Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

improve haip check & align with Oid4Vp draft 22 #218

Merged
merged 2 commits into from
Nov 20, 2024
Merged

improve haip check & align with Oid4Vp draft 22 #218

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f84978a
remove haip check & align with Oid4Vp draft 22
kenkosmowski Nov 15, 2024
3e6c912
improve haip check
kenkosmowski Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 31 additions & 8 deletions src/WalletFramework.Oid4Vc/Oid4Vp/Models/AuthorizationRequest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ public record AuthorizationRequest
public const string DirectPost = "direct_post";
public const string DirectPostJwt = "direct_post.jwt";

public static readonly string[] SupportedClientIdSchemes =
[RedirectUriScheme, VerifierAttestationScheme, X509SanDnsScheme];

private const string VpToken = "vp_token";

/// <summary>
Expand Down Expand Up @@ -100,8 +103,17 @@ private AuthorizationRequest(
string? scope,
string? state)
{
ClientId = clientId;
ClientIdScheme = clientIdScheme;
if (SupportedClientIdSchemes.Exists(supportedClientIdScheme => clientId.StartsWith($"{supportedClientIdScheme}:")))
{
ClientIdScheme = clientId.Split(':')[0];
ClientId = clientId.Split(':')[1];
}
else
{
ClientId = clientId;
ClientIdScheme = clientIdScheme;
}

ClientMetadata = clientMetadata;
ClientMetadataUri = clientMetadataUri;
Nonce = nonce;
Expand All @@ -120,23 +132,34 @@ private AuthorizationRequest(
/// <exception cref="InvalidOperationException">Thrown when the request does not match the HAIP.</exception>
public static AuthorizationRequest CreateAuthorizationRequest(string authorizationRequestJson)
=> CreateAuthorizationRequest(JObject.Parse(authorizationRequestJson));

private static AuthorizationRequest CreateAuthorizationRequest(JObject authorizationRequestJson) =>
IsHaipConform(authorizationRequestJson)
? authorizationRequestJson.ToObject<AuthorizationRequest>()
?? throw new InvalidOperationException("Could not parse the Authorization Request")
: throw new InvalidOperationException(
"Invalid Authorization Request. The request does not match the HAIP"
);

"Invalid Authorization Request. The request does not match the HAIP");

private static bool IsHaipConform(JObject authorizationRequestJson)
{
var responseType = authorizationRequestJson["response_type"]!.ToString();
var responseUri = authorizationRequestJson["response_uri"]!.ToString();
var responseMode = authorizationRequestJson["response_mode"]!.ToString();
var redirectUri = authorizationRequestJson["redirect_uri"];
var clientIdScheme = authorizationRequestJson["client_id_scheme"]!.ToString();
var clientId = authorizationRequestJson["client_id"]!.ToString();
var authorizationRequestClientId = authorizationRequestJson["client_id"]!.ToString();

string clientId;
string clientIdScheme;
if (SupportedClientIdSchemes.Exists(supportedClientIdScheme => authorizationRequestClientId.StartsWith($"{supportedClientIdScheme}:")))
{
clientIdScheme = authorizationRequestClientId.Split(':')[0];
clientId = authorizationRequestClientId.Split(':')[1];
}
else
{
clientIdScheme = authorizationRequestJson["client_id_scheme"]!.ToString();
clientId = authorizationRequestClientId;
}

return
responseType == VpToken
Expand Down
Loading