From 3e2c8d742eef1521cb6065ad68ad0023dff8f92e Mon Sep 17 00:00:00 2001
From: "A.G.J. Cate" <brummos@gmail.com>
Date: Wed, 15 Jan 2025 11:14:53 +0100
Subject: [PATCH] chore: small fixes

---
 .../client/lib/AuthorizationCodeClient.ts     |  8 +++---
 packages/client/lib/OpenID4VCIClient.ts       | 25 ++++++++++++-------
 .../client/lib/OpenID4VCIClientV1_0_11.ts     | 20 +++++++++------
 .../client/lib/OpenID4VCIClientV1_0_13.ts     | 20 +++++++++------
 packages/issuer-rest/lib/OID4VCIServer.ts     |  4 ++-
 .../issuer-rest/lib/oid4vci-api-functions.ts  |  4 +--
 6 files changed, 51 insertions(+), 30 deletions(-)

diff --git a/packages/client/lib/AuthorizationCodeClient.ts b/packages/client/lib/AuthorizationCodeClient.ts
index 5336d165..2f9d1a2d 100644
--- a/packages/client/lib/AuthorizationCodeClient.ts
+++ b/packages/client/lib/AuthorizationCodeClient.ts
@@ -277,13 +277,13 @@ const handleLocations = (endpointMetadata: EndpointMetadataResultV1_0_13, author
   return authorizationDetails;
 };
 
-export const acquireAuthorizationChallengeAuthCode = async (opts: AuthorizationChallengeRequestOpts): Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>> => { //AuthorizationChallengeErrorResponse
+export const acquireAuthorizationChallengeAuthCode = async (opts: AuthorizationChallengeRequestOpts): Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>> => {
   return await acquireAuthorizationChallengeAuthCodeUsingRequest({
     authorizationChallengeRequest: await createAuthorizationChallengeRequest(opts)
   });
 }
 
-export const acquireAuthorizationChallengeAuthCodeUsingRequest = async (opts: { authorizationChallengeRequest: CommonAuthorizationChallengeRequest }): Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>> => { //AuthorizationChallengeErrorResponse
+export const acquireAuthorizationChallengeAuthCodeUsingRequest = async (opts: { authorizationChallengeRequest: CommonAuthorizationChallengeRequest }): Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>> => {
   const { authorizationChallengeRequest } = opts
   // TODO validate request
   const authorizationChallengeCodeUrl = '' // TODO
@@ -325,8 +325,8 @@ export const sendAuthorizationChallengeRequest = async (
   authorizationChallengeCodeUrl: string,
   authorizationChallengeRequest: CommonAuthorizationChallengeRequest,
   opts?: { headers?: Record<string, string> }
-): Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>> => { //AuthorizationChallengeErrorResponse
-  return await formPost(authorizationChallengeCodeUrl, convertJsonToURI(authorizationChallengeRequest, { mode: JsonURIMode.X_FORM_WWW_URLENCODED }), { // TODO check encoding
+): Promise<OpenIDResponse<AuthorizationChallengeCodeResponse>> => {
+  return await formPost(authorizationChallengeCodeUrl, convertJsonToURI(authorizationChallengeRequest, { mode: JsonURIMode.X_FORM_WWW_URLENCODED }), {
     customHeaders: opts?.headers ? opts.headers : undefined,
   });
 }
diff --git a/packages/client/lib/OpenID4VCIClient.ts b/packages/client/lib/OpenID4VCIClient.ts
index d273a113..b19c4e27 100644
--- a/packages/client/lib/OpenID4VCIClient.ts
+++ b/packages/client/lib/OpenID4VCIClient.ts
@@ -3,7 +3,8 @@ import {
   AccessTokenRequestOpts,
   AccessTokenResponse,
   Alg,
-  AuthorizationChallengeCodeResponse, AuthorizationChallengeErrorResponse,
+  AuthorizationChallengeCodeResponse,
+  AuthorizationChallengeErrorResponse,
   AuthorizationChallengeRequestOpts,
   AuthorizationRequestOpts,
   AuthorizationResponse,
@@ -94,7 +95,7 @@ export class OpenID4VCIClient {
     endpointMetadata?: EndpointMetadataResult;
     accessTokenResponse?: AccessTokenResponse;
     authorizationRequestOpts?: AuthorizationRequestOpts;
-    authorizationCodeResponse?: AuthorizationResponse;
+    authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse;
     authorizationURL?: string;
   }) {
     const issuer = credentialIssuer ?? (credentialOffer ? getIssuerFromCredentialOfferPayload(credentialOffer.credential_offer) : undefined);
@@ -296,18 +297,14 @@ export class OpenID4VCIClient {
   public async acquireAccessToken(
     opts?: Omit<AccessTokenRequestOpts, 'credentialOffer' | 'credentialIssuer' | 'metadata' | 'additionalParams'> & {
       clientId?: string;
-      authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; // Pass in an auth response, either as URI/redirect, or object // TODO we need to add support for the authorization code from the auth challenge
+      authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse; // Pass in an auth response, either as URI/redirect, or object
       additionalRequestParams?: Record<string, any>;
     },
   ): Promise<AccessTokenResponse & { params?: DPoPResponseParams }> {
     const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
-    if (opts?.authorizationResponse) {
-      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
-    } else if (opts?.code) {
-      this._state.authorizationCodeResponse = { code: opts.code };
-    }
-    const code = (this._state.authorizationCodeResponse as AuthorizationResponse)?.code ?? (this._state.authorizationCodeResponse as AuthorizationChallengeCodeResponse)?.authorization_code;
+
+    const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code)
 
