Fix redirect uri null handling (#56)

* add redirect_uri scheme

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* fix bug when redirect_uri is null

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* implement requested changes

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* adjust oid4vp

Signed-off-by: Kevin <kevin.dinh@lissi.id>

---------

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>
Signed-off-by: Kevin <kevin.dinh@lissi.id>
Co-authored-by: Kevin <kevin.dinh@lissi.id>

src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationRequest.cs

@@ -115,14 +115,16 @@ private static bool IsHaipConform(JObject authorizationRequestJson)
             var responseUri = authorizationRequestJson["response_uri"]!.ToString();
             var responseMode = authorizationRequestJson["response_mode"]!.ToString();
             var redirectUri = authorizationRequestJson["redirect_uri"];
-            var clientIdScheme = authorizationRequestJson["client_id_scheme"];
+            var clientIdScheme = authorizationRequestJson["client_id_scheme"]!.ToString();
+            var clientId = authorizationRequestJson["client_id"]!.ToString();
 
             return
                 responseType == VpToken
                 && responseMode == DirectPost
                 && !string.IsNullOrEmpty(responseUri)
                 && redirectUri is null
-                && clientIdScheme!.ToString() is X509SanDnsScheme or VerifierAttestationScheme;
+                && (clientIdScheme is X509SanDnsScheme or VerifierAttestationScheme
+                    || clientIdScheme is RedirectUriScheme && clientId == responseUri);
         }
     }
 }

src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationResponseCallback.cs

@@ -0,0 +1,21 @@
+using System;
+using Newtonsoft.Json;
+
+namespace Hyperledger.Aries.Features.OpenId4Vc.Vp.Models
+{
+    internal record AuthorizationResponseCallback
+    {
+        [JsonProperty("redirect_uri")]
+        private Uri? RedirectUri { get; }
+
+        public static implicit operator Uri? (AuthorizationResponseCallback? response) => response?.RedirectUri;
+
+        public static implicit operator AuthorizationResponseCallback (Uri redirectUri) => new (redirectUri);
+
+        [JsonConstructor]
+        private AuthorizationResponseCallback(Uri redirectUri)
+        {
+            RedirectUri = redirectUri;
+        }
+    }
+}

src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/ClientIdScheme.cs

@@ -21,7 +21,12 @@ public enum ClientIdSchemeValue
             /// <summary>
             ///     The verifier attestation client ID scheme.
             /// </summary>
-            VerifierAttestation
+            VerifierAttestation,
+
+            /// <summary>
+            ///     The Redirect Uri scheme.
+            /// </summary>
+            RedirectUri
         }
 
         /// <summary>
@@ -33,6 +38,11 @@ public enum ClientIdSchemeValue
         ///     The X509 SAN DNS scheme.
         /// </summary>
         public const string X509SanDnsScheme = "x509_san_dns";
+
+        /// <summary>
+        ///     The Redirect Uri scheme.
+        /// </summary>
+        public const string RedirectUriScheme = "redirect_uri";
 
         /// <summary>
         ///     The client ID scheme value.
@@ -54,6 +64,7 @@ public static ClientIdScheme CreateClientIdScheme(string input) =>
             input switch
             {
                 X509SanDnsScheme => new ClientIdScheme(X509SanDns),
+                RedirectUriScheme => new ClientIdScheme(RedirectUri),
                 VerifierAttestationScheme =>
                     throw new NotImplementedException("Verifier Attestation not yet implemented"),
                 _ => throw new InvalidOperationException($"Client ID Scheme {input} is not supported")

src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpClientService.cs

@@ -4,12 +4,12 @@
 using System.Net.Http;
 using System.Threading.Tasks;
 using Hyperledger.Aries.Agents;
+using Hyperledger.Aries.Extensions;
 using Hyperledger.Aries.Features.OpenId4Vc.Vp.Models;
 using Hyperledger.Aries.Features.OpenId4Vc.Vp.Services;
 using Hyperledger.Aries.Features.SdJwt.Models.Records;
 using Hyperledger.Aries.Features.SdJwt.Services.SdJwtVcHolderService;
 using static Newtonsoft.Json.JsonConvert;
-using static Newtonsoft.Json.Linq.JObject;
 
 namespace Hyperledger.Aries.Features.OpenID4VC.Vp.Services
 {
@@ -117,11 +117,9 @@ await httpClient.SendAsync(
             if (!responseMessage.IsSuccessStatusCode)
                 throw new InvalidOperationException("Authorization Response could not be sent");
 
-            var responseContent = await responseMessage.Content.ReadAsStringAsync();
+            var redirectUriJson = await responseMessage.Content.ReadAsStringAsync();
 
-            var redirectUri = string.IsNullOrEmpty(responseContent)
-                ? null
-                : new Uri(Parse(responseContent)["redirect_uri"]?.ToString()!);
+            var redirectUri = redirectUriJson?.ToObject<AuthorizationResponseCallback>();
 
             var presentedCredentials = selectedCredentials
                 .Select(credential =>

src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpHaipClient.cs

@@ -85,6 +85,8 @@ await httpClient.GetStringAsync(haipAuthorizationRequestUri.RequestUri)
                             .ValidateTrustChain()
                             .ValidateSanName()
                             .ToAuthorizationRequest(),
+                    RedirectUri =>
+                        requestObject.ToAuthorizationRequest(),
                     VerifierAttestation =>
                         throw new NotImplementedException("Verifier Attestation not yet implemented"),
                     _ =>