From 8edaaa7c10e6ac24d80af02fe756ae248a98b53e Mon Sep 17 00:00:00 2001
From: Wout Slakhorst <wout.slakhorst@nedap.com>
Date: Fri, 27 Oct 2023 11:47:49 +0200
Subject: [PATCH] small stuff based on self review

---
 auth/api/auth/v1/client/types.go | 3 ---
 auth/api/iam/s2s_vptoken.go      | 6 ++++--
 auth/api/iam/s2s_vptoken_test.go | 1 +
 auth/api/iam/types.go            | 4 ----
 auth/auth.go                     | 4 ++--
 auth/oauth/types.go              | 1 +
 codegen/configs/auth_iam.yaml    | 2 --
 7 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/auth/api/auth/v1/client/types.go b/auth/api/auth/v1/client/types.go
index fdccb9ca60..3354282eac 100644
--- a/auth/api/auth/v1/client/types.go
+++ b/auth/api/auth/v1/client/types.go
@@ -34,6 +34,3 @@ type VerifiablePresentation = vc.VerifiablePresentation
 
 // AccessTokenResponse is an alias to use from within the API
 type AccessTokenResponse = oauth.TokenResponse
-
-// AccessTokenRequestFailedResponse is an alias to use from within the API
-type AccessTokenRequestFailedResponse = oauth.ErrorResponse
diff --git a/auth/api/iam/s2s_vptoken.go b/auth/api/iam/s2s_vptoken.go
index 672ec9cc39..799557192b 100644
--- a/auth/api/iam/s2s_vptoken.go
+++ b/auth/api/iam/s2s_vptoken.go
@@ -24,6 +24,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"github.com/nuts-foundation/nuts-node/auth/oauth"
 	"net/http"
 	"strings"
 	"time"
@@ -118,7 +119,7 @@ func (r Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessTo
 	return RequestAccessToken200JSONResponse(*tokenResult), nil
 }
 
-func (r Wrapper) createAccessToken(issuer did.DID, issueTime time.Time, presentation vc.VerifiablePresentation, scope string) (*TokenResponse, error) {
+func (r Wrapper) createAccessToken(issuer did.DID, issueTime time.Time, presentation vc.VerifiablePresentation, scope string) (*oauth.TokenResponse, error) {
 	accessToken := AccessToken{
 		Token:        generateCode(),
 		Issuer:       issuer.String(),
@@ -130,9 +131,10 @@ func (r Wrapper) createAccessToken(issuer did.DID, issueTime time.Time, presenta
 		return nil, fmt.Errorf("unable to store access token: %w", err)
 	}
 	expiresIn := int(accessTokenValidity.Seconds())
-	return &TokenResponse{
+	return &oauth.TokenResponse{
 		AccessToken: accessToken.Token,
 		ExpiresIn:   &expiresIn,
+		Scope:       &scope,
 		TokenType:   "bearer",
 	}, nil
 }
diff --git a/auth/api/iam/s2s_vptoken_test.go b/auth/api/iam/s2s_vptoken_test.go
index d5a647b3e8..912d8d9780 100644
--- a/auth/api/iam/s2s_vptoken_test.go
+++ b/auth/api/iam/s2s_vptoken_test.go
@@ -120,6 +120,7 @@ func TestWrapper_createAccessToken(t *testing.T) {
 		assert.NotEmpty(t, accessToken.AccessToken)
 		assert.Equal(t, "bearer", accessToken.TokenType)
 		assert.Equal(t, 900, *accessToken.ExpiresIn)
+		assert.Equal(t, "everything", *accessToken.Scope)
 
 		var storedToken AccessToken
 		err = ctx.client.accessTokenStore(issuerDID).Get(accessToken.AccessToken, &storedToken)
diff --git a/auth/api/iam/types.go b/auth/api/iam/types.go
index a5f73c64f5..edb59ae296 100644
--- a/auth/api/iam/types.go
+++ b/auth/api/iam/types.go
@@ -20,7 +20,6 @@ package iam
 
 import (
 	"github.com/nuts-foundation/go-did/did"
-	"github.com/nuts-foundation/nuts-node/auth/oauth"
 	"github.com/nuts-foundation/nuts-node/vcr/pe"
 	"github.com/nuts-foundation/nuts-node/vdr/resolver"
 )
@@ -34,9 +33,6 @@ type DIDDocumentMetadata = resolver.DocumentMetadata
 // PresentationDefinition is an alias
 type PresentationDefinition = pe.PresentationDefinition
 
-// TokenResponse is an alias
-type TokenResponse = oauth.TokenResponse
-
 const (
 	// responseTypeParam is the name of the response_type parameter.
 	// Specified by https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.1
diff --git a/auth/auth.go b/auth/auth.go
index 50a7e2211b..f77a801d31 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -104,12 +104,12 @@ func NewAuthInstance(config Config, vdrInstance vdr.VDR, vcr vcr.VCR, keyStore c
 	}
 }
 
-// AuthzServer returns the oauth.OAuthAuthorizationServer
+// AuthzServer returns the oauth.AuthorizationServer
 func (auth *Auth) AuthzServer() oauth.AuthorizationServer {
 	return auth.authzServer
 }
 
-// RelyingParty returns the oauth.OAuthRelyingParty
+// RelyingParty returns the oauth.RelyingParty
 func (auth *Auth) RelyingParty() oauth.RelyingParty {
 	return auth.relyingParty
 }
diff --git a/auth/oauth/types.go b/auth/oauth/types.go
index 48eaacbdb4..4c6644aa19 100644
--- a/auth/oauth/types.go
+++ b/auth/oauth/types.go
@@ -32,6 +32,7 @@ type TokenResponse struct {
 	ExpiresIn   *int    `json:"expires_in,omitempty"`
 	TokenType   string  `json:"token_type"`
 	CNonce      *string `json:"c_nonce,omitempty"`
+	Scope       *string `json:"scope,omitempty"`
 }
 
 const (
diff --git a/codegen/configs/auth_iam.yaml b/codegen/configs/auth_iam.yaml
index 224f04502e..86fc29a911 100644
--- a/codegen/configs/auth_iam.yaml
+++ b/codegen/configs/auth_iam.yaml
@@ -9,7 +9,5 @@ output-options:
     - DIDDocument
     - OAuthAuthorizationServerMetadata
     - OAuthClientMetadata
-    - ErrorResponse
     - PresentationDefinition
-    - ErrorResponse
     - TokenResponse