diff --git a/Sources/Entities/CredentialIssuer/CredentialIssuerMetadata.swift b/Sources/Entities/CredentialIssuer/CredentialIssuerMetadata.swift index d8bd604..e22238c 100644 --- a/Sources/Entities/CredentialIssuer/CredentialIssuerMetadata.swift +++ b/Sources/Entities/CredentialIssuer/CredentialIssuerMetadata.swift @@ -19,7 +19,7 @@ import JOSESwift public struct CredentialIssuerMetadata: Decodable, Equatable { public let credentialIssuerIdentifier: CredentialIssuerId - public let authorizationServers: [URL] + public let authorizationServers: [URL]? public let credentialEndpoint: CredentialIssuerEndpoint public let batchCredentialEndpoint: CredentialIssuerEndpoint? public let deferredCredentialEndpoint: CredentialIssuerEndpoint? diff --git a/Sources/Issuers/Issuer.swift b/Sources/Issuers/Issuer.swift index 45ea59f..2da9860 100644 --- a/Sources/Issuers/Issuer.swift +++ b/Sources/Issuers/Issuer.swift @@ -145,9 +145,13 @@ public actor Issuer: IssuerType { let authorizationServerSupportsPar = credentialOffer.authorizationServerMetadata.authorizationServerSupportsPar let state = StateValue().value - + if authorizationServerSupportsPar { do { + let resource: String? = issuerMetadata.authorizationServers.map { _ in + credentialOffer.credentialIssuerIdentifier.url.absoluteString + } + let result: ( verifier: PKCEVerifier, code: GetAuthorizationCodeURL @@ -155,7 +159,8 @@ public actor Issuer: IssuerType { scopes: scopes, credentialConfigurationIdentifiers: credentialConfogurationIdentifiers, state: state, - issuerState: issuerState + issuerState: issuerState, + resource: resource ).get() return .success( diff --git a/Sources/Main/Authorisers/AuthorizationServerClient.swift b/Sources/Main/Authorisers/AuthorizationServerClient.swift index 4cac653..66a1ec7 100644 --- a/Sources/Main/Authorisers/AuthorizationServerClient.swift +++ b/Sources/Main/Authorisers/AuthorizationServerClient.swift @@ -31,7 +31,8 @@ public protocol AuthorizationServerClientType { scopes: [Scope], credentialConfigurationIdentifiers: [CredentialConfigurationIdentifier], state: String, - issuerState: String? + issuerState: String?, + resource: String? ) async throws -> Result<(PKCEVerifier, GetAuthorizationCodeURL), Error> func requestAccessTokenAuthFlow( @@ -181,7 +182,8 @@ public actor AuthorizationServerClient: AuthorizationServerClientType { scopes: [Scope], credentialConfigurationIdentifiers: [CredentialConfigurationIdentifier], state: String, - issuerState: String? + issuerState: String?, + resource: String? = nil ) async throws -> Result<(PKCEVerifier, GetAuthorizationCodeURL), Error> { guard !scopes.isEmpty else { throw ValidationError.error(reason: "No scopes provided. Cannot submit par with no scopes.") @@ -197,6 +199,7 @@ public actor AuthorizationServerClient: AuthorizationServerClientType { state: state, codeChallenge: PKCEGenerator.generateCodeChallenge(codeVerifier: codeVerifier), codeChallengeMethod: CodeChallenge.sha256.rawValue, + resource: resource, issuerState: issuerState ) diff --git a/Sources/Main/Resolvers/CredentialOffer/CredentialOfferRequestResolver.swift b/Sources/Main/Resolvers/CredentialOffer/CredentialOfferRequestResolver.swift index afd57d2..7730610 100644 --- a/Sources/Main/Resolvers/CredentialOffer/CredentialOfferRequestResolver.swift +++ b/Sources/Main/Resolvers/CredentialOffer/CredentialOfferRequestResolver.swift @@ -86,7 +86,7 @@ public actor CredentialOfferRequestResolver { return .failure(ValidationError.error(reason: "Invalid credential metadata")) } - guard let authorizationServer = credentialIssuerMetadata.authorizationServers.first, + guard let authorizationServer = credentialIssuerMetadata.authorizationServers?.first, let authorizationServerMetadata = try? await authorizationServerMetadataResolver.resolve(url: authorizationServer).get() else { return .failure(ValidationError.error(reason: "Invalid authorization metadata")) } @@ -107,7 +107,7 @@ public actor CredentialOfferRequestResolver { return .failure(ValidationError.error(reason: "Invalid credential metadata")) } - guard let authorizationServer = credentialIssuerMetadata.authorizationServers.first, + guard let authorizationServer = credentialIssuerMetadata.authorizationServers?.first, let authorizationServerMetadata = try? await authorizationServerMetadataResolver.resolve(url: authorizationServer).get() else { return .failure(ValidationError.error(reason: "Invalid authorization metadata")) } diff --git a/Tests/Helpers/Wallet.swift b/Tests/Helpers/Wallet.swift index af4d16b..34ebef9 100644 --- a/Tests/Helpers/Wallet.swift +++ b/Tests/Helpers/Wallet.swift @@ -66,7 +66,7 @@ extension Wallet { switch issuerMetadata { case .success(let metaData): - if let authorizationServer = metaData?.authorizationServers.first, + if let authorizationServer = metaData?.authorizationServers?.first, let metaData { let resolver = AuthorizationServerMetadataResolver( oidcFetcher: Fetcher(session: self.session),