diff --git a/auth/api/iam/s2s_vptoken.go b/auth/api/iam/s2s_vptoken.go index 3fe1424424..55770507c6 100644 --- a/auth/api/iam/s2s_vptoken.go +++ b/auth/api/iam/s2s_vptoken.go @@ -148,11 +148,16 @@ func (r *Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessT func (r *Wrapper) createS2SAccessToken(issuer did.DID, issueTime time.Time, presentations []vc.VerifiablePresentation, submission pe.PresentationSubmission, definition PresentationDefinition, scope string) (*oauth.TokenResponse, error) { + // TODO: RFC021 isn't clear on this, so take credential subject from first VP for now. + // See https://github.com/nuts-foundation/nuts-specification/issues/269 + clientDID, err := credential.PresentationSigner(presentations[0]) + if err != nil { + return nil, fmt.Errorf("unable to extract client DID from presentation: %w", err) + } accessToken := AccessToken{ - Token: crypto.GenerateNonce(), - Issuer: issuer.String(), - // TODO: set ClientId - ClientId: "", + Token: crypto.GenerateNonce(), + Issuer: issuer.String(), + ClientId: clientDID.String(), IssuedAt: issueTime, Expiration: issueTime.Add(accessTokenValidity), Scope: scope, @@ -160,7 +165,7 @@ func (r *Wrapper) createS2SAccessToken(issuer did.DID, issueTime time.Time, pres PresentationDefinition: &definition, PresentationSubmission: &submission, } - err := r.s2sAccessTokenStore().Put(accessToken.Token, accessToken) + err = r.s2sAccessTokenStore().Put(accessToken.Token, accessToken) if err != nil { return nil, fmt.Errorf("unable to store access token: %w", err) } diff --git a/auth/api/iam/s2s_vptoken_test.go b/auth/api/iam/s2s_vptoken_test.go index b2fa4afedc..3502703eef 100644 --- a/auth/api/iam/s2s_vptoken_test.go +++ b/auth/api/iam/s2s_vptoken_test.go @@ -392,9 +392,14 @@ func TestWrapper_handleS2SAccessTokenRequest(t *testing.T) { func TestWrapper_createAccessToken(t *testing.T) { credential, err := vc.ParseVerifiableCredential(jsonld.TestOrganizationCredential) require.NoError(t, err) - presentation := vc.VerifiablePresentation{ + presentation := test.ParsePresentation(t, vc.VerifiablePresentation{ VerifiableCredential: []vc.VerifiableCredential{*credential}, - } + Proof: []interface{}{ + proof.LDProof{ + VerificationMethod: ssi.MustParseURI("did:nuts:B8PUHs2AUHbFF1xLLK4eZjgErEcMXHxs68FteY7NDtCY#1"), + }, + }, + }) submission := pe.PresentationSubmission{ Id: "submissive", } @@ -404,7 +409,7 @@ func TestWrapper_createAccessToken(t *testing.T) { t.Run("ok", func(t *testing.T) { ctx := newTestClient(t) - accessToken, err := ctx.client.createS2SAccessToken(issuerDID, time.Now(), []VerifiablePresentation{presentation}, submission, definition, "everything") + accessToken, err := ctx.client.createS2SAccessToken(issuerDID, time.Now(), []VerifiablePresentation{test.ParsePresentation(t, presentation)}, submission, definition, "everything") require.NoError(t, err) assert.NotEmpty(t, accessToken.AccessToken)