diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go index 2a9a4ed64b..88e27a5dbf 100644 --- a/auth/api/iam/api.go +++ b/auth/api/iam/api.go @@ -34,6 +34,7 @@ import ( "github.com/nuts-foundation/nuts-node/storage" "github.com/nuts-foundation/nuts-node/vcr" "github.com/nuts-foundation/nuts-node/vdr" + "github.com/nuts-foundation/nuts-node/vdr/didweb" "github.com/nuts-foundation/nuts-node/vdr/resolver" "html/template" "net/http" @@ -231,7 +232,7 @@ func toAnyMap(input any) (*map[string]any, error) { // HandleAuthorizeRequest handles calls to the authorization endpoint for starting an authorization code flow. func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAuthorizeRequestRequestObject) (HandleAuthorizeRequestResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) // Create session object to be passed to handler // Workaround: deepmap codegen doesn't support dynamic query parameters. @@ -281,7 +282,7 @@ func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAutho // OAuthAuthorizationServerMetadata returns the Authorization Server's metadata func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request OAuthAuthorizationServerMetadataRequestObject) (OAuthAuthorizationServerMetadataResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) owned, err := r.vdr.IsOwner(ctx, ownDID) if err != nil { if resolver.IsFunctionalResolveError(err) { @@ -300,7 +301,7 @@ func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request O } func (r Wrapper) GetWebDID(_ context.Context, request GetWebDIDRequestObject) (GetWebDIDResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) document, err := r.vdr.Read(ownDID) if err != nil { @@ -315,7 +316,7 @@ func (r Wrapper) GetWebDID(_ context.Context, request GetWebDIDRequestObject) (G // OAuthClientMetadata returns the OAuth2 Client metadata for the request.Id if it is managed by this node. func (r Wrapper) OAuthClientMetadata(ctx context.Context, request OAuthClientMetadataRequestObject) (OAuthClientMetadataResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) owned, err := r.vdr.IsOwner(ctx, ownDID) if err != nil { log.Logger().WithField("did", ownDID.String()).Errorf("oauth metadata: failed to assert ownership of did: %s", err.Error()) @@ -363,11 +364,8 @@ func createSession(params map[string]string, ownDID did.DID) *Session { return session } -func idToDID(id string) did.DID { - return did.DID{ - // should be changed to web when migrated to web DID - Method: "nuts", - ID: id, - DecodedID: id, - } +func (r Wrapper) idToDID(id string) did.DID { + url := r.auth.PublicURL().JoinPath("iam", id) + did, _ := didweb.URLToDID(*url) + return *did } diff --git a/vdr/didweb/manager.go b/vdr/didweb/manager.go index 6a33002f9e..e7c110c60e 100644 --- a/vdr/didweb/manager.go +++ b/vdr/didweb/manager.go @@ -104,21 +104,20 @@ func buildDocument(subject did.DID, verificationMethods []did.VerificationMethod for _, verificationMethod := range verificationMethods { vms = append(vms, &verificationMethod) } - var vmRelationships did.VerificationRelationships - for _, verificationMethod := range verificationMethods { - vmRelationships = append(vmRelationships, did.VerificationRelationship{VerificationMethod: &verificationMethod}) - } - return did.Document{ + + document := did.Document{ Context: []interface{}{ ssi.MustParseURI(jsonld.Jws2020Context), did.DIDContextV1URI(), }, - ID: subject, - VerificationMethod: vms, - Authentication: vmRelationships, - AssertionMethod: vmRelationships, - KeyAgreement: vmRelationships, - CapabilityInvocation: vmRelationships, - CapabilityDelegation: vmRelationships, + ID: subject, + } + for _, verificationMethod := range verificationMethods { + document.AddAssertionMethod(&verificationMethod) + document.AddAuthenticationMethod(&verificationMethod) + document.AddKeyAgreement(&verificationMethod) + document.AddCapabilityDelegation(&verificationMethod) + document.AddCapabilityInvocation(&verificationMethod) } + return document }