From 846b256fc535400bf69b1cfb0b59d311d62842d7 Mon Sep 17 00:00:00 2001
From: Wout Slakhorst <wout.slakhorst@nedap.com>
Date: Tue, 12 Dec 2023 09:54:19 +0100
Subject: [PATCH] PR feedback

---
 auth/api/iam/openid4vp.go       |  8 ++++----
 auth/services/oauth/verifier.go | 12 ------------
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/auth/api/iam/openid4vp.go b/auth/api/iam/openid4vp.go
index f8c8e8a7ae..77726af550 100644
--- a/auth/api/iam/openid4vp.go
+++ b/auth/api/iam/openid4vp.go
@@ -86,16 +86,16 @@ func (r Wrapper) handleAuthorizeRequestFromHolder(ctx context.Context, verifier
 	// the walletDID must be a did:web
 	walletDID, err := did.ParseDID(walletID)
 	if err != nil || walletDID.Method != "web" {
-		return nil, oauthError(oauth.InvalidRequest, "invalid client_id parameter", redirectURL)
+		return nil, oauthError(oauth.InvalidRequest, "invalid client_id parameter (only did:web is supported)", redirectURL)
 	}
 	metadata, err := r.auth.Verifier().AuthorizationServerMetadata(ctx, *walletDID)
 	if err != nil {
-		return nil, oauthError(oauth.ServerError, "failed to get authorization server metadata (holder)", redirectURL)
+		return nil, oauthError(oauth.ServerError, "failed to get metadata from wallet", redirectURL)
 	}
 	// own generic endpoint
 	ownURL, err := didweb.DIDToURL(verifier)
 	if err != nil {
-		return nil, oauthError(oauth.ServerError, "failed to translate own did to URL", redirectURL)
+		return nil, oauthError(oauth.ServerError, "invalid verifier DID", redirectURL)
 	}
 	// generate presentation_definition_uri based on own presentation_definition endpoint + scope
 	pdURL := ownURL.JoinPath("presentation_definition")
@@ -116,7 +116,7 @@ func (r Wrapper) handleAuthorizeRequestFromHolder(ctx context.Context, verifier
 	//    &nonce=n-0S6_WzA2Mj HTTP/1.1
 	walletURL, err := url.Parse(metadata.AuthorizationEndpoint)
 	if err != nil || len(metadata.AuthorizationEndpoint) == 0 {
-		return nil, oauthError(oauth.InvalidRequest, "invalid authorization_endpoint (holder)", redirectURL)
+		return nil, oauthError(oauth.InvalidRequest, "invalid wallet endpoint", redirectURL)
 	}
 	nonce := crypto.GenerateNonce()
 	callbackURL := *ownURL
diff --git a/auth/services/oauth/verifier.go b/auth/services/oauth/verifier.go
index 975f75d33f..c5fbaf65dc 100644
--- a/auth/services/oauth/verifier.go
+++ b/auth/services/oauth/verifier.go
@@ -20,7 +20,6 @@
 package oauth
 
 import (
-	"context"
 	"crypto/tls"
 	"fmt"
 	"github.com/nuts-foundation/nuts-node/vdr/didweb"
@@ -28,7 +27,6 @@ import (
 	"time"
 
 	"github.com/nuts-foundation/go-did/did"
-	"github.com/nuts-foundation/nuts-node/auth/client/iam"
 	"github.com/nuts-foundation/nuts-node/auth/oauth"
 )
 
@@ -49,16 +47,6 @@ func NewVerifier(strictMode bool, httpClientTimeout time.Duration, httpClientTLS
 	}
 }
 
-func (v *VerifierServiceProvider) AuthorizationServerMetadata(ctx context.Context, webdid did.DID) (*oauth.AuthorizationServerMetadata, error) {
-	iamClient := iam.NewHTTPClient(v.strictMode, v.httpClientTimeout, v.httpClientTLS)
-	// the wallet/holder acts as authorization server
-	metadata, err := iamClient.OAuthAuthorizationServerMetadata(ctx, webdid)
-	if err != nil {
-		return nil, fmt.Errorf("failed to retrieve remote OAuth Authorization Server metadata: %w", err)
-	}
-	return metadata, nil
-}
-
 func (v *VerifierServiceProvider) ClientMetadataURL(webdid did.DID) (*url.URL, error) {
 	didURL, err := didweb.DIDToURL(webdid)
 	if err != nil {