Merge remote-tracking branch 'origin/october' into test_integration

lib/oidc4vc/get_authorization_uri_for_issuer.dart

@@ -77,8 +77,11 @@ Future<void> getAuthorizationUriForIssuer({
 
   late Uri authorizationUri;
 
-  final (authorizationEndpoint, authorizationRequestParemeters) =
-      await oidc4vc.getAuthorizationData(
+  final (
+    authorizationEndpoint,
+    authorizationRequestParemeters,
+    openIdConfiguration
+  ) = await oidc4vc.getAuthorizationData(
     selectedCredentials: selectedCredentials,
     clientId: clientId,
     clientSecret: clientSecret,
@@ -98,7 +101,12 @@ Future<void> getAuthorizationUriForIssuer({
     dio: client.dio,
   );
 
-  if (secureAuthorizedFlow) {
+  final requirePushedAuthorizationRequests =
+      openIdConfiguration.requirePushedAuthorizationRequests;
+
+  if ((requirePushedAuthorizationRequests != null &&
+          requirePushedAuthorizationRequests) ||
+      (requirePushedAuthorizationRequests == null && secureAuthorizedFlow)) {
     final headers = <String, dynamic>{
       'Content-Type': 'application/x-www-form-urlencoded',
     };

packages/oidc4vc/lib/src/models/openid_configuration.dart

@@ -7,6 +7,7 @@ part 'openid_configuration.g.dart';
 @JsonSerializable()
 class OpenIdConfiguration extends Equatable {
   const OpenIdConfiguration({
+    required this.requirePushedAuthorizationRequests,
     this.authorizationServer,
     this.credentialsSupported,
     this.credentialConfigurationsSupported,
@@ -60,6 +61,8 @@ class OpenIdConfiguration extends Equatable {
   final String? issuer;
   @JsonKey(name: 'jwks_uri')
   final String? jwksUri;
+  @JsonKey(name: 'require_pushed_authorization_requests', defaultValue: false)
+  final bool requirePushedAuthorizationRequests;
   @JsonKey(name: 'grant_types_supported')
   final List<String>? grantTypesSupported;
 
@@ -83,6 +86,7 @@ class OpenIdConfiguration extends Equatable {
         credentialManifests,
         issuer,
         jwksUri,
+        requirePushedAuthorizationRequests,
         grantTypesSupported,
       ];
 }

packages/oidc4vc/lib/src/oidc4vc.dart

@@ -128,8 +128,10 @@ class OIDC4VC {
   /// Received JWT is already filtered on required members
   /// Received JWT keys are already sorted in lexicographic order
 
-  /// authorization endpoint, authorizationRequestParemeters
-  Future<(String, Map<String, dynamic>)> getAuthorizationData({
+  /// authorization endpoint, authorizationRequestParemeters,
+  /// OpenIdConfiguration
+  Future<(String, Map<String, dynamic>, OpenIdConfiguration)>
+      getAuthorizationData({
     required List<dynamic> selectedCredentials,
     required String? clientId,
     required String? clientSecret,
@@ -185,7 +187,11 @@ class OIDC4VC {
         secureAuthorizedFlow: secureAuthorizedFlow,
       );
 
-      return (authorizationEndpoint, authorizationRequestParemeters);
+      return (
+        authorizationEndpoint,
+        authorizationRequestParemeters,
+        openIdConfiguration,
+      );
     } catch (e) {
       throw Exception('NOT_A_VALID_OPENID_URL');
     }
@@ -335,8 +341,9 @@ class OIDC4VC {
     if (secureAuthorizedFlow) {
       myRequest['client_metadata'] =
           Uri.encodeComponent(jsonEncode(clientMetaData));
-    } else {
+    } else if (clientAuthentication != ClientAuthentication.clientSecretJwt) {
       myRequest['client_metadata'] = jsonEncode(clientMetaData);
+      // paramètre config du portail, on ne met pas si : client authentication :
     }
     switch (clientAuthentication) {
       case ClientAuthentication.none:
@@ -351,10 +358,13 @@ class OIDC4VC {
         myRequest['client_id'] = clientId;
       case ClientAuthentication.clientSecretJwt:
         myRequest['client_id'] = clientId;
-        myRequest['client_assertion'] = clientAssertion;
-        myRequest['client_assertion_type'] =
-            // ignore: lines_longer_than_80_chars
-            'urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation';
+        if (secureAuthorizedFlow ||
+            openIdConfiguration.requirePushedAuthorizationRequests) {
+          myRequest['client_assertion'] = clientAssertion;
+          myRequest['client_assertion_type'] =
+              // ignore: lines_longer_than_80_chars
+              'urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation';
+        }
     }
 
     if (scope) {

packages/oidc4vc/test/src/oidc4vc_test.dart

@@ -242,7 +242,7 @@ void main() {
             (request) => request.reply(200, jsonDecode(openIdConfiguration)),
           );
 
-          final (authorizationEndpoint, authorizationRequestParemeters) =
+          final (authorizationEndpoint, authorizationRequestParemeters, _) =
               await oidc4vc.getAuthorizationData(
             selectedCredentials: selectedCredentials,
             clientId: clientId,

test/app/shared/helper_functions/helper_functions_test.dart

@@ -449,10 +449,12 @@ void main() {
             () async => handleErrorForOID4VCI(
               url: 'example',
               openIdConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 authorizationServer: 'example',
                 tokenEndpoint: null,
               ),
               authorizationServerConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 tokenEndpoint: null,
               ),
             ),
@@ -471,12 +473,14 @@ void main() {
             () async => handleErrorForOID4VCI(
               url: 'example',
               openIdConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 authorizationServer: 'example',
                 tokenEndpoint: null,
                 credentialEndpoint: null,
               ),
               authorizationServerConfiguration: const OpenIdConfiguration(
                 tokenEndpoint: 'https://example.com/token',
+                requirePushedAuthorizationRequests: false,
               ),
             ),
             throwsA(
@@ -494,12 +498,14 @@ void main() {
             () async => handleErrorForOID4VCI(
               url: 'example',
               openIdConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 authorizationServer: 'example',
                 tokenEndpoint: null,
                 credentialEndpoint: 'https://example.com/cred',
                 credentialIssuer: null,
               ),
               authorizationServerConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 tokenEndpoint: 'https://example.com/token',
               ),
             ),
@@ -520,6 +526,7 @@ void main() {
             () async => handleErrorForOID4VCI(
               url: 'example',
               openIdConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 authorizationServer: 'example',
                 tokenEndpoint: null,
                 credentialEndpoint: 'https://example.com/cred',
@@ -528,6 +535,7 @@ void main() {
                 credentialConfigurationsSupported: null,
               ),
               authorizationServerConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 tokenEndpoint: 'https://example.com/token',
               ),
             ),
@@ -548,6 +556,7 @@ void main() {
             () async => handleErrorForOID4VCI(
               url: 'example',
               openIdConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 authorizationServer: 'example',
                 tokenEndpoint: null,
                 credentialEndpoint: 'https://example.com/cred',
@@ -557,6 +566,7 @@ void main() {
                 subjectSyntaxTypesSupported: ['asd'],
               ),
               authorizationServerConfiguration: const OpenIdConfiguration(
+                requirePushedAuthorizationRequests: false,
                 tokenEndpoint: 'https://example.com/token',
               ),
             ),