diff --git a/packages/client/lib/MetadataClient.ts b/packages/client/lib/MetadataClient.ts index 283f68b3..457e7c1c 100644 --- a/packages/client/lib/MetadataClient.ts +++ b/packages/client/lib/MetadataClient.ts @@ -85,6 +85,7 @@ export class MetadataClient { if (credentialIssuerMetadata.token_endpoint) { token_endpoint = credentialIssuerMetadata.token_endpoint; } + authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint if (credentialIssuerMetadata.authorization_servers) { authorization_servers = credentialIssuerMetadata.authorization_servers as string[]; } else if (credentialIssuerMetadata.authorization_server) { @@ -131,9 +132,7 @@ export class MetadataClient { ); } authorization_endpoint = authMetadata.authorization_endpoint; - if (!authMetadata.authorization_challenge_endpoint) { - debug(`Authorization Server ${authorization_servers} did not provide a authorization_challenge_endpoint`); - } else if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) { + if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) { throw Error( `Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`, ); diff --git a/packages/client/lib/MetadataClientV1_0_11.ts b/packages/client/lib/MetadataClientV1_0_11.ts index 181028f6..3e18ac8e 100644 --- a/packages/client/lib/MetadataClientV1_0_11.ts +++ b/packages/client/lib/MetadataClientV1_0_11.ts @@ -62,6 +62,7 @@ export class MetadataClientV1_0_11 { if (credentialIssuerMetadata.token_endpoint) { token_endpoint = credentialIssuerMetadata.token_endpoint; } + authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint if (credentialIssuerMetadata.authorization_server) { authorization_server = credentialIssuerMetadata.authorization_server; } @@ -106,9 +107,7 @@ export class MetadataClientV1_0_11 { ); } authorization_endpoint = authMetadata.authorization_endpoint; - if (!authMetadata.authorization_challenge_endpoint) { - debug(`Authorization Server ${authorization_server} did not provide a authorization_challenge_endpoint`); - } else if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) { + if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) { throw Error( `Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`, ); diff --git a/packages/client/lib/MetadataClientV1_0_13.ts b/packages/client/lib/MetadataClientV1_0_13.ts index 9f1e4d83..d9f11100 100644 --- a/packages/client/lib/MetadataClientV1_0_13.ts +++ b/packages/client/lib/MetadataClientV1_0_13.ts @@ -62,6 +62,7 @@ export class MetadataClientV1_0_13 { if (credentialIssuerMetadata.token_endpoint) { token_endpoint = credentialIssuerMetadata.token_endpoint; } + authorization_challenge_endpoint = credentialIssuerMetadata.authorization_challenge_endpoint if (credentialIssuerMetadata.authorization_servers) { authorization_servers = credentialIssuerMetadata.authorization_servers; } @@ -105,9 +106,7 @@ export class MetadataClientV1_0_13 { ); } authorization_endpoint = authMetadata.authorization_endpoint; - if (!authMetadata.authorization_challenge_endpoint) { - debug(`Authorization Server ${authorization_servers} did not provide a authorization_challenge_endpoint`); - } else if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) { + if (authorization_challenge_endpoint && authMetadata.authorization_challenge_endpoint !== authorization_challenge_endpoint) { throw Error( `Credential issuer has a different authorization_challenge_endpoint (${authorization_challenge_endpoint}) from the Authorization Server (${authMetadata.authorization_challenge_endpoint})`, ); diff --git a/packages/client/lib/__tests__/OpenID4VCIClient.spec.ts b/packages/client/lib/__tests__/OpenID4VCIClient.spec.ts index 6383cffc..a41d7ddc 100644 --- a/packages/client/lib/__tests__/OpenID4VCIClient.spec.ts +++ b/packages/client/lib/__tests__/OpenID4VCIClient.spec.ts @@ -213,7 +213,7 @@ describe('OpenID4VCIClient should', () => { it('it should successfully respond with a authorization code when authorization challenge is used', async () => { const url = new URL(`${MOCK_URL}/authorize-challenge`) const responseBody = { - authorization_code: 'test_value', + authorization_code: 'test_authorization_code', }; (await client.retrieveServerMetadata()).authorization_challenge_endpoint = url.toString() @@ -228,7 +228,7 @@ describe('OpenID4VCIClient should', () => { const response = await client.acquireAuthorizationChallengeCode({ clientId: client.clientId, authSession, presentationDuringIssuanceSession }); expect(response).toBeDefined(); - expect(response.authorization_code).toBeDefined(); + expect(response.authorization_code).toEqual(responseBody.authorization_code); }) }); diff --git a/packages/client/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts b/packages/client/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts index 3ada10e4..7c4832d4 100644 --- a/packages/client/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts +++ b/packages/client/lib/__tests__/OpenID4VCIClientV1_0_11.spec.ts @@ -224,7 +224,7 @@ describe('OpenID4VCIClientV1_0_11 should', () => { it('it should successfully respond with a authorization code when authorization challenge is used', async () => { const url = new URL(`${MOCK_URL}/authorize-challenge`) const responseBody = { - authorization_code: 'test_value', + authorization_code: 'test_authorization_code', }; (await client.retrieveServerMetadata()).authorization_challenge_endpoint = url.toString() @@ -239,7 +239,7 @@ describe('OpenID4VCIClientV1_0_11 should', () => { const response = await client.acquireAuthorizationChallengeCode({ clientId: client.clientId, authSession, presentationDuringIssuanceSession }); expect(response).toBeDefined(); - expect(response.authorization_code).toBeDefined(); + expect(response.authorization_code).toEqual(responseBody.authorization_code); }) }); diff --git a/packages/client/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts b/packages/client/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts index 68473dfb..c868a1c4 100644 --- a/packages/client/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts +++ b/packages/client/lib/__tests__/OpenID4VCIClientV1_0_13.spec.ts @@ -205,7 +205,7 @@ describe('OpenID4VCIClientV1_0_13 should', () => { it('it should successfully respond with a authorization code when authorization challenge is used', async () => { const url = new URL(`${MOCK_URL}/authorize-challenge`) const responseBody = { - authorization_code: 'test_value', + authorization_code: 'test_authorization_code', }; (await client.retrieveServerMetadata()).authorization_challenge_endpoint = url.toString() @@ -220,6 +220,6 @@ describe('OpenID4VCIClientV1_0_13 should', () => { const response = await client.acquireAuthorizationChallengeCode({ clientId: client.clientId, authSession, presentationDuringIssuanceSession }); expect(response).toBeDefined(); - expect(response.authorization_code).toBeDefined(); + expect(response.authorization_code).toEqual(responseBody.authorization_code); }) }); diff --git a/packages/issuer-rest/lib/OID4VCIServer.ts b/packages/issuer-rest/lib/OID4VCIServer.ts index 2360bebc..0d2e19c6 100644 --- a/packages/issuer-rest/lib/OID4VCIServer.ts +++ b/packages/issuer-rest/lib/OID4VCIServer.ts @@ -101,7 +101,7 @@ export interface IAuthorizationChallengeEndpointOpts extends ISingleEndpointOpts verifyAuthResponseCallback: (correlationId: string) => Promise } -export interface IEndpointOpts { +export interface IOID4VCIEndpointOpts { tokenEndpointOpts?: ITokenEndpointOpts notificationOpts?: ISingleEndpointOpts createCredentialOfferOpts?: ICreateCredentialOfferEndpointOpts @@ -112,7 +112,7 @@ export interface IEndpointOpts { } export interface IOID4VCIServerOpts extends HasEndpointOpts { - endpointOpts?: IEndpointOpts + endpointOpts?: IOID4VCIEndpointOpts baseUrl?: string } diff --git a/packages/issuer-rest/lib/oid4vci-api-functions.ts b/packages/issuer-rest/lib/oid4vci-api-functions.ts index 12989777..e4476bc5 100644 --- a/packages/issuer-rest/lib/oid4vci-api-functions.ts +++ b/packages/issuer-rest/lib/oid4vci-api-functions.ts @@ -105,7 +105,7 @@ export function authorizationChallengeEndpoint( const endpoint = issuer.authorizationServerMetadata.authorization_challenge_endpoint ?? issuer.issuerMetadata.authorization_challenge_endpoint const baseUrl = getBaseUrl(opts.baseUrl) if (!endpoint) { - LOG.warning('authorization challenge endpoint disabled as no "authorization_challenge_endpoint" has been configured in issuer metadata') + LOG.info('authorization challenge endpoint disabled as no "authorization_challenge_endpoint" has been configured in issuer metadata') return } const path = determinePath(baseUrl, endpoint, { stripBasePath: true }) @@ -138,7 +138,7 @@ export function authorizationChallengeEndpoint( throw authorizationChallengeErrorResponse } - const authRequestURI = await opts.createAuthRequestUriCallback(issuer_state) + const authRequestURI = await opts.createAuthRequestUriCallback(issuer_state) // TODO generate some error const authorizationChallengeErrorResponse: AuthorizationChallengeErrorResponse = { error: AuthorizationChallengeError.insufficient_authorization, auth_session: issuer_state, @@ -157,7 +157,7 @@ export function authorizationChallengeEndpoint( throw authorizationChallengeErrorResponse } - const verifiedResponse = await opts.verifyAuthResponseCallback(presentation_during_issuance_session) + const verifiedResponse = await opts.verifyAuthResponseCallback(presentation_during_issuance_session) // TODO generate some error if (verifiedResponse) { const authorizationCode = generateRandomString(16, 'base64url') session.authorizationCode = authorizationCode