Skip to content

Commit

Permalink
use auth server referenced in cred offer
Browse files Browse the repository at this point in the history
Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>
  • Loading branch information
JoTiTu committed Oct 10, 2024
1 parent 7942c50 commit 5733d98
Showing 1 changed file with 25 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
using WalletFramework.MdocVc;
using WalletFramework.Oid4Vc.Oid4Vci.Authorization.DPop.Models;
using WalletFramework.Oid4Vc.Oid4Vp.Models;
using WalletFramework.Oid4Vc.Oid4Vp.PresentationExchange.Models;
using WalletFramework.SdJwtVc.Models;
using WalletFramework.SdJwtVc.Models.Records;
using WalletFramework.SdJwtVc.Services.SdJwtVcHolderService;
Expand Down Expand Up @@ -140,7 +139,7 @@ from issState in code.IssuerState
null,
null);

var authServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata);
var authServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata, offer.CredentialOffer);

_httpClient.DefaultRequestHeaders.Clear();
var response = await _httpClient.PostAsync(
Expand Down Expand Up @@ -202,7 +201,7 @@ public async Task<Uri> InitiateAuthFlow(Uri uri, ClientOptions clientOptions, Op
null);
var authServerMetadata =
await FetchAuthorizationServerMetadataAsync(validIssuerMetadata);
await FetchAuthorizationServerMetadataAsync(validIssuerMetadata, Option<CredentialOffer>.None);
_httpClient.DefaultRequestHeaders.Clear();
var response = await _httpClient.PostAsync(
Expand Down Expand Up @@ -256,7 +255,7 @@ from preAuthCode in grants.PreAuthorizedCode
TransactionCode = transactionCode
};

var authorizationServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata);
var authorizationServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata, credentialOfferMetadata.CredentialOffer);

var token = await _tokenService.RequestToken(
tokenRequest,
Expand Down Expand Up @@ -522,12 +521,31 @@ private static AuthorizationCodeParameters CreateAndStoreCodeChallenge()
return new AuthorizationCodeParameters(codeChallenge, codeVerifier);
}

private async Task<AuthorizationServerMetadata> FetchAuthorizationServerMetadataAsync(IssuerMetadata issuerMetadata)
private async Task<AuthorizationServerMetadata> FetchAuthorizationServerMetadataAsync(IssuerMetadata issuerMetadata, Option<CredentialOffer> credentialOffer)
{
Uri credentialIssuer = issuerMetadata.CredentialIssuer;

var authServerUrl = issuerMetadata.AuthorizationServers.Match(
servers => CreateAuthorizationServerMetadataUri(servers.First()),
issuerMetadataAuthServers =>
{
var credentialOfferAuthServer = from offer in credentialOffer
from grants in offer.Grants
from code in grants.AuthorizationCode
from server in code.AuthorizationServer
select server;
return credentialOfferAuthServer.Match(
offerAuthServer =>
{
var matchingAuthServer = issuerMetadataAuthServers.Find(issuerMetadataAuthServer => issuerMetadataAuthServer.ToString() == offerAuthServer);
return matchingAuthServer.Match(
Some: server => CreateAuthorizationServerMetadataUri(server),
None: () => throw new InvalidOperationException(
"The authorization server in the credential offer does not match any authorization server in the issuer metadata."));
},
() => CreateAuthorizationServerMetadataUri(issuerMetadataAuthServers.First()));
},
() => CreateAuthorizationServerMetadataUri(credentialIssuer));

var getAuthServerResponse = await _httpClient.GetAsync(authServerUrl);
Expand Down

0 comments on commit 5733d98

Please sign in to comment.