfile)
 
 		require.Error(t, err)
 		require.Nil(t, info)
@@ -179,6 +191,7 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 			&presexch.PresentationDefinition{},
 			"test",
 			[]string{customScope},
+			"",
 			correctProfile,
 		)
 
@@ -205,6 +218,7 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 			&presexch.PresentationDefinition{},
 			"test",
 			[]string{customScope},
+			"",
 			correctProfile,
 		)
 
@@ -230,6 +244,7 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 			&presexch.PresentationDefinition{},
 			"test",
 			[]string{customScope},
+			"",
 			correctProfile,
 		)
 
@@ -243,7 +258,7 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 		incorrectProfile.SigningDID.KMSKeyID = "invalid"
 
 		info, err := s.InitiateOidcInteraction(
-			context.TODO(), &presexch.PresentationDefinition{}, "test", []string{customScope}, incorrectProfile)
+			context.TODO(), &presexch.PresentationDefinition{}, "test", []string{customScope}, "", incorrectProfile)
 
 		require.Error(t, err)
 		require.Nil(t, info)
@@ -255,7 +270,7 @@ func TestService_InitiateOidcInteraction(t *testing.T) {
 		incorrectProfile.OIDCConfig.KeyType = "invalid"
 
 		info, err := s.InitiateOidcInteraction(
-			context.TODO(), &presexch.PresentationDefinition{}, "test", []string{customScope}, incorrectProfile)
+			context.TODO(), &presexch.PresentationDefinition{}, "test", []string{customScope}, "", incorrectProfile)
 
 		require.Error(t, err)
 		require.Nil(t, info)

diff --git a/test/bdd/pkg/v1/oidc4vc/oidc4vp.go b/test/bdd/pkg/v1/oidc4vc/oidc4vp.go
@@ -273,10 +273,13 @@ func (s *Steps) runOIDC4VPFlowWithOpts(profileVersionedID, pdID, fields string,
 		return fmt.Errorf("init oidc4vp interaction: %w", err)
 	}
 
-	requestURI := strings.TrimPrefix(initiateInteractionResult.AuthorizationRequest, "openid-vc://?request_uri=")
+	requestURI := strings.SplitN(initiateInteractionResult.AuthorizationRequest, "?request_uri=", 2)
+	if len(requestURI) != 2 {
+		return fmt.Errorf("invalid AuthorizationRequest format: %s", initiateInteractionResult.AuthorizationRequest)
+	}
 
 	flow, err := oidc4vp.NewFlow(s.oidc4vpProvider,
-		oidc4vp.WithRequestURI(requestURI),
+		oidc4vp.WithRequestURI(requestURI[1]),
 		oidc4vp.WithDomainMatchingDisabled(),
 		oidc4vp.WithSchemaValidationDisabled(),
 	)

diff --git a/test/stress/pkg/stress/stress_test_case.go b/test/stress/pkg/stress/stress_test_case.go
@@ -410,8 +410,13 @@ func (c *TestCase) Invoke() (string, interface{}, error) {
 			return credID, nil, fmt.Errorf("cred id [%v]; fetch authorization request: %w", credID, err)
 		}
 
+		requestURI := strings.SplitN(authorizationRequest, "?request_uri=", 2)
+		if len(requestURI) != 2 {
+			return "", nil, fmt.Errorf("invalid authorizationRequest format: %s", authorizationRequest)
+		}
+
 		vpFlow, err = oidc4vp.NewFlow(c.oidc4vpProvider,
-			oidc4vp.WithRequestURI(strings.TrimPrefix(authorizationRequest, "openid-vc://?request_uri=")),
+			oidc4vp.WithRequestURI(requestURI[1]),
 			oidc4vp.WithDomainMatchingDisabled(),
 			oidc4vp.WithSchemaValidationDisabled(),
 		)