diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go index e00a07ed73..4b4bd73d6f 100644 --- a/auth/api/iam/api.go +++ b/auth/api/iam/api.go @@ -34,6 +34,7 @@ import ( "github.com/nuts-foundation/nuts-node/storage" "github.com/nuts-foundation/nuts-node/vcr" "github.com/nuts-foundation/nuts-node/vdr" + "github.com/nuts-foundation/nuts-node/vdr/didweb" "github.com/nuts-foundation/nuts-node/vdr/resolver" "html/template" "net/http" @@ -231,7 +232,7 @@ func toAnyMap(input any) (*map[string]any, error) { // HandleAuthorizeRequest handles calls to the authorization endpoint for starting an authorization code flow. func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAuthorizeRequestRequestObject) (HandleAuthorizeRequestResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) // Create session object to be passed to handler // Workaround: deepmap codegen doesn't support dynamic query parameters. @@ -281,7 +282,7 @@ func (r Wrapper) HandleAuthorizeRequest(ctx context.Context, request HandleAutho // OAuthAuthorizationServerMetadata returns the Authorization Server's metadata func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request OAuthAuthorizationServerMetadataRequestObject) (OAuthAuthorizationServerMetadataResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) owned, err := r.vdr.IsOwner(ctx, ownDID) if err != nil { if resolver.IsFunctionalResolveError(err) { @@ -301,7 +302,8 @@ func (r Wrapper) OAuthAuthorizationServerMetadata(ctx context.Context, request O func (r Wrapper) GetWebDID(ctx context.Context, request GetWebDIDRequestObject) (GetWebDIDResponseObject, error) { baseURL := *(r.auth.PublicURL().JoinPath(apiPath)) - ownDID := idToDID(request.Id) + // TODO: must be web DID once web DID creation and DB are implemented + ownDID := idToNutsDID(request.Id) document, err := r.vdr.DeriveWebDIDDocument(ctx, baseURL, ownDID) if err != nil { @@ -316,7 +318,7 @@ func (r Wrapper) GetWebDID(ctx context.Context, request GetWebDIDRequestObject) // OAuthClientMetadata returns the OAuth2 Client metadata for the request.Id if it is managed by this node. func (r Wrapper) OAuthClientMetadata(ctx context.Context, request OAuthClientMetadataRequestObject) (OAuthClientMetadataResponseObject, error) { - ownDID := idToDID(request.Id) + ownDID := r.idToDID(request.Id) owned, err := r.vdr.IsOwner(ctx, ownDID) if err != nil { log.Logger().WithField("did", ownDID.String()).Errorf("oauth metadata: failed to assert ownership of did: %s", err.Error()) @@ -363,8 +365,13 @@ func createSession(params map[string]string, ownDID did.DID) *Session { } return session } +func (r Wrapper) idToDID(id string) did.DID { + url := r.auth.PublicURL().JoinPath("iam", id) + did, _ := didweb.URLToDID(*url) + return *did +} -func idToDID(id string) did.DID { +func idToNutsDID(id string) did.DID { return did.DID{ // should be changed to web when migrated to web DID Method: "nuts", diff --git a/auth/api/iam/api_test.go b/auth/api/iam/api_test.go index 237ad5b7d3..a1ea20bd4c 100644 --- a/auth/api/iam/api_test.go +++ b/auth/api/iam/api_test.go @@ -48,12 +48,13 @@ import ( ) var nutsDID = did.MustParseDID("did:nuts:123") +var webDID = did.MustParseDID("did:web:example.com:iam:123") func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("ok", func(t *testing.T) { // 200 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(true, nil) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(true, nil) res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) @@ -64,7 +65,7 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("error - did not managed by this node", func(t *testing.T) { //404 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID) + ctx.vdr.EXPECT().IsOwner(nil, webDID) res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) @@ -75,7 +76,7 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("error - did does not exist", func(t *testing.T) { //404 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, resolver.ErrNotFound) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, resolver.ErrNotFound) res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) @@ -86,7 +87,7 @@ func TestWrapper_OAuthAuthorizationServerMetadata(t *testing.T) { t.Run("error - internal error 500", func(t *testing.T) { //500 ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, errors.New("unknown error")) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, errors.New("unknown error")) res, err := ctx.client.OAuthAuthorizationServerMetadata(nil, OAuthAuthorizationServerMetadataRequestObject{Id: nutsDID.ID}) @@ -140,7 +141,7 @@ func TestWrapper_GetWebDID(t *testing.T) { func TestWrapper_GetOAuthClientMetadata(t *testing.T) { t.Run("ok", func(t *testing.T) { ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(true, nil) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(true, nil) res, err := ctx.client.OAuthClientMetadata(nil, OAuthClientMetadataRequestObject{Id: nutsDID.ID}) @@ -149,7 +150,7 @@ func TestWrapper_GetOAuthClientMetadata(t *testing.T) { }) t.Run("error - did not managed by this node", func(t *testing.T) { ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID) + ctx.vdr.EXPECT().IsOwner(nil, webDID) res, err := ctx.client.OAuthClientMetadata(nil, OAuthClientMetadataRequestObject{Id: nutsDID.ID}) @@ -158,7 +159,7 @@ func TestWrapper_GetOAuthClientMetadata(t *testing.T) { }) t.Run("error - internal error 500", func(t *testing.T) { ctx := newTestClient(t) - ctx.vdr.EXPECT().IsOwner(nil, nutsDID).Return(false, errors.New("unknown error")) + ctx.vdr.EXPECT().IsOwner(nil, webDID).Return(false, errors.New("unknown error")) res, err := ctx.client.OAuthClientMetadata(nil, OAuthClientMetadataRequestObject{Id: nutsDID.ID})