     if (opts?.codeVerifier) {
       this._state.pkce.codeVerifier = opts.codeVerifier;
@@ -759,4 +756,14 @@ export class OpenID4VCIClient {
     authorizationRequestOpts.clientId = clientId;
     return authorizationRequestOpts;
   }
+
+  private getAuthorizationCode = (authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse, code?: string): string | undefined => {
+    if (authorizationResponse) {
+      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(authorizationResponse) };
+    } else if (code) {
+      this._state.authorizationCodeResponse = { code };
+    }
+
+    return (this._state.authorizationCodeResponse as AuthorizationResponse)?.code ?? (this._state.authorizationCodeResponse as AuthorizationChallengeCodeResponse)?.authorization_code;
+  }
 }
diff --git a/packages/client/lib/OpenID4VCIClientV1_0_11.ts b/packages/client/lib/OpenID4VCIClientV1_0_11.ts
index 5d287b79..151f8648 100644
--- a/packages/client/lib/OpenID4VCIClientV1_0_11.ts
+++ b/packages/client/lib/OpenID4VCIClientV1_0_11.ts
@@ -92,7 +92,7 @@ export class OpenID4VCIClientV1_0_11 {
     endpointMetadata?: EndpointMetadataResultV1_0_11;
     accessTokenResponse?: AccessTokenResponse;
     authorizationRequestOpts?: AuthorizationRequestOpts;
-    authorizationCodeResponse?: AuthorizationResponse;
+    authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse;
     authorizationURL?: string;
   }) {
     const issuer = credentialIssuer ?? (credentialOffer ? getIssuerFromCredentialOfferPayload(credentialOffer.credential_offer) : undefined);
@@ -287,12 +287,8 @@ export class OpenID4VCIClientV1_0_11 {
   ): Promise<AccessTokenResponse & { params?: DPoPResponseParams }> {
     const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
-    if (opts?.authorizationResponse) {
-      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
-    } else if (opts?.code) {
-      this._state.authorizationCodeResponse = { code: opts.code };
-    }
-    const code = (this._state.authorizationCodeResponse as AuthorizationResponse)?.code ?? (this._state.authorizationCodeResponse as AuthorizationChallengeCodeResponse)?.authorization_code;
+
+    const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code)
 
     if (opts?.codeVerifier) {
       this._state.pkce.codeVerifier = opts.codeVerifier;
@@ -694,4 +690,14 @@ export class OpenID4VCIClientV1_0_11 {
     authorizationRequestOpts.clientId = clientId;
     return authorizationRequestOpts;
   }
+
+  private getAuthorizationCode = (authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse, code?: string): string | undefined => {
+    if (authorizationResponse) {
+      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(authorizationResponse) };
+    } else if (code) {
+      this._state.authorizationCodeResponse = { code };
+    }
+
+    return (this._state.authorizationCodeResponse as AuthorizationResponse)?.code ?? (this._state.authorizationCodeResponse as AuthorizationChallengeCodeResponse)?.authorization_code;
+  }
 }
diff --git a/packages/client/lib/OpenID4VCIClientV1_0_13.ts b/packages/client/lib/OpenID4VCIClientV1_0_13.ts
index ea4c8043..fb0a2b10 100644
--- a/packages/client/lib/OpenID4VCIClientV1_0_13.ts
+++ b/packages/client/lib/OpenID4VCIClientV1_0_13.ts
@@ -97,7 +97,7 @@ export class OpenID4VCIClientV1_0_13 {
     endpointMetadata?: EndpointMetadataResultV1_0_13;
     accessTokenResponse?: AccessTokenResponse;
     authorizationRequestOpts?: AuthorizationRequestOpts;
-    authorizationCodeResponse?: AuthorizationResponse;
+    authorizationCodeResponse?: AuthorizationResponse | AuthorizationChallengeCodeResponse;
     authorizationURL?: string;
   }) {
     const issuer = credentialIssuer ?? (credentialOffer ? getIssuerFromCredentialOfferPayload(credentialOffer.credential_offer) : undefined);
@@ -294,12 +294,8 @@ export class OpenID4VCIClientV1_0_13 {
   ): Promise<AccessTokenResponse & { params?: DPoPResponseParams }> {
     const { pin, clientId = this._state.clientId ?? this._state.authorizationRequestOpts?.clientId } = opts ?? {};
     let { redirectUri } = opts ?? {};
-    if (opts?.authorizationResponse) {
-      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(opts.authorizationResponse) };
-    } else if (opts?.code) {
-      this._state.authorizationCodeResponse = { code: opts.code };
-    }
-    const code = (this._state.authorizationCodeResponse as AuthorizationResponse)?.code ?? (this._state.authorizationCodeResponse as AuthorizationChallengeCodeResponse)?.authorization_code;
+
+    const code = this.getAuthorizationCode(opts?.authorizationResponse, opts?.code)
 
