Skip to content

Commit

Permalink
fix: add kid to verifiable credential header (#3606)
Browse files Browse the repository at this point in the history
  • Loading branch information
hperl authored Aug 16, 2023
1 parent 330530d commit 9f1c8d1
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 2 deletions.
10 changes: 8 additions & 2 deletions oauth2/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -1340,8 +1340,14 @@ func (h *Handler) createVerifiableCredential(w http.ResponseWriter, r *http.Requ
"id": fmt.Sprintf("did:jwk:%s", base64.RawURLEncoding.EncodeToString(proofJWKJSON)),
},
})

rawToken, _, err := h.r.OpenIDJWTStrategy().Generate(ctx, session.Claims.ToMapClaims(), jwt.NewHeaders())
signingKeyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(ctx)
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
return
}
headers := jwt.NewHeaders()
headers.Add("kid", signingKeyID)
rawToken, _, err := h.r.OpenIDJWTStrategy().Generate(ctx, session.Claims.ToMapClaims(), headers)
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
return
Expand Down
13 changes: 13 additions & 0 deletions oauth2/oauth2_auth_code_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
Expand Down Expand Up @@ -1164,6 +1165,18 @@ func assertCreateVerifiableCredential(t *testing.T, reg driver.Registry, nonce s
func assertVerifiableCredentialContainsPublicKey(t *testing.T, reg driver.Registry, vc *hydraoauth2.VerifiableCredentialResponse, pubKeyJWK *jose.JSONWebKey) {
ctx := context.Background()
token, err := jwt.Parse(vc.Credential, func(token *jwt.Token) (interface{}, error) {
kid, found := token.Header["kid"]
if !found {
return nil, errors.New("missing kid header")
}
openIDKey, err := reg.OpenIDJWTStrategy().GetPublicKeyID(ctx)
if err != nil {
return nil, err
}
if kid != openIDKey {
return nil, errors.New("invalid kid header")
}

return x.Must(reg.OpenIDJWTStrategy().GetPublicKey(ctx)).Key, nil
})
require.NoError(t, err)
Expand Down

0 comments on commit 9f1c8d1

Please sign in to comment.