Move parameter from constructor to method

This allows callers to request different credential schemes with the
same instance of the class

CHANGELOG.md

@@ -3,6 +3,7 @@
 Release NEXT:
  - Get rid of arrays in serializable types and use collections instead
  - Improve interoperability with verifiers and issuers from <https://github.com/eu-digital-identity-wallet/>
+ - `OidcSiopVerifier`: Move `credentialScheme` from constructor to `createAuthnRequest`
 
 Release 3.4.0:
  - Target Java 17

vclib-openid/src/commonMain/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopVerifier.kt

@@ -61,7 +61,6 @@ class OidcSiopVerifier(
     private val verifierJwsService: VerifierJwsService,
     timeLeewaySeconds: Long = 300L,
     private val clock: Clock = Clock.System,
-    private val credentialScheme: ConstantIndex.CredentialScheme? = null,
 ) {
 
     private val timeLeeway = timeLeewaySeconds.toDuration(DurationUnit.SECONDS)
@@ -77,7 +76,6 @@ class OidcSiopVerifier(
             jwsService: JwsService = DefaultJwsService(cryptoService),
             timeLeewaySeconds: Long = 300L,
             clock: Clock = Clock.System,
-            credentialScheme: ConstantIndex.CredentialScheme? = null,
         ) = OidcSiopVerifier(
             verifier = verifier,
             relyingPartyUrl = relyingPartyUrl,
@@ -86,7 +84,6 @@ class OidcSiopVerifier(
             verifierJwsService = verifierJwsService,
             timeLeewaySeconds = timeLeewaySeconds,
             clock = clock,
-            credentialScheme = credentialScheme,
         )
     }
 
@@ -139,20 +136,23 @@ class OidcSiopVerifier(
      *
      * @param responseMode which response mode to request, see [OpenIdConstants.ResponseModes]
      * @param representation specifies the required representation, see [ConstantIndex.CredentialRepresentation]
+     * @param credentialScheme which credential type to request, or `null` to make no restrictions
      * @param requestedAttributes list of attributes that shall be requested explicitly (selective disclosure)
      */
     suspend fun createAuthnRequestUrl(
         walletUrl: String,
         responseMode: String? = null,
         representation: ConstantIndex.CredentialRepresentation = ConstantIndex.CredentialRepresentation.PLAIN_JWT,
         state: String? = uuid4().toString(),
+        credentialScheme: ConstantIndex.CredentialScheme? = null,
         requestedAttributes: List<String>? = null,
     ): String {
         val urlBuilder = URLBuilder(walletUrl)
         createAuthnRequest(
             responseMode = responseMode,
             representation = representation,
             state = state,
+            credentialScheme = credentialScheme,
             requestedAttributes = requestedAttributes,
         ).encodeToParameters()
             .forEach { urlBuilder.parameters.append(it.key, it.value) }
@@ -173,6 +173,7 @@ class OidcSiopVerifier(
         responseMode: String? = null,
         representation: ConstantIndex.CredentialRepresentation = ConstantIndex.CredentialRepresentation.PLAIN_JWT,
         state: String? = uuid4().toString(),
+        credentialScheme: ConstantIndex.CredentialScheme? = null,
         requestedAttributes: List<String>? = null,
     ): KmmResult<String> {
         val urlBuilder = URLBuilder(walletUrl)
@@ -194,18 +195,21 @@ class OidcSiopVerifier(
      * @param responseMode which response mode to request, see [OpenIdConstants.ResponseModes]
      * @param representation specifies the required representation, see [ConstantIndex.CredentialRepresentation]
      * @param state opaque value which will be returned by the OpenId Provider and also in [AuthnResponseResult]
+     * @param credentialScheme which credential type to request, or `null` to make no restrictions
      * @param requestedAttributes list of attributes that shall be requested explicitly (selective disclosure)
      */
     suspend fun createAuthnRequestAsRequestObject(
         responseMode: String? = null,
         representation: ConstantIndex.CredentialRepresentation = ConstantIndex.CredentialRepresentation.PLAIN_JWT,
         state: String? = uuid4().toString(),
+        credentialScheme: ConstantIndex.CredentialScheme? = null,
         requestedAttributes: List<String>? = null,
     ): KmmResult<AuthenticationRequestParameters> {
         val requestObject = createAuthnRequest(
             responseMode = responseMode,
             representation = representation,
             state = state,
+            credentialScheme = credentialScheme,
             requestedAttributes = requestedAttributes,
         )
         val requestObjectSerialized = jsonSerializer.encodeToString(
@@ -235,12 +239,14 @@ class OidcSiopVerifier(
      * @param responseMode which response mode to request, see [OpenIdConstants.ResponseModes]
      * @param representation specifies the required representation, see [ConstantIndex.CredentialRepresentation]
      * @param state opaque value which will be returned by the OpenId Provider and also in [AuthnResponseResult]
+     * @param credentialScheme which credential type to request, or `null` to make no restrictions
      * @param requestedAttributes list of attributes that shall be requested explicitly (selective disclosure)
      */
     suspend fun createAuthnRequest(
         responseMode: String? = null,
         representation: ConstantIndex.CredentialRepresentation = ConstantIndex.CredentialRepresentation.PLAIN_JWT,
         state: String? = uuid4().toString(),
+        credentialScheme: ConstantIndex.CredentialScheme? = null,
         requestedAttributes: List<String>? = null,
     ): AuthenticationRequestParameters {
         val typeConstraint = credentialScheme?.let {

vclib-openid/src/commonTest/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopIsoProtocolTest.kt

