From 2f172c6e30332adc75df05890d3aeeb6432acd9a Mon Sep 17 00:00:00 2001
From: Christian Kollmann <christian.kollmann@a-sit.at>
Date: Thu, 26 Sep 2024 13:14:51 +0200
Subject: [PATCH] SIOP: Add option to set response type for requests

---
 .../asitplus/wallet/lib/oidc/OidcSiopVerifier.kt | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt
index 1d0d40af..b1b16008 100644
--- a/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt
+++ b/vck-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt
@@ -162,13 +162,23 @@ class OidcSiopVerifier private constructor(
          */
         val credentials: Set<RequestOptionsCredential>,
         /**
-         * Response mode to request, see [OpenIdConstants.ResponseMode]
+         * Response mode to request, see [OpenIdConstants.ResponseMode],
+         * by default [OpenIdConstants.ResponseMode.FRAGMENT].
+         * Setting this to any other value may require setting [responseUrl] too.
          */
         val responseMode: OpenIdConstants.ResponseMode = OpenIdConstants.ResponseMode.FRAGMENT,
         /**
-         * Response URL to set in the [AuthenticationRequestParameters]
+         * Response URL to set in the [AuthenticationRequestParameters.responseUrl],
+         * required if [responseMode] is set to [OpenIdConstants.ResponseMode.DIRECT_POST] or
+         * [OpenIdConstants.ResponseMode.DIRECT_POST_JWT].
          */
         val responseUrl: String? = null,
+        /**
+         * Response type to set in [AuthenticationRequestParameters.responseType],
+         * by default only `vp_token` (as per OpenID4VP spec).
+         * Be sure to separate values by a space, e.g. `vp_token id_token`.
+         */
+        val responseType: String = VP_TOKEN,
         /**
          * Opaque value which will be returned by the OpenId Provider and also in [AuthnResponseResult]
          */
@@ -296,7 +306,7 @@ class OidcSiopVerifier private constructor(
     suspend fun createAuthnRequest(
         requestOptions: RequestOptions,
     ) = AuthenticationRequestParameters(
-        responseType = "$ID_TOKEN $VP_TOKEN", // TODO move to RequestOptions
+        responseType = requestOptions.responseType,
         clientId = clientId,
         redirectUrl = requestOptions.buildRedirectUrl(),
         responseUrl = requestOptions.responseUrl,