Skip to content

Commit

Permalink
Merge pull request #56 from vrk-kpa/fix/add-resource-to-pushed-author…
Browse files Browse the repository at this point in the history
…ization-code-request

[fix] Add resource parameter to pushed authorization code request
  • Loading branch information
dtsiflit authored Jul 16, 2024
2 parents ffa909e + df86c31 commit c60e7de
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import JOSESwift

public struct CredentialIssuerMetadata: Decodable, Equatable {
public let credentialIssuerIdentifier: CredentialIssuerId
public let authorizationServers: [URL]
public let authorizationServers: [URL]?
public let credentialEndpoint: CredentialIssuerEndpoint
public let batchCredentialEndpoint: CredentialIssuerEndpoint?
public let deferredCredentialEndpoint: CredentialIssuerEndpoint?
Expand Down
9 changes: 7 additions & 2 deletions Sources/Issuers/Issuer.swift
Original file line number Diff line number Diff line change
Expand Up @@ -145,17 +145,22 @@ public actor Issuer: IssuerType {
let authorizationServerSupportsPar = credentialOffer.authorizationServerMetadata.authorizationServerSupportsPar

let state = StateValue().value

if authorizationServerSupportsPar {
do {
let resource: String? = issuerMetadata.authorizationServers.map { _ in
credentialOffer.credentialIssuerIdentifier.url.absoluteString
}

let result: (
verifier: PKCEVerifier,
code: GetAuthorizationCodeURL
) = try await authorizer.submitPushedAuthorizationRequest(
scopes: scopes,
credentialConfigurationIdentifiers: credentialConfogurationIdentifiers,
state: state,
issuerState: issuerState
issuerState: issuerState,
resource: resource
).get()

return .success(
Expand Down
7 changes: 5 additions & 2 deletions Sources/Main/Authorisers/AuthorizationServerClient.swift
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ public protocol AuthorizationServerClientType {
scopes: [Scope],
credentialConfigurationIdentifiers: [CredentialConfigurationIdentifier],
state: String,
issuerState: String?
issuerState: String?,
resource: String?
) async throws -> Result<(PKCEVerifier, GetAuthorizationCodeURL), Error>

func requestAccessTokenAuthFlow(
Expand Down Expand Up @@ -181,7 +182,8 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
scopes: [Scope],
credentialConfigurationIdentifiers: [CredentialConfigurationIdentifier],
state: String,
issuerState: String?
issuerState: String?,
resource: String? = nil
) async throws -> Result<(PKCEVerifier, GetAuthorizationCodeURL), Error> {
guard !scopes.isEmpty else {
throw ValidationError.error(reason: "No scopes provided. Cannot submit par with no scopes.")
Expand All @@ -197,6 +199,7 @@ public actor AuthorizationServerClient: AuthorizationServerClientType {
state: state,
codeChallenge: PKCEGenerator.generateCodeChallenge(codeVerifier: codeVerifier),
codeChallengeMethod: CodeChallenge.sha256.rawValue,
resource: resource,
issuerState: issuerState
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public actor CredentialOfferRequestResolver {
return .failure(ValidationError.error(reason: "Invalid credential metadata"))
}

guard let authorizationServer = credentialIssuerMetadata.authorizationServers.first,
guard let authorizationServer = credentialIssuerMetadata.authorizationServers?.first,
let authorizationServerMetadata = try? await authorizationServerMetadataResolver.resolve(url: authorizationServer).get() else {
return .failure(ValidationError.error(reason: "Invalid authorization metadata"))
}
Expand All @@ -107,7 +107,7 @@ public actor CredentialOfferRequestResolver {
return .failure(ValidationError.error(reason: "Invalid credential metadata"))
}

guard let authorizationServer = credentialIssuerMetadata.authorizationServers.first,
guard let authorizationServer = credentialIssuerMetadata.authorizationServers?.first,
let authorizationServerMetadata = try? await authorizationServerMetadataResolver.resolve(url: authorizationServer).get() else {
return .failure(ValidationError.error(reason: "Invalid authorization metadata"))
}
Expand Down
2 changes: 1 addition & 1 deletion Tests/Helpers/Wallet.swift
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ extension Wallet {

switch issuerMetadata {
case .success(let metaData):
if let authorizationServer = metaData?.authorizationServers.first,
if let authorizationServer = metaData?.authorizationServers?.first,
let metaData {
let resolver = AuthorizationServerMetadataResolver(
oidcFetcher: Fetcher(session: self.session),
Expand Down

0 comments on commit c60e7de

Please sign in to comment.