diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go index bfc0fb0567..ab4c240eca 100644 --- a/auth/api/iam/api.go +++ b/auth/api/iam/api.go @@ -77,7 +77,6 @@ const oid4vciSessionValidity = 15 * time.Minute var cacheControlMaxAgeURLs = []string{ "/oauth2/:did/presentation_definition", "/.well-known/oauth-authorization-server/oauth2/:did", - "/.well-known/oauth-authorization-server", "/oauth2/:did/oauth-client", "/statuslist/:did/:page", } @@ -588,15 +587,6 @@ func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request O return OAuthAuthorizationServerMetadata200JSONResponse(*md), nil } -func (r Wrapper) RootOAuthAuthorizationServerMetadata(ctx context.Context, request RootOAuthAuthorizationServerMetadataRequestObject) (RootOAuthAuthorizationServerMetadataResponseObject, error) { - rootDID, _ := didweb.URLToDID(*r.auth.PublicURL()) - md, err := r.oauthAuthorizationServerMetadata(ctx, rootDID.String()) - if err != nil { - return nil, err - } - return RootOAuthAuthorizationServerMetadata200JSONResponse(*md), nil -} - func (r Wrapper) oauthAuthorizationServerMetadata(ctx context.Context, didAsString string) (*oauth.AuthorizationServerMetadata, error) { ownDID, err := r.toOwnedDID(ctx, didAsString) if err != nil { diff --git a/auth/api/iam/api_test.go b/auth/api/iam/api_test.go index b0cacb2412..acc4f60cfa 100644 --- a/auth/api/iam/api_test.go +++ b/auth/api/iam/api_test.go @@ -109,20 +109,6 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { }) } -func TestWrapper_RootOAuthAuthorizationServerMetadata(t *testing.T) { - t.Run("ok", func(t *testing.T) { - ctx := newTestClient(t) - ctx.documentOwner.EXPECT().IsOwner(nil, rootWebDID).Return(true, nil) - - res, err := ctx.client.RootOAuthAuthorizationServerMetadata(nil, RootOAuthAuthorizationServerMetadataRequestObject{}) - - require.NoError(t, err) - assert.IsType(t, RootOAuthAuthorizationServerMetadata200JSONResponse{}, res) - actualIssuer := res.(RootOAuthAuthorizationServerMetadata200JSONResponse).Issuer - assert.Equal(t, rootURL.String(), actualIssuer) - }) -} - func TestWrapper_GetOAuthClientMetadata(t *testing.T) { t.Run("ok", func(t *testing.T) { ctx := newTestClient(t) diff --git a/auth/api/iam/generated.go b/auth/api/iam/generated.go index 17aed1ae18..b8f1e08022 100644 --- a/auth/api/iam/generated.go +++ b/auth/api/iam/generated.go @@ -541,9 +541,6 @@ func (a ExtendedTokenIntrospectionResponse) MarshalJSON() ([]byte, error) { // ServerInterface represents all server handlers. type ServerInterface interface { - // Get the OAuth2 Authorization Server metadata of a root did:web DID. - // (GET /.well-known/oauth-authorization-server) - RootOAuthAuthorizationServerMetadata(ctx echo.Context) error // Get the OAuth2 Authorization Server metadata for the specified DID. // (GET /.well-known/oauth-authorization-server/oauth2/{did}) OAuthAuthorizationServerMetadata(ctx echo.Context, did string) error @@ -608,17 +605,6 @@ type ServerInterfaceWrapper struct { Handler ServerInterface } -// RootOAuthAuthorizationServerMetadata converts echo context to params. -func (w *ServerInterfaceWrapper) RootOAuthAuthorizationServerMetadata(ctx echo.Context) error { - var err error - - ctx.Set(JwtBearerAuthScopes, []string{}) - - // Invoke the callback with all the unmarshaled arguments - err = w.Handler.RootOAuthAuthorizationServerMetadata(ctx) - return err -} - // OAuthAuthorizationServerMetadata converts echo context to params. func (w *ServerInterfaceWrapper) OAuthAuthorizationServerMetadata(ctx echo.Context) error { var err error @@ -990,7 +976,6 @@ func RegisterHandlersWithBaseURL(router EchoRouter, si ServerInterface, baseURL Handler: si, } - router.GET(baseURL+"/.well-known/oauth-authorization-server", wrapper.RootOAuthAuthorizationServerMetadata) router.GET(baseURL+"/.well-known/oauth-authorization-server/oauth2/:did", wrapper.OAuthAuthorizationServerMetadata) router.POST(baseURL+"/internal/auth/v2/accesstoken/introspect", wrapper.IntrospectAccessToken) router.POST(baseURL+"/internal/auth/v2/accesstoken/introspect_extended", wrapper.IntrospectAccessTokenExtended) @@ -1012,43 +997,6 @@ func RegisterHandlersWithBaseURL(router EchoRouter, si ServerInterface, baseURL } -type RootOAuthAuthorizationServerMetadataRequestObject struct { -} - -type RootOAuthAuthorizationServerMetadataResponseObject interface { - VisitRootOAuthAuthorizationServerMetadataResponse(w