Skip to content

Commit

Permalink
add fields
Browse files Browse the repository at this point in the history
  • Loading branch information
reinkrul committed Dec 11, 2023
1 parent 3a37275 commit 3fd45e7
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 21 deletions.
44 changes: 24 additions & 20 deletions auth/api/iam/s2s_vptoken.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,8 @@ func (r *Wrapper) handleS2SAccessTokenRequest(issuer did.DID, scope string, subm
return nil, err
}
}
var definition *PresentationDefinition
if definition, err = r.validatePresentationSubmission(scope, submission, pexEnvelope); err != nil {
credentialMap, definition, err := r.validatePresentationSubmission(scope, submission, pexEnvelope)
if err != nil {
return nil, err
}
for _, presentation := range pexEnvelope.Presentations {
Expand All @@ -99,7 +99,7 @@ func (r *Wrapper) handleS2SAccessTokenRequest(issuer did.DID, scope string, subm
}

// All OK, allow access
response, err := r.createS2SAccessToken(issuer, time.Now(), pexEnvelope.Presentations, *submission, *definition, scope, credentialSubjectID)
response, err := r.createS2SAccessToken(issuer, time.Now(), pexEnvelope.Presentations, *submission, *definition, scope, credentialSubjectID, credentialMap)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -145,20 +145,24 @@ func (r *Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessT
return RequestAccessToken200JSONResponse(*tokenResult), nil
}

func (r *Wrapper) createS2SAccessToken(issuer did.DID, issueTime time.Time, presentations []vc.VerifiablePresentation,
submission pe.PresentationSubmission, definition PresentationDefinition, scope string, credentialSubjectDID did.DID) (*oauth.TokenResponse, error) {
func (r *Wrapper) createS2SAccessToken(issuer did.DID, issueTime time.Time, presentations []vc.VerifiablePresentation, submission pe.PresentationSubmission, definition PresentationDefinition, scope string, credentialSubjectDID did.DID, credentialMap map[string]vc.VerifiableCredential) (*oauth.TokenResponse, error) {
fieldsMap, err := definition.ResolveConstraintsFields(credentialMap)
if err != nil {
return nil, fmt.Errorf("unable to resolve Presentation Definition Constraints Fields: %w", err)
}
accessToken := AccessToken{
Token: crypto.GenerateNonce(),
Issuer: issuer.String(),
ClientId: credentialSubjectDID.String(),
IssuedAt: issueTime,
Expiration: issueTime.Add(accessTokenValidity),
Scope: scope,
VPToken: presentations,
PresentationDefinition: &definition,
PresentationSubmission: &submission,
Token: crypto.GenerateNonce(),
Issuer: issuer.String(),
ClientId: credentialSubjectDID.String(),
IssuedAt: issueTime,
Expiration: issueTime.Add(accessTokenValidity),
Scope: scope,
VPToken: presentations,
PresentationDefinition: &definition,
PresentationSubmission: &submission,
InputDescriptorConstraintIdMap: fieldsMap,
}
err := r.accessTokenStore().Put(accessToken.Token, accessToken)
err = r.accessTokenStore().Put(accessToken.Token, accessToken)
if err != nil {
return nil, fmt.Errorf("unable to store access token: %w", err)
}
Expand All @@ -174,24 +178,24 @@ func (r *Wrapper) createS2SAccessToken(issuer did.DID, issueTime time.Time, pres
// validatePresentationSubmission checks if the presentation submission is valid for the given scope:
// 1. Resolve presentation definition for the requested scope
// 2. Check submission against presentation and definition
func (r Wrapper) validatePresentationSubmission(scope string, submission *pe.PresentationSubmission, pexEnvelope *pe.Envelope) (*PresentationDefinition, error) {
func (r Wrapper) validatePresentationSubmission(scope string, submission *pe.PresentationSubmission, pexEnvelope *pe.Envelope) (map[string]vc.VerifiableCredential, *PresentationDefinition, error) {
definition := r.auth.PresentationDefinitions().ByScope(scope)
if definition == nil {
return nil, oauth.OAuth2Error{
return nil, nil, oauth.OAuth2Error{
Code: oauth.InvalidScope,
Description: fmt.Sprintf("unsupported scope for presentation exchange: %s", scope),
}
}

_, err := submission.Validate(*pexEnvelope, *definition)
credentialMap, err := submission.Validate(*pexEnvelope, *definition)
if err != nil {
return nil, oauth.OAuth2Error{
return nil, nil, oauth.OAuth2Error{
Code: oauth.InvalidRequest,
Description: "presentation submission does not conform to Presentation Definition",
InternalError: err,
}
}
return definition, err
return credentialMap, definition, err
}

// validateS2SPresentationMaxValidity checks that the presentation is valid for a reasonable amount of time.
Expand Down
2 changes: 1 addition & 1 deletion auth/api/iam/s2s_vptoken_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -423,7 +423,7 @@ func TestWrapper_createAccessToken(t *testing.T) {
ctx := newTestClient(t)

vps := []VerifiablePresentation{test.ParsePresentation(t, presentation)}
accessToken, err := ctx.client.createS2SAccessToken(issuerDID, time.Now(), vps, submission, definition, "everything", credentialSubjectID)
accessToken, err := ctx.client.createS2SAccessToken(issuerDID, time.Now(), vps, submission, definition, "everything", credentialSubjectID, nil)

require.NoError(t, err)
assert.NotEmpty(t, accessToken.AccessToken)
Expand Down

0 comments on commit 3fd45e7

Please sign in to comment.