From bde77b63cfada49728f2992db96959e4555d349c Mon Sep 17 00:00:00 2001
From: Rein Krul <info@reinkrul.nl>
Date: Wed, 27 Sep 2023 12:43:33 +0200
Subject: [PATCH] w

---
 auth/api/iam/api.go         | 5 +++++
 auth/api/iam/s2s_vptoken.go | 9 ++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/auth/api/iam/api.go b/auth/api/iam/api.go
index 109a21089c..5740c64fc4 100644
--- a/auth/api/iam/api.go
+++ b/auth/api/iam/api.go
@@ -113,6 +113,8 @@ func (r Wrapper) Routes(router core.EchoRouter) {
 
 // HandleTokenRequest handles calls to the token endpoint for exchanging a grant (e.g authorization code or pre-authorized code) for an access token.
 func (r Wrapper) HandleTokenRequest(ctx context.Context, request HandleTokenRequestRequestObject) (HandleTokenRequestResponseObject, error) {
+	ownDID := idToDID(request.Id)
+
 	switch request.Body.GrantType {
 	case "authorization_code":
 		// Options:
@@ -124,6 +126,9 @@ func (r Wrapper) HandleTokenRequest(ctx context.Context, request HandleTokenRequ
 	case "urn:ietf:params:oauth:grant-type:pre-authorized_code":
 		// Options:
 		// - OpenID4VCI
+	case "vp_token-bearer":
+		// Nuts RFC021 vp_token bearer flow
+		return r.handleS2STokenRequest(ownDID, request.Body.AdditionalProperties)
 	default:
 		// TODO: Don't use openid4vci package for errors
 		return nil, openid4vci.Error{
diff --git a/auth/api/iam/s2s_vptoken.go b/auth/api/iam/s2s_vptoken.go
index 65fa221404..afae1f839b 100644
--- a/auth/api/iam/s2s_vptoken.go
+++ b/auth/api/iam/s2s_vptoken.go
@@ -46,22 +46,21 @@ func (s serviceToService) Routes(router core.EchoRouter) {
 	})
 }
 
-func (s serviceToService) validateVPToken(params map[string]string) (string, error) {
+func (r Wrapper) handleS2STokenRequest(ownDID did.DID, params map[string]string) (HandleTokenRequestResponseObject, error) {
 	submission := params["presentation_submission"]
 	scope := params["scope"]
 	vp_token := params["vp_token"]
 	if submission == "" || scope == "" || vp_token == "" {
 		// TODO: right error response
-		return "", errors.New("missing required parameters")
+		return nil, errors.New("missing required parameters")
 	}
 	// TODO: https://github.com/nuts-foundation/nuts-node/issues/2418
 	// TODO: verify parameters
 	return scope, nil
 }
 
-func (s serviceToService) handleAuthzRequest(_ map[string]string, _ *Session) (*authzResponse, error) {
-	// Protocol does not support authorization code flow
-	return nil, nil
+func (s serviceToService) validateVPToken(params map[string]string) (string, error) {
+
 }
 
 func (r Wrapper) RequestAccessToken(ctx context.Context, request RequestAccessTokenRequestObject) (RequestAccessTokenResponseObject, error) {