Set id_token as default

Signed-off-by: Felix Hoops <9974641+jfelixh@users.noreply.github.com>

README.md

@@ -195,7 +195,7 @@ Now you can develop and it will hot-reload.
 
 ## Policy Configuration
 
-The login policy is the one configuration file that configures the bridge's behavior. The most simple example of one looks like this and accepts any credential, while forwarding all subject fields to the `access_token`:
+The login policy is the one configuration file that configures the bridge's behavior. The most simple example of one looks like this and accepts any credential, while forwarding all subject fields to the `id_token`:
 
 ```JSON
 [
@@ -223,7 +223,7 @@ A pattern object has the following fields:
 
 - `claimPath` is a JSONPath that points to one or more values in the credential. If it points to multiple values, they will be aggregated in a new object and indexed by just their final JSONPath component. _This is generally convenient, but can lead to values being overwritten if not careful and working with a credential that uses the same path components in different depths._
 - `newPath` is the new path of the value relative to the root of the token it will be written into. This value is optional, as long as `claimPath` points to exactly one value. In that case, it defaults to `$.<final claimPath component>`.
-- `token` optionally defines if the claim value ends up either in `"id_token"` or `"access_token"`, with the latter being the default.
+- `token` optionally defines if the claim value ends up either in `"id_token"` or `"access_token"`, with the former being the default.
 - `required` is optional and defaults to `false`
 
 ## Token Introspection

vclogin/__tests__/extractClaims.test.js

@@ -15,7 +15,8 @@ describe("extractClaims", () => {
   it("all subject claims from an EmployeeCredential are extracted", () => {
     var claims = extractClaims(vpEmployee, policyAcceptAnything);
     var expected = {
-      tokenAccess: {
+      tokenAccess: {},
+      tokenId: {
         subjectData: {
           id: "did:key:z6MkkdC46uhBGjMYS2ZDLUwCrTWdaqZdTD3596sN4397oRNd",
           hash: "9ecf754ffdad0c6de238f60728a90511780b2f7dbe2f0ea015115515f3f389cd",
@@ -32,7 +33,6 @@ describe("extractClaims", () => {
           surname: "Surname",
         },
       },
-      tokenId: {},
     };
     expect(claims).toStrictEqual(expected);
   });
@@ -62,14 +62,15 @@ describe("extractClaims", () => {
   it("all designated claims from an EmployeeCredential are extracted", () => {
     var claims = extractClaims(vpEmployee, policyEmployeeFromAnyone);
     var expected = {
-      tokenAccess: {
-        companyName: "deltaDAO AG",
-      },
+      tokenAccess: {},
       tokenId: {
         email: "test@test.com",
         name: "Name Surname",
+        companyName: "deltaDAO AG",
       },
     };
     expect(claims).toStrictEqual(expected);
   });
+
+  //TODO write one test that actually fills items into tokenAccess
 });

vclogin/__tests__/testdata/policies/acceptEmailFromAltme.json

@@ -6,8 +6,7 @@
         "issuer": "did:web:app.altme.io:issuer",
         "claims": [
           {
-            "claimPath": "$.credentialSubject.email",
-            "token": "id_token"
+            "claimPath": "$.credentialSubject.email"
           }
         ]
       }

vclogin/__tests__/testdata/policies/acceptEmailFromAltmeConstr.json

@@ -6,8 +6,7 @@
         "issuer": "did:web:app.altme.io:issuer",
         "claims": [
           {
-            "claimPath": "$.credentialSubject.email",
-            "token": "id_token"
+            "claimPath": "$.credentialSubject.email"
           }
         ],
         "constraint": {

vclogin/__tests__/testdata/policies/acceptEmployeeFromAnyone.json

@@ -10,12 +10,10 @@
             "newPath": "$.companyName"
           },
           {
-            "claimPath": "$.credentialSubject.name",
-            "token": "id_token"
+            "claimPath": "$.credentialSubject.name"
           },
           {
-            "claimPath": "$.credentialSubject.email",
-            "token": "id_token"
+            "claimPath": "$.credentialSubject.email"
           }
         ]
       }

vclogin/__tests__/testdata/policies/acceptEmployeeFromAnyoneConstr.json

@@ -10,12 +10,10 @@
             "newPath": "$.companyName"
           },
           {
-            "claimPath": "$.credentialSubject.name",
-            "token": "id_token"
+            "claimPath": "$.credentialSubject.name"
           },
           {
-            "claimPath": "$.credentialSubject.email",
-            "token": "id_token"
+            "claimPath": "$.credentialSubject.email"
           }
         ],
         "constraint": {

vclogin/lib/extractClaims.ts

@@ -79,7 +79,6 @@ const getPatternClaimFits = (creds: any[], policy: LoginPolicy): any[][] => {
 
 const isCredentialFittingPatternList = (
   cred: any,
-
   patterns: CredentialPattern[],
 ): boolean => {
   for (let pattern of patterns) {
@@ -93,7 +92,6 @@ const isCredentialFittingPatternList = (
 
 const isCredentialFittingPattern = (
   cred: any,
-
   pattern: CredentialPattern,
 ): boolean => {
   if (cred.issuer !== pattern.issuer && pattern.issuer !== "*") {
@@ -304,9 +302,9 @@ const extractClaimsFromVC = (VC: any, policy: LoginPolicy) => {
           }
 
           const claimTarget =
-            claim.token === "id_token"
-              ? extractedClaims.tokenId
-              : extractedClaims.tokenAccess;
+            claim.token === "access_token"
+              ? extractedClaims.tokenAccess
+              : extractedClaims.tokenId;
           jp.value(claimTarget, newPath, value);
         }