Enable optional client attestation in oid4vp (#162)

* enable optional client attestation in oid4vp

Signed-off-by: Sebastian Bickerle <sebastian.bickerle@lissi.id>

* removed custom scheme check on HaipAuthorizationRequestUri.cs

Signed-off-by: Sebastian Bickerle <sebastian.bickerle@lissi.id>

---------

Signed-off-by: Sebastian Bickerle <sebastian.bickerle@lissi.id>

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Models/ClientAttestationPopDetails.cs → src/WalletFramework.Oid4Vc/ClientAttestation/ClientAttestationPopDetails.cs

@@ -1,7 +1,7 @@
 using LanguageExt;
 using static System.String;
 
-namespace WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
+namespace WalletFramework.Oid4Vc.ClientAttestation;
 
 public record ClientAttestationPopDetails
 {

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Models/CombinedWalletAttestation.cs → src/WalletFramework.Oid4Vc/ClientAttestation/CombinedWalletAttestation.cs

@@ -1,4 +1,6 @@
-namespace WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
+using WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
+
+namespace WalletFramework.Oid4Vc.ClientAttestation;
 
 public record CombinedWalletAttestation
 {

src/WalletFramework.Oid4Vc/ClientAttestation/HttpClientExtensions.cs

@@ -0,0 +1,10 @@
+namespace WalletFramework.Oid4Vc.ClientAttestation;
+
+public static class HttpClientExtensions
+{
+    public static void AddClientAttestationPopHeader(this HttpClient client, CombinedWalletAttestation clientAttestation)
+    {
+        client.DefaultRequestHeaders.Add("OAuth-Client-Attestation", clientAttestation.WalletInstanceAttestationJwt);
+        client.DefaultRequestHeaders.Add("OAuth-Client-Attestation-PoP", clientAttestation.WalletInstanceAttestationPopJwt);
+    }
+}

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Models/WalletInstanceAttestationJwt.cs → src/WalletFramework.Oid4Vc/ClientAttestation/WalletInstanceAttestationJwt.cs

@@ -1,7 +1,7 @@
 using WalletFramework.Core.Functional;
 using WalletFramework.Core.Functional.Errors;
 
-namespace WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
+namespace WalletFramework.Oid4Vc.ClientAttestation;
 
 public struct WalletInstanceAttestationJwt
 {

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Models/WalletInstanceAttestationPopJwt.cs → src/WalletFramework.Oid4Vc/ClientAttestation/WalletInstanceAttestationPopJwt.cs

@@ -1,4 +1,4 @@
-namespace WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
+namespace WalletFramework.Oid4Vc.ClientAttestation;
 
 public struct WalletInstanceAttestationPopJwt
 {

src/WalletFramework.Oid4Vc/Oid4Vp/Models/HaipAuthorizationRequestUri.cs

@@ -25,9 +25,6 @@ public class HaipAuthorizationRequestUri
     /// <exception cref="InvalidOperationException"></exception>
     public static HaipAuthorizationRequestUri FromUri(Uri uri)
     {
-        if (uri.Scheme is not ("haip" or "openid4vp" or "mdoc-openid4vp"))
-            throw new InvalidOperationException("Invalid Scheme. Must be haip or openid4vp");
-
         var request = uri.GetQueryParam("request_uri");
         if (string.IsNullOrEmpty(request))
             throw new InvalidOperationException("HAIP requires request_uri parameter");

src/WalletFramework.Oid4Vc/Oid4Vp/Services/IOid4VpClientService.cs

@@ -1,5 +1,6 @@
 using WalletFramework.Oid4Vc.Oid4Vp.Models;
 
+using WalletFramework.Oid4Vc.ClientAttestation;
 namespace WalletFramework.Oid4Vc.Oid4Vp.Services;
 
 /// <summary>
@@ -22,10 +23,12 @@ public interface IOid4VpClientService
     /// </summary>
     /// <param name="authorizationRequest"></param>
     /// <param name="selectedCredentials"></param>
+    /// <param name="combinedWalletAttestation"></param>
     /// <returns>
     ///     A task representing the asynchronous operation. The task result contains the Callback Url of the Authorization Response if present.
     /// </returns>
     Task<Uri?> SendAuthorizationResponseAsync(
         AuthorizationRequest authorizationRequest,
-        IEnumerable<SelectedCredential> selectedCredentials);
+        IEnumerable<SelectedCredential> selectedCredentials,
+        CombinedWalletAttestation? combinedWalletAttestation = null);
 }

src/WalletFramework.Oid4Vc/Oid4Vp/Services/Oid4VpClientService.cs

@@ -2,6 +2,7 @@
 using LanguageExt;
 using Microsoft.Extensions.Logging;
 using SD_JWT.Models;
+using WalletFramework.Oid4Vc.ClientAttestation;
 using WalletFramework.Core.Credentials.Abstractions;
 using WalletFramework.Core.Functional;
 using WalletFramework.MdocLib;
@@ -10,7 +11,6 @@
 using WalletFramework.MdocLib.Elements;
 using WalletFramework.MdocLib.Security;
 using WalletFramework.MdocVc;
-using WalletFramework.Oid4Vc.Oid4Vci.Abstractions;
 using WalletFramework.Oid4Vc.Oid4Vci.CredConfiguration.Models;
 using WalletFramework.Oid4Vc.Oid4Vp.Models;
 using WalletFramework.Oid4Vc.Oid4Vp.PresentationExchange.Services;
@@ -82,7 +82,8 @@ public Oid4VpClientService(
     /// <inheritdoc />
     public async Task<Uri?> SendAuthorizationResponseAsync(
         AuthorizationRequest authorizationRequest,
-        IEnumerable<SelectedCredential> selectedCredentials)
+        IEnumerable<SelectedCredential> selectedCredentials,
+        CombinedWalletAttestation? clientAttestation = null)
     {
         var credentials = selectedCredentials.ToList();
 
@@ -171,6 +172,8 @@ from path in field.Path.Select(path => path.TrimStart('$', '.'))
 
         var httpClient = _httpClientFactory.CreateClient();
         httpClient.DefaultRequestHeaders.Clear();
+        if (clientAttestation is not null)
+            httpClient.AddClientAttestationPopHeader(clientAttestation);
 
         var json = SerializeObject(authorizationResponse);
         var nameValueCollection = DeserializeObject<Dictionary<string, string>>(json)!.ToList();