Support request_uri_method=post #3102
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gerardsn
force-pushed
the
feature/request_uri_method=post
branch
from
f9c256d to
66b1d52
Compare
reinkrul
requested changes
May 14, 2024
auth/api/iam/api.go
Outdated
| InternalError: errors.New("DID does not match client_id for requestID"), | ||
| } | ||
| } | ||
| if ro.RequestURIMethod != "post" { |
There was a problem hiding this comment.
request_uri_method and http methods are both specced as case sensitive, but annoyingly use opposite casing. added a comment
| @@ -193,7 +194,7 @@ func (r Wrapper) loadUserSession(cookies CookieReader, tenantDID did.DID, preAut | |||
| } | |||
| // Note that the session itself does not have an expiration field: | |||
| // it depends on the session store to clean up when it expires. | |||
| if !session.TenantDID.Equals(tenantDID) { | |||
| if !session.TenantDID.Equals(tenantDID) && !session.Wallet.DID.Equals(tenantDID) { | |||
There was a problem hiding this comment.
Wallet DID is always tenant DID?
There was a problem hiding this comment.
in the second OpenID4VP flow the tenantDID is the user wallet DID, (first is organization wallet)
woutslakhorst
requested changes
May 14, 2024
reinkrul
requested changes
May 14, 2024
| // RequestObject is returned from the authorization request's 'request_uri' endpoint defined in RFC9101 | ||
| // If 'request_uri_method' is 'post', a 'wallet_metadata' object can be provided to send with the request, OpenID4VP. | ||
| RequestObject(ctx context.Context, requestURI, requestURIMethod string, walletMetadata *oauth.AuthorizationServerMetadata) (string, error) | ||
| // RequestObjectByGet retrieves the RequestObjectByGet from the authorization request's 'request_uri' endpoint using a GET method as defined in RFC9101/OpenID4VP. |
There was a problem hiding this comment.
Suggested change
| // RequestObjectByGet retrieves the RequestObjectByGet from the authorization request's 'request_uri' endpoint using a GET method as defined in RFC9101/OpenID4VP. | |
| // RequestObjectByGet retrieves the Request Object from the authorization request's 'request_uri' endpoint using a GET method as defined in RFC9101/OpenID4VP. |
There was a problem hiding this comment.
RequestObjectBaguette
(reverted)
woutslakhorst
approved these changes
May 14, 2024
reinkrul
approved these changes
May 14, 2024
rolandgroen
added a commit
that referenced
this pull request
May 23, 2024
* refs/heads/master: (71 commits) Remove nonce from default Request Object params (#3125) Burn nonce type SessionStore entries after first use (#3123) Crypto: alter Storage interface to create keys inside key store (#3120) Crypto: let Exists() return an error if one occurs (#3127) Bump github.com/nats-io/nats-server/v2 from 2.10.14 to 2.10.15 (#3121) Bump github.com/nats-io/nats.go from 1.34.1 to 1.35.0 (#3122) Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#3119) Bump azure/setup-helm from 3.5 to 4 (#3050) cleanup oauth constants (#3117) prevent panic (#3118) Support request_uri_method=post (#3102) add GetAndDelete to SessionStore (#3116) bugfix: redirect browser instead of returning error when requested scope is unknown (3104) (#3113) SQL: Fix SQL Server e2e test connection strings (#3112) Docs: updated v6 release notes to include missing stuff (#3108) IAM: nil deref when re-using same user session (#3106) cleanup metadata (#3103) Docs: fixed MySql example DSN (#3110) Change tag in discovery service to simple lamport clock value (int) (#3098) e2e tests: have Nuts containers wait for DB container healthy (#3109) ... # Conflicts: # charts/nuts-node/values.yaml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #2712
TODO: