Skip to content

Commit

Permalink
PR feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@woutslakhorst
woutslakhorst committed Dec 12, 2023
1 parent d8c4be0 commit 846b256
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 16 deletions.
8 changes: 4 additions & 4 deletions auth/api/iam/openid4vp.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,16 +86,16 @@ func (r Wrapper) handleAuthorizeRequestFromHolder(ctx context.Context, verifier
// the walletDID must be a did:web
walletDID, err := did.ParseDID(walletID)
if err != nil || walletDID.Method != "web" {
return nil, oauthError(oauth.InvalidRequest, "invalid client_id parameter", redirectURL)
return nil, oauthError(oauth.InvalidRequest, "invalid client_id parameter (only did:web is supported)", redirectURL)
}
metadata, err := r.auth.Verifier().AuthorizationServerMetadata(ctx, *walletDID)
if err != nil {
return nil, oauthError(oauth.ServerError, "failed to get authorization server metadata (holder)", redirectURL)
return nil, oauthError(oauth.ServerError, "failed to get metadata from wallet", redirectURL)
}
// own generic endpoint
ownURL, err := didweb.DIDToURL(verifier)
if err != nil {
return nil, oauthError(oauth.ServerError, "failed to translate own did to URL", redirectURL)
return nil, oauthError(oauth.ServerError, "invalid verifier DID", redirectURL)
}
// generate presentation_definition_uri based on own presentation_definition endpoint + scope
pdURL := ownURL.JoinPath("presentation_definition")
Expand All @@ -116,7 +116,7 @@ func (r Wrapper) handleAuthorizeRequestFromHolder(ctx context.Context, verifier
// &nonce=n-0S6_WzA2Mj HTTP/1.1
walletURL, err := url.Parse(metadata.AuthorizationEndpoint)
if err != nil || len(metadata.AuthorizationEndpoint) == 0 {
return nil, oauthError(oauth.InvalidRequest, "invalid authorization_endpoint (holder)", redirectURL)
return nil, oauthError(oauth.InvalidRequest, "invalid wallet endpoint", redirectURL)
}
nonce := crypto.GenerateNonce()
callbackURL := *ownURL
Expand Down
12 changes: 0 additions & 12 deletions auth/services/oauth/verifier.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,13 @@
package oauth

import (
"context"
"crypto/tls"
"fmt"
"github.com/nuts-foundation/nuts-node/vdr/didweb"
"net/url"
"time"

"github.com/nuts-foundation/go-did/did"
"github.com/nuts-foundation/nuts-node/auth/client/iam"
"github.com/nuts-foundation/nuts-node/auth/oauth"
)

Expand All @@ -49,16 +47,6 @@ func NewVerifier(strictMode bool, httpClientTimeout time.Duration, httpClientTLS
}
}

func (v *VerifierServiceProvider) AuthorizationServerMetadata(ctx context.Context, webdid did.DID) (*oauth.AuthorizationServerMetadata, error) {
iamClient := iam.NewHTTPClient(v.strictMode, v.httpClientTimeout, v.httpClientTLS)
// the wallet/holder acts as authorization server
metadata, err := iamClient.OAuthAuthorizationServerMetadata(ctx, webdid)
if err != nil {
return nil, fmt.Errorf("failed to retrieve remote OAuth Authorization Server metadata: %w", err)
}
return metadata, nil
}

func (v *VerifierServiceProvider) ClientMetadataURL(webdid did.DID) (*url.URL, error) {
didURL, err := didweb.DIDToURL(webdid)
if err != nil {
Expand Down

0 comments on commit 846b256

Please sign in to comment.