@@ -72,9 +72,14 @@ class OidcSiopIsoProtocolTest : FreeSpec({
             verifier = verifierAgent,
             cryptoService = verifierCryptoService,
             relyingPartyUrl = relyingPartyUrl,
-            credentialScheme = ConstantIndex.MobileDrivingLicence2023,
         )
-        val document = runProcess(verifierSiop, walletUrl, ConstantIndex.CredentialRepresentation.ISO_MDOC, holderSiop)
+        val document = runProcess(
+            verifierSiop,
+            walletUrl,
+            ConstantIndex.CredentialRepresentation.ISO_MDOC,
+            ConstantIndex.MobileDrivingLicence2023,
+            holderSiop
+        )
 
         document.validItems.shouldNotBeEmpty()
         document.invalidItems.shouldBeEmpty()
@@ -85,9 +90,14 @@ class OidcSiopIsoProtocolTest : FreeSpec({
             verifier = verifierAgent,
             cryptoService = verifierCryptoService,
             relyingPartyUrl = relyingPartyUrl,
-            credentialScheme = ConstantIndex.AtomicAttribute2023,
         )
-        val document = runProcess(verifierSiop, walletUrl, ConstantIndex.CredentialRepresentation.ISO_MDOC, holderSiop)
+        val document = runProcess(
+            verifierSiop,
+            walletUrl,
+            ConstantIndex.CredentialRepresentation.ISO_MDOC,
+            ConstantIndex.AtomicAttribute2023,
+            holderSiop
+        )
 
         document.validItems.shouldNotBeEmpty()
         document.invalidItems.shouldBeEmpty()
@@ -99,12 +109,12 @@ class OidcSiopIsoProtocolTest : FreeSpec({
             verifier = verifierAgent,
             cryptoService = verifierCryptoService,
             relyingPartyUrl = relyingPartyUrl,
-            credentialScheme = ConstantIndex.MobileDrivingLicence2023,
         )
         val document = runProcess(
             verifierSiop,
             walletUrl,
             ConstantIndex.CredentialRepresentation.ISO_MDOC,
+            ConstantIndex.MobileDrivingLicence2023,
             holderSiop,
             listOf(requestedClaim)
         )
@@ -121,13 +131,15 @@ private suspend fun runProcess(
     verifierSiop: OidcSiopVerifier,
     walletUrl: String,
     credentialRepresentation: ConstantIndex.CredentialRepresentation,
+    credentialScheme: ConstantIndex.CredentialScheme,
     holderSiop: OidcSiopWallet,
     requestedAttributes: List<String>? = null,
 ): IsoDocumentParsed {
     val authnRequest = verifierSiop.createAuthnRequestUrl(
         walletUrl = walletUrl,
         representation = credentialRepresentation,
-        requestedAttributes = requestedAttributes
+        credentialScheme = credentialScheme,
+        requestedAttributes = requestedAttributes,
     ).also { println(it) }
 
     val authnResponse = holderSiop.createAuthnResponse(authnRequest).getOrThrow()

vclib-openid/src/commonTest/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopProtocolTest.kt

@@ -171,10 +171,12 @@ class OidcSiopProtocolTest : FreeSpec({
             verifier = verifierAgent,
             cryptoService = verifierCryptoService,
             relyingPartyUrl = relyingPartyUrl,
-            credentialScheme = ConstantIndex.AtomicAttribute2023,
         )
 
-        val authnRequest = verifierSiop.createAuthnRequestUrl(walletUrl = walletUrl).also { println(it) }
+        val authnRequest = verifierSiop.createAuthnRequestUrl(
+            walletUrl = walletUrl,
+            credentialScheme = ConstantIndex.AtomicAttribute2023
+        ).also { println(it) }
 
         val authnResponse = holderSiop.createAuthnResponse(authnRequest).getOrThrow()
         authnResponse.shouldBeInstanceOf<OidcSiopWallet.AuthenticationResponseResult.Redirect>().also { println(it) }

vclib-openid/src/commonTest/kotlin/at/asitplus/wallet/lib/oidc/OidcSiopSdJwtProtocolTest.kt

@@ -85,11 +85,11 @@ class OidcSiopSdJwtProtocolTest : FreeSpec({
             verifier = verifierAgent,
             cryptoService = verifierCryptoService,
             relyingPartyUrl = relyingPartyUrl,
-            credentialScheme = ConstantIndex.AtomicAttribute2023,
         )
         val authnRequest = verifierSiop.createAuthnRequestUrl(
             walletUrl = walletUrl,
             representation = ConstantIndex.CredentialRepresentation.SD_JWT,
+            credentialScheme = ConstantIndex.AtomicAttribute2023,
             requestedAttributes = listOf(requestedClaim),
         ).also { println(it) }
         authnRequest shouldContain "jwt_sd"