change idToDID to use web in iam API

auth/api/iam/api.go

@@ -34,6 +34,7 @@ import (
 	"github.com/nuts-foundation/nuts-node/storage"
 	"github.com/nuts-foundation/nuts-node/vcr"
 	"github.com/nuts-foundation/nuts-node/vdr"
+	"github.com/nuts-foundation/nuts-node/vdr/didweb"
 	"github.com/nuts-foundation/nuts-node/vdr/resolver"
 	"html/template"
 	"net/http"
@@ -231,7 +232,7 @@ func toAnyMap(input any) (*map[string]any, error) {
 
 // HandleAuthorizeRequest handles calls to the authorization endpoint for starting an authorization code flow.
 func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAuthorizeRequestRequestObject) (HandleAuthorizeRequestResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 	// Create session object to be passed to handler
 
 	// Workaround: deepmap codegen doesn't support dynamic query parameters.
@@ -281,7 +282,7 @@ func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAutho
 
 // OAuthAuthorizationServerMetadata returns the Authorization Server's metadata
 func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request OAuthAuthorizationServerMetadataRequestObject) (OAuthAuthorizationServerMetadataResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 	owned, err := r.vdr.IsOwner(ctx, ownDID)
 	if err != nil {
 		if resolver.IsFunctionalResolveError(err) {
@@ -301,7 +302,8 @@ func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request O
 
 func (r Wrapper) GetWebDID(ctx context.Context, request GetWebDIDRequestObject) (GetWebDIDResponseObject, error) {
 	baseURL := *(r.auth.PublicURL().JoinPath(apiPath))
-	ownDID := idToDID(request.Id)
+	// TODO: must be web DID once web DID creation and DB are implemented
+	ownDID := idToNutsDID(request.Id)
 
 	document, err := r.vdr.DeriveWebDIDDocument(ctx, baseURL, ownDID)
 	if err != nil {
@@ -316,7 +318,7 @@ func (r Wrapper) GetWebDID(ctx context.Context, request GetWebDIDRequestObject)
 
 // OAuthClientMetadata returns the OAuth2 Client metadata for the request.Id if it is managed by this node.
 func (r Wrapper) OAuthClientMetadata(ctx context.Context, request OAuthClientMetadataRequestObject) (OAuthClientMetadataResponseObject, error) {
-	ownDID := idToDID(request.Id)
+	ownDID := r.idToDID(request.Id)
 	owned, err := r.vdr.IsOwner(ctx, ownDID)
 	if err != nil {
 		log.Logger().WithField("did", ownDID.String()).Errorf("oauth metadata: failed to assert ownership of did: %s", err.Error())
@@ -363,8 +365,13 @@ func createSession(params map[string]string, ownDID did.DID) *Session {
 	}
 	return session
 }
+func (r Wrapper) idToDID(id string) did.DID {
+	url := r.auth.PublicURL().JoinPath("iam", id)
+	did, _ := didweb.URLToDID(*url)
+	return *did
+}
 
-func idToDID(id string) did.DID {
+func idToNutsDID(id string) did.DID {
 	return did.DID{
 		// should be changed to web when migrated to web DID
 		Method:    "nuts",

auth/api/iam/api_test.go

@@ -48,12 +48,13 @@ import (
 )
 
 var nutsDID = did.MustParseDID("did:nuts:123")
+var webDID = did.MustParseDID("did:web:example.com:iam:123")
 
 func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) {
 	t.Run("ok", func(t *testing.T) {
 		//	200
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(true, nil)
+		ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(true, nil)
 
 		res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID})
 
@@ -64,7 +65,7 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) {
 	t.Run("error - did not managed by this node", func(t *testing.T) {
 		//404
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID)
+		ctx.vdr.EXPECT().IsOwner(nil, webDID)
 
 		res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID})
 
@@ -75,7 +76,7 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) {
 	t.Run("error - did does not exist", func(t *testing.T) {
 		//404
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, resolver.ErrNotFound)
+		ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, resolver.ErrNotFound)
 
 		res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID})
 
@@ -86,7 +87,7 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) {
 	t.Run("error - internal error 500", func(t *testing.T) {
 		//500
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, errors.New("unknown error"))
+		ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, errors.New("unknown error"))
 
 		res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID})
 
@@ -140,7 +141,7 @@ func TestWrapper_GetWebDID(t *testing.T) {
 func TestWrapper_GetOAuthClientMetadata(t *testing.T) {
 	t.Run("ok", func(t *testing.T) {
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(true, nil)
+		ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(true, nil)
 
 		res, err := ctx.client.OAuthClientMetadata(nil, OAuthClientMetadataRequestObject{Id: nutsDID.ID})
 
@@ -149,7 +150,7 @@ func TestWrapper_GetOAuthClientMetadata(t *testing.T) {
 	})
 	t.Run("error - did not managed by this node", func(t *testing.T) {
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID)
+		ctx.vdr.EXPECT().IsOwner(nil, webDID)
 
 		res, err := ctx.client.OAuthClientMetadata(nil, OAuthClientMetadataRequestObject{Id: nutsDID.ID})
 
@@ -158,7 +159,7 @@ func TestWrapper_GetOAuthClientMetadata(t *testing.T) {
 	})
 	t.Run("error - internal error 500", func(t *testing.T) {
 		ctx := newTestClient(t)
-		ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, errors.New("unknown error"))
+		ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, errors.New("unknown error"))
 
 		res, err := ctx.client.OAuthClientMetadata(nil, OAuthClientMetadataRequestObject{Id: nutsDID.ID})