http.ResponseWriter) error -} - -type RootOAuthAuthorizationServerMetadata200JSONResponse OAuthAuthorizationServerMetadata - -func (response RootOAuthAuthorizationServerMetadata200JSONResponse) VisitRootOAuthAuthorizationServerMetadataResponse(w http.ResponseWriter) error { - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(200) - - return json.NewEncoder(w).Encode(response) -} - -type RootOAuthAuthorizationServerMetadatadefaultApplicationProblemPlusJSONResponse struct { - Body struct { - // Detail A human-readable explanation specific to this occurrence of the problem. - Detail string `json:"detail"` - - // Status HTTP statuscode - Status float32 `json:"status"` - - // Title A short, human-readable summary of the problem type. - Title string `json:"title"` - } - StatusCode int -} - -func (response RootOAuthAuthorizationServerMetadatadefaultApplicationProblemPlusJSONResponse) VisitRootOAuthAuthorizationServerMetadataResponse(w http.ResponseWriter) error { - w.Header().Set("Content-Type", "application/problem+json") - w.WriteHeader(response.StatusCode) - - return json.NewEncoder(w).Encode(response.Body) -} - type OAuthAuthorizationServerMetadataRequestObject struct { Did string `json:"did"` } @@ -1707,9 +1655,6 @@ func (response StatusListdefaultApplicationProblemPlusJSONResponse) VisitStatusL // StrictServerInterface represents all server handlers. type StrictServerInterface interface { - // Get the OAuth2 Authorization Server metadata of a root did:web DID. - // (GET /.well-known/oauth-authorization-server) - RootOAuthAuthorizationServerMetadata(ctx context.Context, request RootOAuthAuthorizationServerMetadataRequestObject) (RootOAuthAuthorizationServerMetadataResponseObject, error) // Get the OAuth2 Authorization Server metadata for the specified DID. // (GET /.well-known/oauth-authorization-server/oauth2/{did}) OAuthAuthorizationServerMetadata(ctx context.Context, request OAuthAuthorizationServerMetadataRequestObject) (OAuthAuthorizationServerMetadataResponseObject, error) @@ -1781,29 +1726,6 @@ type strictHandler struct { middlewares []StrictMiddlewareFunc } -// RootOAuthAuthorizationServerMetadata operation middleware -func (sh *strictHandler) RootOAuthAuthorizationServerMetadata(ctx echo.Context) error { - var request RootOAuthAuthorizationServerMetadataRequestObject - - handler := func(ctx echo.Context, request interface{}) (interface{}, error) { - return sh.ssi.RootOAuthAuthorizationServerMetadata(ctx.Request().Context(), request.(RootOAuthAuthorizationServerMetadataRequestObject)) - } - for _, middleware := range sh.middlewares { - handler = middleware(handler, "RootOAuthAuthorizationServerMetadata") - } - - response, err := handler(ctx, request) - - if err != nil { - return err - } else if validResponse, ok := response.(RootOAuthAuthorizationServerMetadataResponseObject); ok { - return validResponse.VisitRootOAuthAuthorizationServerMetadataResponse(ctx.Response()) - } else if response != nil { - return fmt.Errorf("unexpected response type: %T", response) - } - return nil -} - // OAuthAuthorizationServerMetadata operation middleware func (sh *strictHandler) OAuthAuthorizationServerMetadata(ctx echo.Context, did string) error { var request OAuthAuthorizationServerMetadataRequestObject diff --git a/docs/_static/auth/iam.partial.yaml b/docs/_static/auth/iam.partial.yaml index a3fc75e457..c98f83249f 100644 --- a/docs/_static/auth/iam.partial.yaml +++ b/docs/_static/auth/iam.partial.yaml @@ -339,29 +339,6 @@ paths: "$ref": "#/components/schemas/OAuthAuthorizationServerMetadata" default: $ref: '../common/error_response.yaml' - /.well-known/oauth-authorization-server: - get: - tags: - - well-known - summary: Get the OAuth2 Authorization Server metadata of a root did:web DID. - description: > - Specified by https://www.rfc-editor.org/info/rfc8414 - The well-known path is the default specified by https://www.rfc-editor.org/rfc/rfc8414.html#section-3 - - error returns: - * 400 - invalid input - * 404 - did not found; possibly be non-existing, deactivated, or not managed by this node - * 500 - internal server error - operationId: RootOAuthAuthorizationServerMetadata - responses: - "200": - description: OK - content: - application/json: - schema: - "$ref": "#/components/schemas/OAuthAuthorizationServerMetadata" - default: - $ref: '../common/error_response.yaml' /oauth2/{did}/oauth-client: get: tags: