Skip to content

Commit

Permalink
feat: dpop retry mechanisms
Browse files Browse the repository at this point in the history
  • Loading branch information
auer-martin committed Jul 30, 2024
1 parent 7a656c8 commit f250d57
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 8 deletions.
16 changes: 10 additions & 6 deletions packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ import {
PARMode,
post,
EndpointMetadataResult,
DPoPResponseParams,
} from '@sphereon/oid4vci-common'

Check failure on line 73 in packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts

View workflow job for this annotation

GitHub Actions / Validate

Unable to resolve path to module '@sphereon/oid4vci-common'

import { OpenId4VciCredentialFormatProfile } from '../shared'
Expand Down Expand Up @@ -313,7 +314,7 @@ export class OpenId4VciHolderService {
const { metadata, credentialOfferRequestWithBaseUrl } = resolvedCredentialOffer

// acquire the access token
let accessTokenResponse: OpenIDResponse<AccessTokenResponse>
let accessTokenResponse: OpenIDResponse<AccessTokenResponse, DPoPResponseParams>

const accessTokenClient = new AccessTokenClient()

Expand Down Expand Up @@ -354,7 +355,10 @@ export class OpenId4VciHolderService {

this.logger.debug('Requested OpenId4VCI Access Token.')

return { ...accessTokenResponse.successBody, ...(dpopJwk && { dpop: { dpopJwk: dpopJwk } }) }
return {
...accessTokenResponse.successBody,
...(dpopJwk && { dpop: { dpopJwk: dpopJwk, dpopNonce: accessTokenResponse.params?.dpop?.dpopNonce } }),
}
}

public async acceptCredentialOffer(
Expand All @@ -365,7 +369,7 @@ export class OpenId4VciHolderService {
resolvedAuthorizationRequestWithCode?: OpenId4VciResolvedAuthorizationRequestWithCode
accessToken?: string
cNonce?: string
dpop?: { dpopJwk: Jwk }
dpop?: { dpopJwk: Jwk; dpopNonce?: string }
}
) {
const { resolvedCredentialOffer, acceptCredentialOfferOptions } = options
Expand Down Expand Up @@ -410,7 +414,7 @@ export class OpenId4VciHolderService {
? {
access_token: options.accessToken,
c_nonce: options.cNonce,
...(options.dpop && { dpop: { dpopJwk: options.dpop.dpopJwk } }),
...(options.dpop && { dpop: { dpopJwk: options.dpop.dpopJwk, dpopNonce: options.dpop?.dpopNonce } }),
}
: await this.requestAccessToken(agentContext, tokenRequestOptions)

Expand Down Expand Up @@ -484,7 +488,7 @@ export class OpenId4VciHolderService {

createDpopOpts = {
jwtIssuer: { alg: alg as unknown as SigningAlgo, jwk: jwk.toJson() },
jwtPayloadProps: { accessToken: options.accessToken },
jwtPayloadProps: { accessToken: tokenResponse.access_token, nonce: tokenResponse.dpop?.dpopNonce },
createJwtCallback: getCreateJwtCallback(agentContext),
}
}
Expand Down Expand Up @@ -690,7 +694,7 @@ export class OpenId4VciHolderService {

private async handleCredentialResponse(
agentContext: AgentContext,
credentialResponse: OpenIDResponse<CredentialResponse>,
credentialResponse: OpenIDResponse<CredentialResponse, DPoPResponseParams>,
options: {
verifyCredentialStatus: boolean
credentialIssuerMetadata: OpenId4VciIssuerMetadata
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,11 @@ export type OpenId4VciNotificationEvent = 'credential_accepted' | 'credential_fa

export type OpenId4VciTokenResponse = Pick<AccessTokenResponse, 'access_token' | 'c_nonce'>

export type OpenId4VciRequestTokenResponse = { accessToken: string; cNonce?: string; dpop?: { dpopJwk: Jwk } }
export type OpenId4VciRequestTokenResponse = {
accessToken: string
cNonce?: string
dpop?: { dpopJwk: Jwk; dpopNonce?: string }
}

export interface OpenId4VciCredentialResponse {
credential: VerifiableCredential
Expand Down Expand Up @@ -112,7 +116,7 @@ export interface OpenId4VciCredentialRequestOptions extends Omit<OpenId4VciAccep
resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer
accessToken: string
cNonce?: string
dpop?: { dpopJwk: Jwk }
dpop?: { dpopJwk: Jwk; dpopNonce?: string }
}
/**
* Options that are used to accept a credential offer for both the pre-authorized code flow and authorization code flow.
Expand Down

0 comments on commit f250d57

Please sign in to comment.