feat: 7.2. Credential Request udpates

Signed-off-by: Mykhailo Sizov <[email protected]>
mishasizov-SK · Feb 5, 2024 · b56311c · b56311c
1 parent f901c65
commit b56311c
Show file tree

Hide file tree

Showing 16 changed files with 695 additions and 250 deletions.
diff --git a/api/spec/openapi.gen.go b/api/spec/openapi.gen.go
diff --git a/docs/v1/common.yaml b/docs/v1/common.yaml
@@ -115,6 +115,11 @@ components:
           type: array
           items:
             type: string
+        credential_identifiers:
+          description: For Token response only. Array of strings, each uniquely identifying a Credential that can be issued using the Access Token returned in this response. Each of these Credentials corresponds to the same entry in the credential_configurations_supported Credential Issuer metadata but can contain different claim values or a different subset of claims within the claims set identified by that Credential type.
+          type: array
+          items:
+            type: string
       required:
         - type
     CredentialDefinition:

diff --git a/docs/v1/openapi.yaml b/docs/v1/openapi.yaml
@@ -1346,6 +1346,10 @@ components:
       properties:
         tx_id:
           type: string
+        authorization_details:
+          type: array
+          items:
+            $ref: './common.yaml#/components/schemas/AuthorizationDetails'
       required:
         - tx_id
     StoreAuthorizationCodeRequest:
@@ -1416,6 +1420,11 @@ components:
           type: array
           items:
             type: string
+        authorization_details:
+          description: REQUIRED when authorization_details parameter is used to request issuance of a certain Credential type as defined in Section 5.1.1. It MUST NOT be used otherwise. It is an array of objects, as defined in Section 7 of [RFC9396].
+          type: array
+          items:
+            $ref: './common.yaml#/components/schemas/AuthorizationDetails'
       required:
         - op_state
         - scopes
@@ -1604,6 +1613,11 @@ components:
         c_nonce_expires_in:
           description: Integer denoting the lifetime in seconds of the c_nonce.
           type: integer
+        authorization_details:
+          description: REQUIRED when authorization_details parameter is used to request issuance of a certain Credential type as defined in Section 5.1.1. It MUST NOT be used otherwise. It is an array of objects, as defined in Section 7 of [RFC9396].
+          type: array
+          items:
+            $ref: './common.yaml#/components/schemas/AuthorizationDetails'
       required:
         - access_token
         - token_type

diff --git a/pkg/observability/tracing/wrappers/oidc4ci/oidc4ci_wrapper.go b/pkg/observability/tracing/wrappers/oidc4ci/oidc4ci_wrapper.go
@@ -70,7 +70,7 @@ func (w *Wrapper) StoreAuthorizationCode(ctx context.Context, opState string, co
 	return w.svc.StoreAuthorizationCode(ctx, opState, code, flowData)
 }
 
-func (w *Wrapper) ExchangeAuthorizationCode(ctx context.Context, opState, clientID, clientAttestationType, clientAttestation string) (oidc4ci.TxID, error) {
+func (w *Wrapper) ExchangeAuthorizationCode(ctx context.Context, opState, clientID, clientAttestationType, clientAttestation string) (*oidc4ci.ExchangeAuthorizationCodeResult, error) {
 	return w.svc.ExchangeAuthorizationCode(ctx, opState, clientID, clientAttestationType, clientAttestation)
 }
 

diff --git a/pkg/restapi/v1/common/openapi.gen.go b/pkg/restapi/v1/common/openapi.gen.go
diff --git a/pkg/restapi/v1/issuer/controller.go b/pkg/restapi/v1/issuer/controller.go
@@ -664,7 +664,7 @@ func (c *Controller) ExchangeAuthorizationCodeRequest(ctx echo.Context) error {
 		return err
 	}
 
-	txID, err := c.oidc4ciService.ExchangeAuthorizationCode(ctx.Request().Context(),
+	exchangeAuthorizationCodeResult, err := c.oidc4ciService.ExchangeAuthorizationCode(ctx.Request().Context(),
 		body.OpState,
 		lo.FromPtr(body.ClientId),
 		lo.FromPtr(body.ClientAssertionType),
@@ -674,7 +674,17 @@ func (c *Controller) ExchangeAuthorizationCodeRequest(ctx echo.Context) error {
 		return util.WriteOutput(ctx)(nil, err)
 	}
 
-	return util.WriteOutput(ctx)(ExchangeAuthorizationCodeResponse{TxId: string(txID)}, nil)
+	var authorizationDetailsDTOList []common.AuthorizationDetails
+	if exchangeAuthorizationCodeResult.AuthorizationDetails != nil {
+		authorizationDetailsDTO := exchangeAuthorizationCodeResult.AuthorizationDetails.ToDTO()
+		authorizationDetailsDTOList = []common.AuthorizationDetails{authorizationDetailsDTO}
+	}
+
+	return util.WriteOutput(ctx)(
+		ExchangeAuthorizationCodeResponse{
+			AuthorizationDetails: lo.ToPtr(authorizationDetailsDTOList),
+			TxId:                 string(exchangeAuthorizationCodeResult.TxID),
+		}, nil)
 }
 
 // ValidatePreAuthorizedCodeRequest Validates authorization code and pin.
@@ -686,7 +696,7 @@ func (c *Controller) ValidatePreAuthorizedCodeRequest(ctx echo.Context) error {
 		return err
 	}
 
-	result, err := c.oidc4ciService.ValidatePreAuthorizedCodeRequest(ctx.Request().Context(),
+	transaction, err := c.oidc4ciService.ValidatePreAuthorizedCodeRequest(ctx.Request().Context(),
 		body.PreAuthorizedCode,
 		lo.FromPtr(body.UserPin),
 		lo.FromPtr(body.ClientId),
@@ -697,10 +707,17 @@ func (c *Controller) ValidatePreAuthorizedCodeRequest(ctx echo.Context) error {
 		return err
 	}
 
+	var authorizationDetailsDTOList []common.AuthorizationDetails
+	if transaction.AuthorizationDetails != nil {
+		authorizationDetailsDTO := transaction.AuthorizationDetails.ToDTO()
+		authorizationDetailsDTOList = []common.AuthorizationDetails{authorizationDetailsDTO}
+	}
+
 	return util.WriteOutput(ctx)(ValidatePreAuthorizedCodeResponse{
-		TxId:    string(result.ID),
-		OpState: result.OpState,
-		Scopes:  result.Scope,
+		AuthorizationDetails: lo.ToPtr(authorizationDetailsDTOList),
+		TxId:                 string(transaction.ID),
+		OpState:              transaction.OpState,
+		Scopes:               transaction.Scope,
 	}, nil)
 }