did:web in API, correct VM references

auth/api/iam/api.go

@@ -34,6 +34,7 @@ import (
 	"github.com/nuts-foundation/nuts-node/storage"
 	"github.com/nuts-foundation/nuts-node/vcr"
 	"github.com/nuts-foundation/nuts-node/vdr"
+	"github.com/nuts-foundation/nuts-node/vdr/didweb"
 	"github.com/nuts-foundation/nuts-node/vdr/resolver"
 	"html/template"
 	"net/http"
@@ -231,7 +232,7 @@ func toAnyMap(input any) (*map[string]any, error) {
 
 // HandleAuthorizeRequest handles calls to the authorization endpoint for starting an authorization code flow.
 func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAuthorizeRequestRequestObject) (HandleAuthorizeRequestResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 	// Create session object to be passed to handler
 
 	// Workaround: deepmap codegen doesn't support dynamic query parameters.
@@ -281,7 +282,7 @@ func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAutho
 
 // OAuthAuthorizationServerMetadata returns the Authorization Server's metadata
 func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request OAuthAuthorizationServerMetadataRequestObject) (OAuthAuthorizationServerMetadataResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 	owned, err := r.vdr.IsOwner(ctx, ownDID)
 	if err != nil {
 		if resolver.IsFunctionalResolveError(err) {
@@ -300,7 +301,7 @@ func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request O
 }
 
 func (r Wrapper) GetWebDID(_ context.Context, request GetWebDIDRequestObject) (GetWebDIDResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 
 	document, err := r.vdr.Read(ownDID)
 	if err != nil {
@@ -315,7 +316,7 @@ func (r Wrapper) GetWebDID(_ context.Context, request GetWebDIDRequestObject) (G
 
 // OAuthClientMetadata returns the OAuth2 Client metadata for the request.Id if it is managed by this node.
 func (r Wrapper) OAuthClientMetadata(ctx context.Context, request OAuthClientMetadataRequestObject) (OAuthClientMetadataResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 	owned, err := r.vdr.IsOwner(ctx, ownDID)
 	if err != nil {
 		log.Logger().WithField("did", ownDID.String()).Errorf("oauth metadata: failed to assert ownership of did: %s", err.Error())
@@ -363,11 +364,8 @@ func createSession(params map[string]string, ownDID did.DID) *Session {
 	return session
 }
 
-func idToDID(id string) did.DID {
-	return did.DID{
-		// should be changed to web when migrated to web DID
-		Method:    "nuts",
-		ID:        id,
-		DecodedID: id,
-	}
+func (r Wrapper) idToDID(id string) did.DID {
+	url := r.auth.PublicURL().JoinPath("iam", id)
+	did, _ := didweb.URLToDID(*url)
+	return *did
 }

vdr/didweb/manager.go

@@ -104,21 +104,20 @@ func buildDocument(subject did.DID, verificationMethods []did.VerificationMethod
 	for _, verificationMethod := range verificationMethods {
 		vms = append(vms, &verificationMethod)
 	}
-	var vmRelationships did.VerificationRelationships
-	for _, verificationMethod := range verificationMethods {
-		vmRelationships = append(vmRelationships, did.VerificationRelationship{VerificationMethod: &verificationMethod})
-	}
-	return did.Document{
+
+	document := did.Document{
 		Context: []interface{}{
 			ssi.MustParseURI(jsonld.Jws2020Context),
 			did.DIDContextV1URI(),
 		},
-		ID:                   subject,
-		VerificationMethod:   vms,
-		Authentication:       vmRelationships,
-		AssertionMethod:      vmRelationships,
-		KeyAgreement:         vmRelationships,
-		CapabilityInvocation: vmRelationships,
-		CapabilityDelegation: vmRelationships,
+		ID: subject,
+	}
+	for _, verificationMethod := range verificationMethods {
+		document.AddAssertionMethod(&verificationMethod)
+		document.AddAuthenticationMethod(&verificationMethod)
+		document.AddKeyAgreement(&verificationMethod)
+		document.AddCapabilityDelegation(&verificationMethod)
+		document.AddCapabilityInvocation(&verificationMethod)
 	}
+	return document
 }