Use token endpoint from session #3126
Conversation
gerardsn
force-pushed
the
use-token-endpoint-from-session
branch
from
d655f80 to
55ea77c
Compare
| @@ -123,10 +124,14 @@ func (c *OpenID4VPClient) PresentationDefinition(ctx context.Context, endpoint s | |||
| return presentationDefinition, nil | |||
| } | |||
|
|
|||
| func (c *OpenID4VPClient) AuthorizationServerMetadata(ctx context.Context, webdid did.DID) (*oauth.AuthorizationServerMetadata, error) { | |||
| func (c *OpenID4VPClient) AuthorizationServerMetadata(ctx context.Context, oauthIssuer string) (*oauth.AuthorizationServerMetadata, error) { | |||
There was a problem hiding this comment.
this method is not specific for OpenID4VCI, is it? Then the param oauthIssuer is weird.
There was a problem hiding this comment.
This is a naming conflict on the issuer term we keep running into.
The oauth /.well-known/authorization-server metadata has an issuer field that is the identity of the AS. This issuer is what the metadata URL is derived from, and corresponds to did:web identity in URL form. So oauthIssuer is just a more generic name and not related to the issuer-holder-verifier model. (hence prefix oauth)
We need this change because OpenID4VCI defines a /.well-known/openid-credential-issuer metadata that contains field authorization_servers that lists multiple URLs, not DIDs.
There was a problem hiding this comment.
would you prefer 2 methods for convenience?
There was a problem hiding this comment.
aha, then just explain this on the interfaces
auth/client/iam/interface.go
Outdated
| // AuthorizationServerMetadata returns the metadata of the remote wallet. | ||
| AuthorizationServerMetadata(ctx context.Context, webdid did.DID) (*oauth.AuthorizationServerMetadata, error) | ||
| AuthorizationServerMetadata(ctx context.Context, oauthIssuerURI string) (*oauth.AuthorizationServerMetadata, error) |
|
|
||
| metadataURL, err := oauth.IssuerIdToWellKnown(serverURL.String(), oauth.AuthzServerWellKnown, hb.strictMode) | ||
| func (hb HTTPClient) OAuthAuthorizationServerMetadata(ctx context.Context, oauthIssuer string) (*oauth.AuthorizationServerMetadata, error) { | ||
| metadataURL, err := oauth.IssuerIdToWellKnown(oauthIssuer, oauth.AuthzServerWellKnown, hb.strictMode) |
There was a problem hiding this comment.
This method is not only used for issuance. Is IssuerIdToWellKnown different then the "DID Web to well-known"?
Also godoc on method is no longer correct.
There was a problem hiding this comment.
this is the same oauth.IssuerId.... In most cases oauthIssuer is just the did web url. Updated godoc
gerardsn
force-pushed
the
use-token-endpoint-from-session
branch
from
0faac8c to
3eed39e
Compare
token_endpointin session and use this to exchangeauthorization_code. closes OpenID4VCI uses wrong AccessToken endpoint #3134/.well-known/openid-configurationwith/.well-known/oauth-authorization-server. closes OpenID4VCI uses wrong authorization server metadata endpoint #3135authorization_detailsin the credential issuance request an object since the full contents are undefined