From 5733d98b176fc1dc00cf1c6fc58bb31df28837f5 Mon Sep 17 00:00:00 2001 From: Johannes Tuerk Date: Thu, 10 Oct 2024 15:55:46 +0200 Subject: [PATCH] use auth server referenced in cred offer Signed-off-by: Johannes Tuerk --- .../Implementations/Oid4VciClientService.cs | 32 +++++++++++++++---- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/src/WalletFramework.Oid4Vc/Oid4Vci/Implementations/Oid4VciClientService.cs b/src/WalletFramework.Oid4Vc/Oid4Vci/Implementations/Oid4VciClientService.cs index 7faff4d..c2a8f39 100644 --- a/src/WalletFramework.Oid4Vc/Oid4Vci/Implementations/Oid4VciClientService.cs +++ b/src/WalletFramework.Oid4Vc/Oid4Vci/Implementations/Oid4VciClientService.cs @@ -20,7 +20,6 @@ using WalletFramework.MdocVc; using WalletFramework.Oid4Vc.Oid4Vci.Authorization.DPop.Models; using WalletFramework.Oid4Vc.Oid4Vp.Models; -using WalletFramework.Oid4Vc.Oid4Vp.PresentationExchange.Models; using WalletFramework.SdJwtVc.Models; using WalletFramework.SdJwtVc.Models.Records; using WalletFramework.SdJwtVc.Services.SdJwtVcHolderService; @@ -140,7 +139,7 @@ from issState in code.IssuerState null, null); - var authServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata); + var authServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata, offer.CredentialOffer); _httpClient.DefaultRequestHeaders.Clear(); var response = await _httpClient.PostAsync( @@ -202,7 +201,7 @@ public async Task InitiateAuthFlow(Uri uri, ClientOptions clientOptions, Op null); var authServerMetadata = - await FetchAuthorizationServerMetadataAsync(validIssuerMetadata); + await FetchAuthorizationServerMetadataAsync(validIssuerMetadata, Option.None); _httpClient.DefaultRequestHeaders.Clear(); var response = await _httpClient.PostAsync( @@ -256,7 +255,7 @@ from preAuthCode in grants.PreAuthorizedCode TransactionCode = transactionCode }; - var authorizationServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata); + var authorizationServerMetadata = await FetchAuthorizationServerMetadataAsync(issuerMetadata, credentialOfferMetadata.CredentialOffer); var token = await _tokenService.RequestToken( tokenRequest, @@ -522,12 +521,31 @@ private static AuthorizationCodeParameters CreateAndStoreCodeChallenge() return new AuthorizationCodeParameters(codeChallenge, codeVerifier); } - private async Task FetchAuthorizationServerMetadataAsync(IssuerMetadata issuerMetadata) + private async Task FetchAuthorizationServerMetadataAsync(IssuerMetadata issuerMetadata, Option credentialOffer) { Uri credentialIssuer = issuerMetadata.CredentialIssuer; - + var authServerUrl = issuerMetadata.AuthorizationServers.Match( - servers => CreateAuthorizationServerMetadataUri(servers.First()), + issuerMetadataAuthServers => + { + var credentialOfferAuthServer = from offer in credentialOffer + from grants in offer.Grants + from code in grants.AuthorizationCode + from server in code.AuthorizationServer + select server; + + return credentialOfferAuthServer.Match( + offerAuthServer => + { + var matchingAuthServer = issuerMetadataAuthServers.Find(issuerMetadataAuthServer => issuerMetadataAuthServer.ToString() == offerAuthServer); + + return matchingAuthServer.Match( + Some: server => CreateAuthorizationServerMetadataUri(server), + None: () => throw new InvalidOperationException( + "The authorization server in the credential offer does not match any authorization server in the issuer metadata.")); + }, + () => CreateAuthorizationServerMetadataUri(issuerMetadataAuthServers.First())); + }, () => CreateAuthorizationServerMetadataUri(credentialIssuer)); var getAuthServerResponse = await _httpClient.GetAsync(authServerUrl);