From 7bbddbc354c00f91dc57413d5527aa8f0d44eceb Mon Sep 17 00:00:00 2001
From: Gerard Snaauw <33763579+gerardsn@users.noreply.github.com>
Date: Mon, 13 May 2024 16:21:25 +0200
Subject: [PATCH] cleanup metadata (#3103)

---
 auth/api/iam/metadata_test.go | 4 ++--
 auth/api/iam/types.go         | 8 +++-----
 auth/oauth/types.go           | 9 +++++----
 crypto/jwx/algorithm.go       | 3 ++-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/auth/api/iam/metadata_test.go b/auth/api/iam/metadata_test.go
index 461bf79fdc..5ce95deea5 100644
--- a/auth/api/iam/metadata_test.go
+++ b/auth/api/iam/metadata_test.go
@@ -43,7 +43,7 @@ func Test_authorizationServerMetadata(t *testing.T) {
 		PresentationDefinitionUriSupported:         &presentationDefinitionURISupported,
 		PresentationDefinitionEndpoint:             oauth2Base.String() + "/presentation_definition",
 		RequireSignedRequestObject:                 true,
-		ResponseTypesSupported:                     []string{"code", "vp_token", "vp_token id_token"},
+		ResponseTypesSupported:                     []string{"code", "vp_token"},
 		ResponseModesSupported:                     []string{"query", "direct_post"},
 		TokenEndpoint:                              oauth2Base.String() + "/token",
 		VPFormats:                                  oauth.DefaultOpenIDSupportedFormats(),
@@ -59,7 +59,7 @@ func Test_clientMetadata(t *testing.T) {
 		RedirectURIs:            nil,
 		TokenEndpointAuthMethod: "none",
 		GrantTypes:              []string{"authorization_code", "vp_token", "urn:ietf:params:oauth:grant-type:pre-authorized_code"},
-		ResponseTypes:           []string{"code", "vp_token", "vp_token id_token"},
+		ResponseTypes:           []string{"code", "vp_token"},
 		Scope:                   "",
 		Contacts:                nil,
 		JwksURI:                 "",
diff --git a/auth/api/iam/types.go b/auth/api/iam/types.go
index 39fd4d85c1..87845f0d63 100644
--- a/auth/api/iam/types.go
+++ b/auth/api/iam/types.go
@@ -19,12 +19,13 @@
 package iam
 
 import (
+	"net/http"
+
 	"github.com/nuts-foundation/go-did/did"
 	"github.com/nuts-foundation/go-did/vc"
 	"github.com/nuts-foundation/nuts-node/auth/oauth"
 	"github.com/nuts-foundation/nuts-node/vcr/pe"
 	"github.com/nuts-foundation/nuts-node/vdr/resolver"
-	"net/http"
 )
 
 // DIDDocument is an alias
@@ -91,12 +92,9 @@ const (
 	// responseTypeVPToken is defined in the OpenID4VP vp_token flow
 	// https://openid.bitbucket.io/connect/openid-4-verifiable-presentations-1_0.html#appendix-B
 	responseTypeVPToken = "vp_token"
-	// responseTypeVPIDToken is defined in the OpenID4VP flow that combines its vp_token with SIOPv2's id_token
-	// https://openid.bitbucket.io/connect/openid-4-verifiable-presentations-1_0.html#appendix-B
-	responseTypeVPIDToken = "vp_token id_token"
 )
 
-var responseTypesSupported = []string{responseTypeCode, responseTypeVPToken, responseTypeVPIDToken}
+var responseTypesSupported = []string{responseTypeCode, responseTypeVPToken}
 
 const (
 	// responseModeParam is the name of the OAuth2 response_mode parameter.
diff --git a/auth/oauth/types.go b/auth/oauth/types.go
index 72179bed17..ed7a86d1db 100644
--- a/auth/oauth/types.go
+++ b/auth/oauth/types.go
@@ -21,8 +21,9 @@ package oauth
 
 import (
 	"encoding/json"
-	"github.com/nuts-foundation/nuts-node/core"
 	"net/url"
+
+	"github.com/nuts-foundation/nuts-node/core"
 )
 
 // this file contains constants, variables and helper functions for OAuth related code
@@ -180,12 +181,12 @@ func IssuerIdToWellKnown(issuer string, wellKnown string, strictmode bool) (*url
 // Specified by https://www.rfc-editor.org/rfc/rfc8414.txt
 type AuthorizationServerMetadata struct {
 	// Issuer defines the authorization server's identifier, which is a URL that uses the "https" scheme and has no query or fragment components.
-	Issuer string `json:"issuer"`
+	Issuer string `json:"issuer,omitempty"`
 
 	/* ******** /authorize ******** */
 
 	// AuthorizationEndpoint defines the URL of the authorization server's authorization endpoint [RFC6749]
-	AuthorizationEndpoint string `json:"authorization_endpoint"`
+	AuthorizationEndpoint string `json:"authorization_endpoint,omitempty"`
 
 	// ResponseTypesSupported defines what response types a client can request
 	ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
@@ -200,7 +201,7 @@ type AuthorizationServerMetadata struct {
 	/* ******** /token ******** */
 
 	// TokenEndpoint defines the URL of the authorization server's token endpoint [RFC6749].
-	TokenEndpoint string `json:"token_endpoint"`
+	TokenEndpoint string `json:"token_endpoint,omitempty"`
 
 	// GrantTypesSupported is a list of the OAuth 2.0 grant type values that this authorization server supports.
 	GrantTypesSupported []string `json:"grant_types_supported,omitempty"`
diff --git a/crypto/jwx/algorithm.go b/crypto/jwx/algorithm.go
index b482fefc3e..4f89d7684e 100644
--- a/crypto/jwx/algorithm.go
+++ b/crypto/jwx/algorithm.go
@@ -20,13 +20,14 @@ package jwx
 
 import (
 	"errors"
+
 	"github.com/lestrrat-go/jwx/v2/jwa"
 )
 
 // ErrUnsupportedSigningKey is returned when an unsupported private key is used to sign. Currently only ecdsa and rsa keys are supported
 var ErrUnsupportedSigningKey = errors.New("signing key algorithm not supported")
 
-var SupportedAlgorithms = []jwa.SignatureAlgorithm{jwa.PS256, jwa.PS384, jwa.PS512, jwa.ES256, jwa.EdDSA, jwa.ES384, jwa.ES512}
+var SupportedAlgorithms = []jwa.SignatureAlgorithm{jwa.ES256, jwa.EdDSA, jwa.ES384, jwa.ES512, jwa.PS256, jwa.PS384, jwa.PS512}
 
 const DefaultRsaEncryptionAlgorithm = jwa.RSA_OAEP_256
 const DefaultEcEncryptionAlgorithm = jwa.ECDH_ES_A256KW