     if (opts?.codeVerifier) {
       this._state.pkce.codeVerifier = opts.codeVerifier;
@@ -797,4 +793,14 @@ export class OpenID4VCIClientV1_0_13 {
     authorizationRequestOpts.clientId = clientId;
     return authorizationRequestOpts;
   }
+
+  private getAuthorizationCode = (authorizationResponse?: string | AuthorizationResponse | AuthorizationChallengeCodeResponse, code?: string): string | undefined => {
+    if (authorizationResponse) {
+      this._state.authorizationCodeResponse = { ...toAuthorizationResponsePayload(authorizationResponse) };
+    } else if (code) {
+      this._state.authorizationCodeResponse = { code };
+    }
+
+    return (this._state.authorizationCodeResponse as AuthorizationResponse)?.code ?? (this._state.authorizationCodeResponse as AuthorizationChallengeCodeResponse)?.authorization_code;
+  }
 }
diff --git a/packages/issuer-rest/lib/OID4VCIServer.ts b/packages/issuer-rest/lib/OID4VCIServer.ts
index 4b936f29..54aa16eb 100644
--- a/packages/issuer-rest/lib/OID4VCIServer.ts
+++ b/packages/issuer-rest/lib/OID4VCIServer.ts
@@ -86,6 +86,8 @@ export interface IGetIssueStatusEndpointOpts extends ISingleEndpointOpts {
 }
 
 export interface IAuthorizationChallengeEndpointOpts extends ISingleEndpointOpts {
+  createAuthRequestUriEndpointPath?: string
+  verifyAuthResponseEndpointPath?: string
   /**
    * Callback used for creating the authorization request uri used for the RP.
    * Added an optional state parameter so that when direct calls are used,
@@ -96,7 +98,7 @@ export interface IAuthorizationChallengeEndpointOpts extends ISingleEndpointOpts
    * Callback used for verifying the status of the authorization response.
    * This is checked by the issuer before issuing an authorization code.
    */
-  verifyAuthResponseCallback: (correlationId: string) => Promise<boolean>
+  verifyAuthResponseCallback: (presentationDefinitionId: string, correlationId: string) => Promise<boolean>
 }
 
 export interface IOID4VCIServerOpts extends HasEndpointOpts {
diff --git a/packages/issuer-rest/lib/oid4vci-api-functions.ts b/packages/issuer-rest/lib/oid4vci-api-functions.ts
index 874e03d0..08db1532 100644
--- a/packages/issuer-rest/lib/oid4vci-api-functions.ts
+++ b/packages/issuer-rest/lib/oid4vci-api-functions.ts
@@ -153,7 +153,7 @@ export function authorizationChallengeEndpoint<DIDDoc extends object>(
         return Promise.reject(authorizationChallengeErrorResponse)
       }
 
-      if (auth_session && presentation_during_issuance_session) {
+      if (auth_session && presentation_during_issuance_session && definition_id) {
         const session = await issuer.credentialOfferSessions.get(auth_session)
         if (!session) {
           const authorizationChallengeErrorResponse: AuthorizationChallengeErrorResponse = {
@@ -162,7 +162,7 @@ export function authorizationChallengeEndpoint<DIDDoc extends object>(
           return Promise.reject(authorizationChallengeErrorResponse)
         }
 
-        const verifiedResponse = await opts.verifyAuthResponseCallback(presentation_during_issuance_session)
+        const verifiedResponse = await opts.verifyAuthResponseCallback(definition_id, presentation_during_issuance_session)
         if (verifiedResponse) {
           const authorizationCode  = generateRandomString(16, 'base64url')
           session.authorizationCode = authorizationCode